diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 51c53f3..98596e5 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,12 +4,6 @@ updates: directory: "/" schedule: interval: "daily" - cooldown: - default-days: 2 - groups: - crazy-max-dot-github: - patterns: - - "crazy-max/.github/*" labels: - "dependencies" - "bot" @@ -17,8 +11,6 @@ updates: directory: "/" schedule: interval: "daily" - cooldown: - default-days: 2 versioning-strategy: "increase" allow: - dependency-type: "production" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cdde4bd..aed74bf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,8 +1,5 @@ name: ci -permissions: - contents: read - concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true @@ -25,7 +22,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up QEMU id: qemu @@ -48,7 +45,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up QEMU id: qemu @@ -65,7 +62,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Stop docker run: | @@ -95,7 +92,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up QEMU id: qemu @@ -119,7 +116,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Set up QEMU uses: ./ diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 843bacd..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: codeql - -permissions: - contents: read - -on: - push: - branches: - - 'master' - - 'releases/v*' - pull_request: - -env: - NODE_VERSION: "24" - -jobs: - analyze: - runs-on: ubuntu-latest - permissions: - contents: read - security-events: write - steps: - - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - - name: Enable corepack - run: | - corepack enable - yarn --version - - - name: Set up Node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 - with: - node-version: ${{ env.NODE_VERSION }} - - - name: Initialize CodeQL - uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 - with: - languages: javascript-typescript - build-mode: none - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 - with: - category: "/language:javascript-typescript" diff --git a/.github/workflows/pr-assign-author.yml b/.github/workflows/pr-assign-author.yml index 065b229..f56fa03 100644 --- a/.github/workflows/pr-assign-author.yml +++ b/.github/workflows/pr-assign-author.yml @@ -4,14 +4,14 @@ permissions: contents: read on: - pull_request_target: # zizmor: ignore[dangerous-triggers] safe to use without checkout + pull_request_target: types: - opened - reopened jobs: run: - uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@d89fe92d808a15e2b2ed5cdb62db7c172c31410d # v1.6.0 + uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf permissions: contents: read pull-requests: write diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 57635a7..edad97f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,12 +1,5 @@ name: publish -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - on: release: types: @@ -22,7 +15,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Publish - uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4 + uses: actions/publish-immutable-action@v0.0.4 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2fc36be..2ca98b1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,8 +1,5 @@ name: test -permissions: - contents: read - concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true @@ -20,16 +17,16 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - name: Test - uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0 + uses: docker/bake-action@v6 with: source: . targets: test - name: Upload coverage - uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 + uses: codecov/codecov-action@v5 with: files: ./coverage/clover.xml token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/update-dist.yml b/.github/workflows/update-dist.yml index 0d0f65f..744588f 100644 --- a/.github/workflows/update-dist.yml +++ b/.github/workflows/update-dist.yml @@ -1,12 +1,5 @@ name: update-dist -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - on: pull_request: types: @@ -15,27 +8,27 @@ on: jobs: update-dist: - if: github.actor == 'dependabot[bot]' && github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name + if: github.actor == 'dependabot[bot]' runs-on: ubuntu-latest steps: - name: GitHub auth token from GitHub App id: docker-read-app - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 + uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }} private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }} owner: docker - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 with: ref: ${{ github.event.pull_request.head.ref }} fetch-depth: 0 - token: ${{ steps.docker-read-app.outputs.token }} + token: ${{ steps.docker-read-app.outputs.token || github.token }} - name: Build - uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0 + uses: docker/bake-action@v6 with: source: . targets: build diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 2657986..ae6f92e 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -1,8 +1,5 @@ name: validate -permissions: - contents: read - concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true @@ -18,15 +15,15 @@ jobs: prepare: runs-on: ubuntu-latest outputs: - matrix: ${{ steps.generate.outputs.matrix }} + targets: ${{ steps.generate.outputs.targets }} steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 - - name: Generate matrix + name: List targets id: generate - uses: docker/bake-action/subaction/matrix@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0 + uses: docker/bake-action/subaction/list-targets@v6 with: target: validate @@ -37,10 +34,10 @@ jobs: strategy: fail-fast: false matrix: - include: ${{ fromJson(needs.prepare.outputs.matrix) }} + target: ${{ fromJson(needs.prepare.outputs.targets) }} steps: - name: Validate - uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0 + uses: docker/bake-action@v6 with: targets: ${{ matrix.target }} diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml deleted file mode 100644 index 18cfcf6..0000000 --- a/.github/workflows/zizmor.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: zizmor - -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -on: - workflow_dispatch: - push: - branches: - - 'master' - - 'releases/v*' - tags: - - 'v*' - pull_request: - -jobs: - zizmor: - uses: crazy-max/.github/.github/workflows/zizmor.yml@d89fe92d808a15e2b2ed5cdb62db7c172c31410d # v1.6.0 - permissions: - contents: read - security-events: write - with: - min-severity: medium - min-confidence: medium - persona: pedantic diff --git a/.github/zizmor.yml b/.github/zizmor.yml deleted file mode 100644 index 6415720..0000000 --- a/.github/zizmor.yml +++ /dev/null @@ -1,3 +0,0 @@ -rules: - secrets-outside-env: # FIXME: remove this rule when zizmor 1.24.0 is released, fixing the right persona attached to this rule: https://github.com/zizmorcore/zizmor/pull/1783 - disable: true diff --git a/README.md b/README.md index e94aeeb..254e3c4 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ GitHub Action to install [QEMU](https://github.com/qemu/qemu) static binaries. ___ * [Usage](#usage) + * [Multi-platform build example](#multi-platform-build-example) * [Customizing](#customizing) * [inputs](#inputs) * [outputs](#outputs) @@ -48,6 +49,43 @@ jobs: > uses: docker/setup-buildx-action@v4 > ``` +### Multi-platform build example + +The following example shows how to use this action to build and push a multi-platform image for `linux/amd64` and `linux/arm64` using [Buildx](https://github.com/docker/buildx): + +```yaml +name: ci + +on: + push: + branches: + - 'main' + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - + name: Set up QEMU + uses: docker/setup-qemu-action@v4 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v4 + - + name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push + uses: docker/build-push-action@v6 + with: + push: true + tags: user/app:latest + platforms: linux/amd64,linux/arm64 +``` + ## Customizing ### inputs