bump version number v0.3.2 (#71) #9

Workflow file for this run

	name: Docker Build & Test

	on:
	push:
	branches: ["main"]
	# Build on version tags
	tags: ["v*"]
	pull_request:
	branches: ["*"]
	workflow_dispatch:

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: ${{ github.repository }}

	jobs:
	build:
	name: Build Docker Image
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	outputs:
	image-tag: ${{ steps.meta.outputs.tags }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@v6

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Log in to Container Registry
	if: github.event_name != 'pull_request'
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Extract metadata
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	tags: \|
	type=ref,event=branch
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=sha

	- name: Build and push Docker image
	uses: docker/build-push-action@v5
	with:
	context: .
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	cache-from: type=gha
	cache-to: type=gha,mode=max

	test:
	name: Test Docker Image
	needs: build
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v6

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build Docker image (test)
	uses: docker/build-push-action@v5
	with:
	context: .
	push: false
	load: true
	tags: sw-metadata-bot:test
	cache-from: type=gha

	- name: Test - Show help
	run: \|
	docker run --rm sw-metadata-bot:test

	- name: Test - Check CLI commands
	run: \|
	docker run --rm sw-metadata-bot:test uv run sw-metadata-bot verify-tokens --help
	docker run --rm sw-metadata-bot:test uv run sw-metadata-bot run-analysis --help
	docker run --rm sw-metadata-bot:test uv run sw-metadata-bot publish --help

	- name: Test - Health check
	run: \|
	docker run --rm sw-metadata-bot:test /bin/sh -c 'uv run sw-metadata-bot --help > /dev/null && echo "Health check passed"'

	- name: Inspect image metadata
	run: \|
	echo "=== Image Info ==="
	docker inspect sw-metadata-bot:test \| jq '.[0] \| {Config: .Config, Architecture: .Architecture, SizeMB: (.Size / 1024 / 1024)}'

	- name: Inspect image size
	run: \|
	SIZE=$(docker image inspect sw-metadata-bot:test --format='{{json .Size}}' \| jq '. / 1024 / 1024 \| floor')
	echo "Image size: ${SIZE}MB"
	if [ "$SIZE" -gt 500 ]; then
	echo "WARNING: Image size larger than expected (${SIZE}MB > 500MB)"
	fi

	security:
	name: Security Scan
	needs: build
	runs-on: ubuntu-latest
	if: github.event_name != 'pull_request'
	steps:
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
	format: 'sarif'
	output: 'trivy-results.sarif'
	continue-on-error: true

	- name: Upload Trivy results to GitHub Security
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results.sarif'
	continue-on-error: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bump version number v0.3.2 (#71) #9

Workflow file

bump version number v0.3.2 (#71) #9

Uh oh!

Workflow file for this run