docker-php/Taskfile.yml at main · ToshY/docker-php · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
version: '3'

env:
  JQ: docker run --rm -i ghcr.io/jqlang/jq:1.8.1

tasks:
  default:
    cmds:
      - task --list

  # mkdocs
  mkdocs:
    desc: MkDocs build
    cmds:
      - docker run --rm -it -v ${PWD}:/docs ghcr.io/squidfunk/mkdocs-material:9.7 build

  mkdocs:live:
    desc: MkDocs development server
    vars:
      PORT: '{{.p | default "8002"}}'
    cmds:
      - docker run --rm -it -p {{.PORT}}:8000 -v ${PWD}:/docs ghcr.io/squidfunk/mkdocs-material:9.7

  # nektos/act
  act:push:
    desc: Test release
    cmds:
      - act push {{.CLI_ARGS}}

  act:push:version:
    desc: Test release for specific version
    summary: |
      Example:

      task act:push:version pv="8.5.2"
    vars:
      PHP_VERSIONS: '{{ .pv | default "8.5.2"}}'
    cmds:
      - act push --input version={{.PHP_VERSIONS}}

  act:job:prepare:
    desc: Act test "prepare" job
    cmds:
      - act -j prepare {{.CLI_ARGS}}

  act:job:build:
    desc: Act test "build" job
    cmds:
      - act -j build {{.CLI_ARGS}}

  act:job:merge:
    desc: Act test "merge" job
    cmds:
      - act -j merge {{.CLI_ARGS}}

  # buildx bake
  bake:
    desc: Bake
    vars:
      PHP_VERSIONS: '{{ .pv | default "8.2.30,8.3.30,8.4.17,8.5.2"}}'
    cmds:
      - PHP_VERSIONS={{.PHP_VERSIONS}} docker buildx bake --set *.platform=linux/amd64

  bake:print:
    desc: Bake print options without building
    vars:
      PHP_VERSIONS: '{{ .pv | default "8.2.30,8.3.30,8.4.17,8.5.2"}}'
    cmds:
      - PHP_VERSIONS={{.PHP_VERSIONS}} docker buildx bake --print | $JQ

  # trivy
  trivy:
    desc: Trivy
    vars:
      TRIVY_VERSION: '{{ .tv | default "latest" }}'
      PHP_BASE: '{{ .pv | default "8.5.2-fpm-trixie"}}'
      TARGET: '{{ .t | default "ffmpeg" }}'
    cmds:
      - |
        docker build \
        --build-context php-base=docker-image://php:{{.PHP_BASE}} \
        --target {{.TARGET}} \
        -t toshy/trivy:{{.PHP_BASE}} .
      - |
        docker run \
        -v /var/run/docker.sock:/var/run/docker.sock \
        aquasec/trivy:{{.TRIVY_VERSION}} image \
        --ignore-unfixed --severity CRITICAL,HIGH --exit-code 1 \
        toshy/trivy:{{.PHP_BASE}}