Merge pull request 'feat(ci): refactor pipelines — hadolint, PR checks, tag releases, nightly rebuild' (#11 ) from fix/refactor-ci-pipelines into master

Reviewed-on: #11
fix(ci): correct SHA pins for docker/setup-buildx-action and docker/build-push-action
2026-06-12 16:39:11 -04:00 · 2026-06-12 16:34:49 -04:00 · 2026-06-12 16:34:46 -04:00 · 2026-06-12 16:34:37 -04:00 · 2026-06-12 16:32:58 -04:00 · 2026-06-12 16:30:14 -04:00
5 changed files with 155 additions and 59 deletions
@@ -0,0 +1,42 @@
+name: Nightly Rebuild
+on:
+  schedule:
+    - cron: '0 0 * * *'
+jobs:
+  hadolint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+      - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
+        continue-on-error: true
+        with:
+          dockerfile: Dockerfile
+  build-push:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+        with:
+          fetch-depth: 0
+      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
+      - uses: docker/login-action@6500006c6eb7dba73a9955cc030b0b2d7f5ca915bee # v4
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - id: get-latest-tag
+        run: |
+          TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
+          echo "tag=$TAG" >> $GITHUB_OUTPUT
+      - id: meta
+        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
+        with:
+          images: jcabillot/sslscan
+          tags: |
+            type=raw,value=latest
+            type=raw,value=${{ steps.get-latest-tag.outputs.tag }},enable=${{ steps.get-latest-tag.outputs.tag != '' }}
+      - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          pull: true
@@ -1,59 +0,0 @@
-name: Docker Build and Push
-on:
-  push:
-    branches: [master]
-  pull_request:
-  schedule:
-    - cron: '30 3 * * 3'
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
-      - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        with:
-          dockerfile: Dockerfile
-  build:
-    runs-on: ubuntu-latest
-    needs: lint
-    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
-      - name: Build image
-        run: docker build -t ci-image:${{ github.sha }} .
-      - name: Save image
-        run: docker save ci-image:${{ github.sha }} -o image.tar
-      - uses: ChristopherHX/gitea-upload-artifact@62ac910c5d3dfa85c7cb2df15afe2e342b2407c2 # main
-        with:
-          name: docker-image
-          path: image.tar
-  test:
-    runs-on: ubuntu-latest
-    needs: build
-    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
-      - uses: ChristopherHX/gitea-download-artifact@75635f32b4c1c41c4b3d64e8f85210112ed4c9c7 # main
-        with:
-          name: docker-image
-      - name: Load image
-        run: docker load < image.tar
-      - name: Run tests
-        run: bash tests/test.sh ci-image:${{ github.sha }}
-  push:
-    runs-on: ubuntu-latest
-    needs: test
-    if: github.event_name != 'pull_request'
-    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
-      - uses: ChristopherHX/gitea-download-artifact@75635f32b4c1c41c4b3d64e8f85210112ed4c9c7 # main
-        with:
-          name: docker-image
-      - name: Load image
-        run: docker load < image.tar
-      - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Tag and push
-        run: |
-          docker tag ci-image:${{ github.sha }} jcabillot/sslscan:latest
-          docker push jcabillot/sslscan:latest
@@ -0,0 +1,58 @@
+name: Main Release
+on:
+  push:
+    branches: [master]
+jobs:
+  hadolint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+      - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
+        continue-on-error: true
+        with:
+          dockerfile: Dockerfile
+  build-push:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
+      - uses: docker/login-action@6500006c6eb7dba73a9955cc030b0b2d7f5ca915bee # v4
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - id: meta
+        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
+        with:
+          images: jcabillot/sslscan
+          tags: |
+            type=raw,value=latest
+      - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          pull: true
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
+      - run: docker build -t ci-image:${{ github.sha }} .
+      - run: bash tests/test.sh ci-image:${{ github.sha }}
+  tag:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+        with:
+          fetch-depth: 0
+      - name: Configure git auth
+        run: |
+          git remote set-url origin "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@scm.cabillot.eu/perso/sslscan.git"
+      - uses: anothrNick/github-tag-action@4ed44965e0db8dab2b466a16da04aec3cc312fd8 # v1.75.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DEFAULT_BUMP: patch
+          RELEASE_BRANCHES: master
+          WITH_V: true
+          GIT_API_TAGGING: false
@@ -0,0 +1,20 @@
+name: PR Checks
+on:
+  pull_request:
+    branches: [master]
+jobs:
+  hadolint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+      - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
+        continue-on-error: true
+        with:
+          dockerfile: Dockerfile
+  build-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
+      - run: docker build -t ci-image:${{ github.sha }} .
+      - run: bash tests/test.sh ci-image:${{ github.sha }}
@@ -0,0 +1,35 @@
+name: Tag Release
+on:
+  push:
+    tags: ['*']
+jobs:
+  hadolint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+      - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
+        continue-on-error: true
+        with:
+          dockerfile: Dockerfile
+  build-push:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
+      - uses: docker/login-action@6500006c6eb7dba73a9955cc030b0b2d7f5ca915bee # v4
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - id: meta
+        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
+        with:
+          images: jcabillot/sslscan
+          tags: |
+            type=ref,event=tag
+      - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          pull: true
Author	SHA1	Message	Date
jcabillot	d62ebf2f58	Merge pull request 'feat(ci): refactor pipelines — hadolint, PR checks, tag releases, nightly rebuild' (#11 ) from fix/refactor-ci-pipelines into master Main Release / hadolint (push) Successful in 8s Details Main Release / test (push) Successful in 13s Details Main Release / tag (push) Successful in 14s Details Main Release / build-push (push) Failing after 33s Details PR Checks / hadolint (pull_request) Successful in 7s Details PR Checks / build-test (pull_request) Successful in 15s Details Reviewed-on: #11	2026-06-12 16:39:11 -04:00
cloudix_mcp_server	6ca48b484a	fix(ci): correct SHA pins for docker/setup-buildx-action and docker/build-push-action PR Checks / build-test (pull_request) Successful in 28s Details PR Checks / hadolint (pull_request) Successful in 6s Details	2026-06-12 16:34:49 -04:00
cloudix_mcp_server	f7fb1df559	fix(ci): correct SHA pins for docker/setup-buildx-action and docker/build-push-action	2026-06-12 16:34:46 -04:00
cloudix_mcp_server	7cbedf463a	fix(ci): correct SHA pin for docker/setup-buildx-action PR Checks / hadolint (pull_request) Successful in 7s Details PR Checks / build-test (pull_request) Successful in 31s Details	2026-06-12 16:34:37 -04:00
cloudix_mcp_server	9964728339	fix(ci): correct SHA pins for docker/setup-buildx-action and docker/build-push-action PR Checks / hadolint (pull_request) Successful in 7s Details PR Checks / build-test (pull_request) Failing after 23s Details	2026-06-12 16:32:58 -04:00
cloudix_mcp_server	950909821f	feat(ci): add nightly rebuild pipeline with hadolint and build-push PR Checks / hadolint (pull_request) Successful in 7s Details PR Checks / build-test (pull_request) Failing after 24s Details	2026-06-12 16:30:14 -04:00
cloudix_mcp_server	e30748fab2	feat(ci): add tag release pipeline with hadolint and build-push	2026-06-12 16:30:05 -04:00
cloudix_mcp_server	d4b865b3b7	feat(ci): add PR checks pipeline with hadolint and build-test	2026-06-12 16:29:56 -04:00
cloudix_mcp_server	3c9163d863	feat(ci): add main release pipeline with hadolint, build, test and semver tagging	2026-06-12 16:29:50 -04:00
cloudix_mcp_server	53dda8ba66	fix: remove legacy monolithic workflow in favour of split pipelines	2026-06-12 16:29:29 -04:00
jcabillot	b1bca49947	Merge pull request 'ci: add automatic semver tagging on merge to master' (#10 ) from feat/semver-tag-action into master Docker Build and Push / lint (push) Successful in 7s Details Docker Build and Push / build (push) Successful in 1m2s Details Docker Build and Push / test (push) Successful in 13s Details Docker Build and Push / push (push) Failing after 26s Details Reviewed-on: #10	2026-06-12 13:44:01 -04:00
cloudix_mcp_server	ed28b51f0f	ci: add automatic semver tagging on merge to master Docker Build and Push / lint (pull_request) Successful in 7s Details Docker Build and Push / build (pull_request) Successful in 43s Details Docker Build and Push / test (pull_request) Successful in 15s Details Docker Build and Push / push (pull_request) Has been skipped Details	2026-06-12 13:18:54 -04:00