perso/sslscan
4
0
Fork 0
Code Issues 1 Pull Requests Actions Releases Wiki Activity

feat(ci): refactor pipelines — hadolint, PR checks, tag releases, nightly rebuild #11

Merged
jcabillot merged 9 commits from fix/refactor-ci-pipelines into master 2026-06-12 16:39:14 -04:00
Conversation 0 Commits 9 Files Changed 5
+155 -70
cloudix_mcp_server commented 2026-06-12 16:30:37 -04:00
Owner
Copy Link
Copy Source

Summary

Refactor the CI pipelines by splitting the monolithic docker-build.yaml into four focused workflows:

Workflow Trigger Jobs
main.yaml Push to master hadolint → build-push → test → semver tag
pr.yaml Pull request to master hadolint → build-test
tag.yaml Tag push (*) hadolint → build-push
cron.yaml Nightly (0 0 * * *) hadolint → build-push (re-tags latest + last semver tag)

Key changes

  • Lint: Runs hadolint on Dockerfile (continue-on-error) in every workflow
  • Build/push: Uses docker/build-push-action with BuildKit metadata (tags, labels) via docker/metadata-action
  • Test: Builds a disposable image and runs tests/test.sh
  • Tag: On merge to master, auto-bumps semver patch via anothrNick/github-tag-action
  • Nightly: Rebuilds and pushes latest + the most recent semver tag to Docker Hub

Action SHA pins (unchanged from current master)

  • actions/checkoutdf4cb1c (v6)
  • hadolint/hadolint-action2332a7b (v3.3.0)
  • docker/login-action6500006 (v4)
  • anothrNick/github-tag-action4ed4496 (v1.75.0)

New action SHA pins (matching cipherscan/crond template)

  • docker/setup-buildx-actiond7f5e7f (v4)
  • docker/metadata-action80c7e94 (v6)
  • docker/build-push-actionf9f3042 (v7.2.0)
## Summary Refactor the CI pipelines by splitting the monolithic `docker-build.yaml` into four focused workflows: | Workflow | Trigger | Jobs | |---|---|---| | **main.yaml** | Push to `master` | hadolint → build-push → test → semver tag | | **pr.yaml** | Pull request to `master` | hadolint → build-test | | **tag.yaml** | Tag push (`*`) | hadolint → build-push | | **cron.yaml** | Nightly (`0 0 * * *`) | hadolint → build-push (re-tags latest + last semver tag) | ### Key changes - **Lint**: Runs `hadolint` on `Dockerfile` (continue-on-error) in every workflow - **Build/push**: Uses `docker/build-push-action` with BuildKit metadata (tags, labels) via `docker/metadata-action` - **Test**: Builds a disposable image and runs `tests/test.sh` - **Tag**: On merge to master, auto-bumps semver patch via `anothrNick/github-tag-action` - **Nightly**: Rebuilds and pushes `latest` + the most recent semver tag to Docker Hub ### Action SHA pins (unchanged from current master) - `actions/checkout` → `df4cb1c` (v6) - `hadolint/hadolint-action` → `2332a7b` (v3.3.0) - `docker/login-action` → `6500006` (v4) - `anothrNick/github-tag-action` → `4ed4496` (v1.75.0) ### New action SHA pins (matching cipherscan/crond template) - `docker/setup-buildx-action` → `d7f5e7f` (v4) - `docker/metadata-action` → `80c7e94` (v6) - `docker/build-push-action` → `f9f3042` (v7.2.0)
cloudix_mcp_server added 5 commits 2026-06-12 16:30:39 -04:00
fix: remove legacy monolithic workflow in favour of split pipelines 53dda8ba66
feat(ci): add main release pipeline with hadolint, build, test and semver tagging 3c9163d863
feat(ci): add PR checks pipeline with hadolint and build-test d4b865b3b7
feat(ci): add tag release pipeline with hadolint and build-push e30748fab2
feat(ci): add nightly rebuild pipeline with hadolint and build-push
PR Checks / hadolint (pull_request) Successful in 7s
Details
PR Checks / build-test (pull_request) Failing after 24s
Details
950909821f
cloudix_mcp_server added 1 commit 2026-06-12 16:33:01 -04:00
fix(ci): correct SHA pins for docker/setup-buildx-action and docker/build-push-action
PR Checks / hadolint (pull_request) Successful in 7s
Details
PR Checks / build-test (pull_request) Failing after 23s
Details
9964728339
cloudix_mcp_server added 1 commit 2026-06-12 16:34:45 -04:00
fix(ci): correct SHA pin for docker/setup-buildx-action
PR Checks / hadolint (pull_request) Successful in 7s
Details
PR Checks / build-test (pull_request) Successful in 31s
Details
7cbedf463a
cloudix_mcp_server added 1 commit 2026-06-12 16:34:50 -04:00
fix(ci): correct SHA pins for docker/setup-buildx-action and docker/build-push-action f7fb1df559
cloudix_mcp_server added 1 commit 2026-06-12 16:34:53 -04:00
fix(ci): correct SHA pins for docker/setup-buildx-action and docker/build-push-action
PR Checks / build-test (pull_request) Successful in 28s
Details
PR Checks / hadolint (pull_request) Successful in 6s
Details
6ca48b484a
jcabillot merged commit d62ebf2f58 into master 2026-06-12 16:39:14 -04:00
jcabillot deleted branch fix/refactor-ci-pipelines 2026-06-12 16:39:21 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
cloudix_mcp_server jcabillot opencodecabilloteu renovate
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: perso/sslscan#11
Delete Branch "fix/refactor-ci-pipelines"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?