Update SECURITY.md (#93) #50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow builds and pushes a new version of the build container image | |
# when the tools directory changes on main. Edit tools/Dockerfile. | |
# | |
# This workflow does not push a new image until it is merged, so tests that | |
# depend on changes in this image will not pass until this workflow succeeds. | |
# For that reason, changes here should be done in a separate PR in advance of | |
# work that depends on them. | |
# | |
# To build the test image locally, run: | |
# make docker-test-image | |
name: Docker testing image | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
tags: | |
- "v[0-9]+.[0-9]+.[0-9]+" # Push events to matching v*, i.e. v1.0, v20.15.10 | |
- "v[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+" # e.g. v0.37.0-alpha.1, v0.38.0-alpha.10 | |
- "v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+" # e.g. v0.37.0-beta.1, v0.38.0-beta.10 | |
- "v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+" # e.g. v0.37.0-rc1, v0.38.0-rc10 | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Prepare | |
id: prep | |
run: | | |
DOCKER_IMAGE=cometbft/cometbft-db-testing | |
VERSION=noop | |
if [[ $GITHUB_REF == refs/tags/* ]]; then | |
VERSION=${GITHUB_REF#refs/tags/} | |
elif [[ $GITHUB_REF == refs/heads/* ]]; then | |
VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') | |
if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then | |
VERSION=latest | |
fi | |
fi | |
TAGS="${DOCKER_IMAGE}:${VERSION}" | |
if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then | |
TAGS="$TAGS,${DOCKER_IMAGE}:${VERSION}" | |
fi | |
echo "tags=${TAGS}" >> $GITHUB_OUTPUT | |
- name: Set up Docker Build | |
uses: docker/[email protected] | |
- name: Login to DockerHub | |
uses: docker/[email protected] | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Publish to Docker Hub | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./tools | |
file: ./tools/Dockerfile | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.prep.outputs.tags }} |