chore: Clean up and publish to ghcr.io (#58)

.github/workflows/ci.yml

@@ -11,13 +11,11 @@ env:
 jobs:
  build:
  runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: read
  steps:
  - uses: actions/checkout@master
-
- - name: Set up java for tests execution
- uses: actions/setup-java@v1
- with:
- java-version: 11
 
  - name: Set tag var
  id: vars
@@ -31,9 +29,6 @@ jobs:
 
  - name: Test Docker image
  run: cd tests && sudo gradle test --info -Dimage_tag=${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
-
- - name: Scan with Phonito Security
- uses: phonito/phonito-scanner-action@master
- with:
- image: ${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
- phonito-token: '${{ secrets.PHONITO_TOKEN }}' 
+ env: # To allow downloading packages
+ GITHUB_USERNAME: ${{ github.actor }}
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/ci_cd.yml

@@ -10,16 +10,14 @@ env:
 jobs:
  build:
  runs-on: ubuntu-latest
+ permissions:
+ contents: write # To add version tags
+ packages: write # To push docker image
  steps:
  - uses: actions/checkout@master
 
- - name: Set up java for tests execution
- uses: actions/setup-java@v1
- with:
- java-version: 11
-
  - name: "Determine release version"
- uses: codfish/semantic-release-action@master
+ uses: docker:https://ghcr.io/codfish/semantic-release-action:v1.9.0
  env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -29,7 +27,11 @@ jobs:
  - name: "Build Docker image"
  if: env.RELEASE_VERSION != ''
  run: |
- docker build . -t "$IMAGE_NAME:$RELEASE_VERSION" \
+ docker build . \
+ --tag "$IMAGE_NAME:$RELEASE_VERSION" \
+ --tag "$IMAGE_NAME:latest" \
+ --tag "ghcr.io/$IMAGE_NAME:$RELEASE_VERSION" \
+ --tag "ghcr.io/$IMAGE_NAME:latest" \
  --label "org.label-schema.schema-version=1.0" \
  --label "org.label-schema.vcs-ref=${GITHUB_SHA}" \
  --label "org.label-schema.vcs-url=https://github.com/${GITHUB_REPOSITORY}" \
@@ -41,29 +43,18 @@ jobs:
  - name: Test Docker image
  if: env.RELEASE_VERSION != ''
  run: cd tests && sudo gradle test -Dimage_tag=${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
-
- - name: Scan with Phonito Security
- if: env.RELEASE_VERSION != ''
- uses: phonito/phonito-scanner-action@master
- with:
- image: ${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
- phonito-token: '${{ secrets.PHONITO_TOKEN }}'
-
- - name: "Tag image as latest"
- if: env.RELEASE_VERSION != ''
- run: "docker tag $IMAGE_NAME:$RELEASE_VERSION $IMAGE_NAME:latest"
+ env: # To allow downloading packages
+ GITHUB_USERNAME: ${{ github.actor }}
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+ # DockerHub
  - name: "Log into Docker Hub"
  if: env.RELEASE_VERSION != ''
  run: "echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login --username ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin"
 
- - name: "Push versioned image"
+ - name: "Push to DockerHub"
  if: env.RELEASE_VERSION != ''
- run: "docker push $IMAGE_NAME:$RELEASE_VERSION"
-
- - name: "Push latest image"
- if: env.RELEASE_VERSION != ''
- run: "docker push $IMAGE_NAME:latest"
+ run: "docker push $IMAGE_NAME:$RELEASE_VERSION && docker push $IMAGE_NAME:latest"
 
  - name: "Update Docker Hub description"
  if: env.RELEASE_VERSION != ''
@@ -72,4 +63,12 @@ jobs:
  DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
  DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
  DOCKERHUB_REPOSITORY: ${{ env.IMAGE_NAME }}
-
+
+ # GitHub Packages
+ - name: "Log into GitHub Packages"
+ if: env.RELEASE_VERSION != ''
+ run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+ - name: "Push to GitHub Packages"
+ if: env.RELEASE_VERSION != ''
+ run: "docker push ghcr.io/$IMAGE_NAME:$RELEASE_VERSION && docker push ghcr.io/$IMAGE_NAME:latest"

README.md

@@ -3,7 +3,6 @@
 [![](https://badgen.net/docker/size/homecentr/swarm-local-network-connector)](https://hub.docker.com/repository/docker/homecentr/swarm-local-network-connector)
 
 ![CI/CD on master](https://github.com/homecentr/docker-swarm-local-network-connector/workflows/CI/CD%20on%20master/badge.svg)
-![Regular Docker image vulnerability scan](https://github.com/homecentr/docker-swarm-local-network-connector/workflows/Regular%20Docker%20image%20vulnerability%20scan/badge.svg)
 
 # HomeCentr - swarm-local-network-connector
 Connector process which monitors for newly created containers and connectes them to the network specified in the label. This is a workaround to solve the problem when Docker Swarm does not pass explicit IP address when connecting container to a macvlan network or other local scoped network drivers.

SECURITY.md

@@ -10,6 +10,6 @@ Known security issues will be published in GitHub repository's Security / Securi
 
 ## Automated processes
 
-The Docker image is scanned for vulnerabilities every 24 hours using [Phonito.io](https://phonito.io/?b=a). You can see the scan status under the actions tab / Regular Docker image vulnerability scan.
+The Docker image is regularly scanned for vulnerabilities with [Snyk.io](https://snyk.io/).
 
 The dependencies are automatically scanned using [Dependabot](https://dependabot.com/). Dependencies are regularly updated. You can check for pending dependency updates by listing open Pull requests with the "dependencies" label.

tests/build.gradle

@@ -13,7 +13,7 @@ repositories {
 
 dependencies {
  testImplementation group: 'junit', name: 'junit', version: '4.13.2'
- testImplementation "org.testcontainers:testcontainers:1.15.3"
+ testImplementation group: 'org.testcontainers', name: 'testcontainers', version: '1.15.3'
  testImplementation group: 'org.slf4j', name: 'slf4j-api', version: '1.7.30'
  testImplementation group: 'org.slf4j', name: 'slf4j-simple', version: '1.7.30'
 }