diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index e256ede..f2abc9e 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -27,12 +27,11 @@ jobs: docker-compose build ${docker_base_image_type} done - for docker_hlds_game in $(ls image/games/hlds); do - docker-compose build ${docker_hlds_game} - done + docker_base_images_egrep=$(echo ${DOCKER_IMAGE_BASE_ORDER} | tr " " "|") + docker_game_images=$(docker-compose config --services | grep -Evw "(${docker_base_images_egrep})" | paste -sd " " -) - for docker_srcds_game in $(ls image/games/srcds); do - docker-compose build ${docker_srcds_game} + for docker_game_image in ${docker_game_images}; do + docker-compose build ${docker_game_image} done - name: Trivy CVE scan - base @@ -43,6 +42,14 @@ jobs: exit-code: '1' severity: 'CRITICAL,HIGH,MEDIUM,LOW' + - name: Trivy CVE scan - hlds + uses: aquasecurity/trivy-action@0.4.0 + with: + image-ref: "${{ env.REGISTRY_IMAGE }}:hlds" + format: 'table' + exit-code: '1' + severity: 'CRITICAL,HIGH,MEDIUM,LOW' + - name: Trivy CVE scan - srcds uses: aquasecurity/trivy-action@0.4.0 with: @@ -51,10 +58,10 @@ jobs: exit-code: '1' severity: 'CRITICAL,HIGH,MEDIUM,LOW' - - name: Trivy CVE scan - hlds + - name: Trivy CVE scan - games/hlds/hlmp uses: aquasecurity/trivy-action@0.4.0 with: - image-ref: "${{ env.REGISTRY_IMAGE }}:hlds" + image-ref: "${{ env.REGISTRY_IMAGE }}:hlmp" format: 'table' exit-code: '1' severity: 'CRITICAL,HIGH,MEDIUM,LOW' @@ -67,18 +74,50 @@ jobs: exit-code: '1' severity: 'CRITICAL,HIGH,MEDIUM,LOW' - - name: Trivy CVE scan - games/srcds/bms + - name: Trivy CVE scan - games/hlds/czero uses: aquasecurity/trivy-action@0.4.0 with: - image-ref: "${{ env.REGISTRY_IMAGE }}:bms" + image-ref: "${{ env.REGISTRY_IMAGE }}:czero" format: 'table' exit-code: '1' severity: 'CRITICAL,HIGH,MEDIUM,LOW' - - name: Trivy CVE scan - games/srcds/csgo + - name: Trivy CVE scan - games/hlds/dod uses: aquasecurity/trivy-action@0.4.0 with: - image-ref: "${{ env.REGISTRY_IMAGE }}:csgo" + image-ref: "${{ env.REGISTRY_IMAGE }}:dod" + format: 'table' + exit-code: '1' + severity: 'CRITICAL,HIGH,MEDIUM,LOW' + + - name: Trivy CVE scan - games/hlds/dmc + uses: aquasecurity/trivy-action@0.4.0 + with: + image-ref: "${{ env.REGISTRY_IMAGE }}:dmc" + format: 'table' + exit-code: '1' + severity: 'CRITICAL,HIGH,MEDIUM,LOW' + + - name: Trivy CVE scan - games/hlds/op4 + uses: aquasecurity/trivy-action@0.4.0 + with: + image-ref: "${{ env.REGISTRY_IMAGE }}:op4" + format: 'table' + exit-code: '1' + severity: 'CRITICAL,HIGH,MEDIUM,LOW' + + - name: Trivy CVE scan - games/hlds/tfc + uses: aquasecurity/trivy-action@0.4.0 + with: + image-ref: "${{ env.REGISTRY_IMAGE }}:tfc" + format: 'table' + exit-code: '1' + severity: 'CRITICAL,HIGH,MEDIUM,LOW' + + - name: Trivy CVE scan - games/srcds/bms + uses: aquasecurity/trivy-action@0.4.0 + with: + image-ref: "${{ env.REGISTRY_IMAGE }}:bms" format: 'table' exit-code: '1' severity: 'CRITICAL,HIGH,MEDIUM,LOW' @@ -91,6 +130,14 @@ jobs: exit-code: '1' severity: 'CRITICAL,HIGH,MEDIUM,LOW' + - name: Trivy CVE scan - games/srcds/csgo + uses: aquasecurity/trivy-action@0.4.0 + with: + image-ref: "${{ env.REGISTRY_IMAGE }}:csgo" + format: 'table' + exit-code: '1' + severity: 'CRITICAL,HIGH,MEDIUM,LOW' + - name: Trivy CVE scan - games/srcds/dods uses: aquasecurity/trivy-action@0.4.0 with: diff --git a/.github/workflows/docker-latest.yml b/.github/workflows/docker-latest.yml index 1532675..ddf8d7b 100644 --- a/.github/workflows/docker-latest.yml +++ b/.github/workflows/docker-latest.yml @@ -24,10 +24,15 @@ jobs: - name: Build all images run: | - docker_image_types="${DOCKER_IMAGE_BASE_ORDER} $(ls image/games/hlds) $(ls image/games/srcds)" + for docker_base_image_type in ${DOCKER_IMAGE_BASE_ORDER}; do + docker-compose build ${docker_base_image_type} + done - for docker_image_type in ${docker_image_types}; do - docker-compose build ${docker_image_type} + docker_base_images_egrep=$(echo ${DOCKER_IMAGE_BASE_ORDER} | tr " " "|") + docker_game_images=$(docker-compose config --services | grep -Evw "(${docker_base_images_egrep})" | paste -sd " " -) + + for docker_game_image in ${docker_game_images}; do + docker-compose build ${docker_game_image} done - name: Trivy CVE scan - base @@ -38,6 +43,14 @@ jobs: exit-code: '1' severity: 'CRITICAL,HIGH,MEDIUM,LOW' + - name: Trivy CVE scan - hlds + uses: aquasecurity/trivy-action@0.4.0 + with: + image-ref: "${{ env.REGISTRY_IMAGE }}:hlds" + format: 'table' + exit-code: '1' + severity: 'CRITICAL,HIGH,MEDIUM,LOW' + - name: Trivy CVE scan - srcds uses: aquasecurity/trivy-action@0.4.0 with: @@ -46,10 +59,10 @@ jobs: exit-code: '1' severity: 'CRITICAL,HIGH,MEDIUM,LOW' - - name: Trivy CVE scan - hlds + - name: Trivy CVE scan - games/hlds/hlmp uses: aquasecurity/trivy-action@0.4.0 with: - image-ref: "${{ env.REGISTRY_IMAGE }}:hlds" + image-ref: "${{ env.REGISTRY_IMAGE }}:hlmp" format: 'table' exit-code: '1' severity: 'CRITICAL,HIGH,MEDIUM,LOW' @@ -62,18 +75,50 @@ jobs: exit-code: '1' severity: 'CRITICAL,HIGH,MEDIUM,LOW' - - name: Trivy CVE scan - games/srcds/bms + - name: Trivy CVE scan - games/hlds/czero uses: aquasecurity/trivy-action@0.4.0 with: - image-ref: "${{ env.REGISTRY_IMAGE }}:bms" + image-ref: "${{ env.REGISTRY_IMAGE }}:czero" format: 'table' exit-code: '1' severity: 'CRITICAL,HIGH,MEDIUM,LOW' - - name: Trivy CVE scan - games/srcds/csgo + - name: Trivy CVE scan - games/hlds/dod uses: aquasecurity/trivy-action@0.4.0 with: - image-ref: "${{ env.REGISTRY_IMAGE }}:csgo" + image-ref: "${{ env.REGISTRY_IMAGE }}:dod" + format: 'table' + exit-code: '1' + severity: 'CRITICAL,HIGH,MEDIUM,LOW' + + - name: Trivy CVE scan - games/hlds/dmc + uses: aquasecurity/trivy-action@0.4.0 + with: + image-ref: "${{ env.REGISTRY_IMAGE }}:dmc" + format: 'table' + exit-code: '1' + severity: 'CRITICAL,HIGH,MEDIUM,LOW' + + - name: Trivy CVE scan - games/hlds/op4 + uses: aquasecurity/trivy-action@0.4.0 + with: + image-ref: "${{ env.REGISTRY_IMAGE }}:op4" + format: 'table' + exit-code: '1' + severity: 'CRITICAL,HIGH,MEDIUM,LOW' + + - name: Trivy CVE scan - games/hlds/tfc + uses: aquasecurity/trivy-action@0.4.0 + with: + image-ref: "${{ env.REGISTRY_IMAGE }}:tfc" + format: 'table' + exit-code: '1' + severity: 'CRITICAL,HIGH,MEDIUM,LOW' + + - name: Trivy CVE scan - games/srcds/bms + uses: aquasecurity/trivy-action@0.4.0 + with: + image-ref: "${{ env.REGISTRY_IMAGE }}:bms" format: 'table' exit-code: '1' severity: 'CRITICAL,HIGH,MEDIUM,LOW' @@ -86,6 +131,14 @@ jobs: exit-code: '1' severity: 'CRITICAL,HIGH,MEDIUM,LOW' + - name: Trivy CVE scan - games/srcds/csgo + uses: aquasecurity/trivy-action@0.4.0 + with: + image-ref: "${{ env.REGISTRY_IMAGE }}:csgo" + format: 'table' + exit-code: '1' + severity: 'CRITICAL,HIGH,MEDIUM,LOW' + - name: Trivy CVE scan - games/srcds/dods uses: aquasecurity/trivy-action@0.4.0 with: @@ -141,7 +194,7 @@ jobs: - name: Push latest images to registries run: | - docker_image_types="${DOCKER_IMAGE_BASE_ORDER} $(ls image/games/hlds) $(ls image/games/srcds)" + docker_image_types=$(docker-compose config --services | paste -sd " " -) for docker_image_type in ${docker_image_types}; do docker tag ${REGISTRY_IMAGE}:${docker_image_type} ${GHCR_PREFIX}/${REGISTRY_IMAGE}:${docker_image_type}-latest diff --git a/.github/workflows/docker-tag.yml b/.github/workflows/docker-tag.yml index 33fc5ae..23e94e3 100644 --- a/.github/workflows/docker-tag.yml +++ b/.github/workflows/docker-tag.yml @@ -38,7 +38,7 @@ jobs: - name: Push tagged images to registries run: | - docker_image_types="${DOCKER_IMAGE_BASE_ORDER} $(ls image/games/hlds) $(ls image/games/srcds)" + docker_image_types=$(docker-compose config --services | paste -sd " " -) for docker_image_type in ${docker_image_types}; do docker pull ${GHCR_PREFIX}/${REGISTRY_IMAGE}:${docker_image_type}-latest