Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
da120ee0be
|
|||
|
1673c569e6
|
|||
|
1aa9d6513c
|
40
.gitea/workflows/git-sync.yaml
Normal file
40
.gitea/workflows/git-sync.yaml
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
name: git-sync-with-mirror
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [ master ]
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
git-sync:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: git-sync
|
||||||
|
env:
|
||||||
|
git_sync_source_repo: git@git.fridu.us:heckyel/hyperbola-mirror.git
|
||||||
|
git_sync_destination_repo: ssh://git@c.fridu.us/containers/hyperbola-mirror.git
|
||||||
|
if: env.git_sync_source_repo && env.git_sync_destination_repo
|
||||||
|
uses: astounds/git-sync@v1
|
||||||
|
with:
|
||||||
|
source_repo: git@git.fridu.us:heckyel/hyperbola-mirror.git
|
||||||
|
source_branch: "master"
|
||||||
|
destination_repo: ssh://git@c.fridu.us/containers/hyperbola-mirror.git
|
||||||
|
destination_branch: "master"
|
||||||
|
source_ssh_private_key: ${{ secrets.GIT_SYNC_SOURCE_SSH_PRIVATE_KEY }}
|
||||||
|
destination_ssh_private_key: ${{ secrets.GIT_SYNC_DESTINATION_SSH_PRIVATE_KEY }}
|
||||||
|
|
||||||
|
- name: git-sync-sourcehut
|
||||||
|
env:
|
||||||
|
git_sync_source_repo: git@git.fridu.us:heckyel/hyperbola-mirror.git
|
||||||
|
git_sync_destination_repo: git@git.sr.ht:~heckyel/hyperbola-mirror
|
||||||
|
if: env.git_sync_source_repo && env.git_sync_destination_repo
|
||||||
|
uses: astounds/git-sync@v1
|
||||||
|
with:
|
||||||
|
source_repo: git@git.fridu.us:heckyel/hyperbola-mirror.git
|
||||||
|
source_branch: "master"
|
||||||
|
destination_repo: git@git.sr.ht:~heckyel/hyperbola-mirror
|
||||||
|
destination_branch: "master"
|
||||||
|
source_ssh_private_key: ${{ secrets.GIT_SYNC_SOURCE_SSH_PRIVATE_KEY }}
|
||||||
|
destination_ssh_private_key: ${{ secrets.GIT_SYNC_DESTINATION_SSH_PRIVATE_KEY }}
|
||||||
|
continue-on-error: true
|
||||||
@ -39,9 +39,18 @@ jobs:
|
|||||||
- name: Get Meta
|
- name: Get Meta
|
||||||
id: meta
|
id: meta
|
||||||
run: |
|
run: |
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Obtain the latest tag without considering commit information
|
||||||
LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null)
|
LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null)
|
||||||
COMMIT_HASH=$(git rev-parse --short HEAD)
|
|
||||||
TAG_AT_HEAD=$(git describe --tags --exact-match 2>/dev/null)
|
# Obtain the short hash of the current commit
|
||||||
|
COMMIT_HASH=$(git rev-parse --short HEAD 2>/dev/null)
|
||||||
|
|
||||||
|
# Check if the current commit is tagged exactly
|
||||||
|
TAG_AT_HEAD=$(git describe --tags --exact-match 2>/dev/null || true)
|
||||||
|
|
||||||
|
# If the commit has a tag, use it as the final version, stripping the 'v' prefix if present
|
||||||
if [ -n "$TAG_AT_HEAD" ]; then
|
if [ -n "$TAG_AT_HEAD" ]; then
|
||||||
FINAL_VERSION=${TAG_AT_HEAD#v}
|
FINAL_VERSION=${TAG_AT_HEAD#v}
|
||||||
else
|
else
|
||||||
@ -51,6 +60,16 @@ jobs:
|
|||||||
FINAL_VERSION="${LATEST_TAG#v}-g${COMMIT_HASH}"
|
FINAL_VERSION="${LATEST_TAG#v}-g${COMMIT_HASH}"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Error handling: Ensure that FINAL_VERSION is not empty
|
||||||
|
if [ -z "$FINAL_VERSION" ]; then
|
||||||
|
echo "Error: Unable to determine version." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Output the final version
|
||||||
|
echo "Final Version: $FINAL_VERSION"
|
||||||
|
|
||||||
echo "IMAGE_VERSION=${FINAL_VERSION}" >> $GITHUB_OUTPUT
|
echo "IMAGE_VERSION=${FINAL_VERSION}" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
- name: Build Docker image
|
- name: Build Docker image
|
||||||
@ -69,14 +88,13 @@ jobs:
|
|||||||
${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:v${{ steps.meta.outputs.IMAGE_VERSION }}
|
${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:v${{ steps.meta.outputs.IMAGE_VERSION }}
|
||||||
|
|
||||||
- name: Run Trivy vulnerability scanner
|
- name: Run Trivy vulnerability scanner
|
||||||
uses: aquasecurity/trivy-action@master
|
uses: astounds/trivy-action@v1
|
||||||
with:
|
with:
|
||||||
image-ref: ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest
|
image: ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest
|
||||||
|
severity: 'CRITICAL,HIGH'
|
||||||
|
pkg-types: 'os'
|
||||||
format: 'table'
|
format: 'table'
|
||||||
exit-code: '1'
|
exit-code: '1'
|
||||||
ignore-unfixed: true
|
|
||||||
vuln-type: 'os'
|
|
||||||
severity: 'CRITICAL,HIGH'
|
|
||||||
|
|
||||||
- name: Push Docker image
|
- name: Push Docker image
|
||||||
uses: docker/build-push-action@v6
|
uses: docker/build-push-action@v6
|
||||||
|
|||||||
@ -4,12 +4,14 @@ RUN pacman -Syu --noconfirm && pacman -S --noconfirm \
|
|||||||
nginx rsync cronie util-linux findutils && \
|
nginx rsync cronie util-linux findutils && \
|
||||||
pacman -Scc --noconfirm
|
pacman -Scc --noconfirm
|
||||||
|
|
||||||
RUN mkdir /srv/repo
|
# Create the /srv/repo directory to store repository data
|
||||||
|
RUN mkdir -p /srv/repo
|
||||||
|
|
||||||
COPY entrypoint.bash /
|
COPY entrypoint.bash /
|
||||||
RUN chmod u+x /entrypoint.bash
|
RUN chmod u+x /entrypoint.bash
|
||||||
|
# Define a mount point for the repository data
|
||||||
VOLUME /srv/repo
|
VOLUME /srv/repo
|
||||||
|
# Expose port 80 for the web server
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
|
|
||||||
ENTRYPOINT ["/entrypoint.bash"]
|
ENTRYPOINT ["/entrypoint.bash"]
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user