GithubHelp home page GithubHelp logo

wolfi-act's Introduction

wolfi-act

Dynamic GitHub Actions from Wolfi packages

Never worry again about installing your favorite tools using upstream "installer" actions or whatever is available in GitHub via apt-get.

This action builds an ephermeral container image from the latest Wolfi packages and runs your command inside of it.

Usage

Pass in packages with a comma-separated list of packages available in Wolfi, along with a command you wish to run.

- uses: wolfi-dev/wolfi-act@main
  with:
    packages: jq,cosign
    command: |
      jq --version
      cosign --version

Example: run a grype and trivy scan on an image

Source: grype-trivy-scan-example.yaml

# .github/workflows/grype-trivy-scan-example.yaml
on:
  push:
    branches:
      - main
  workflow_dispatch: {}
jobs:
  wolfi-act:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: wolfi-dev/wolfi-act@main
        with:
          packages: grype,trivy
          command: |
            set -x
            grype cgr.dev/chainguard/nginx
            trivy image cgr.dev/chainguard/nginx

Example: build, push, sign, and tag an image

Source: oci-image-push-sign-tag-example.yaml

# .github/workflows/oci-image-push-sign-tag-example.yaml
on:
  push:
    branches:
      - main
  workflow_dispatch: {}
jobs:
  wolfi-act:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      id-token: write # needed for GitHub  OIDC Token
    steps:
      - uses: actions/checkout@v3
      - uses: wolfi-dev/wolfi-act@main
        env:
          OCI_HOST: ghcr.io
          OCI_REPO: ${{ github.repository }}/wolfi-act-demo
          OCI_USER: ${{ github.repository_owner }}
          OCI_PASS: ${{ github.token }}
          OCI_TAG: latest
          APKO_ARCHS: x86_64,aarch64
          APKO_KEYS: https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
          APKO_REPOS: https://packages.wolfi.dev/os
          APKO_DEFAULT_CONF: https://raw.githubusercontent.com/chainguard-images/images/main/images/wolfi-base/configs/latest.apko.yaml
        with:
          packages: curl,apko,cosign,crane
          command: |
            set -x

            # Make sure repo has an apko.yaml file, otherwise use default
            if [[ ! -f apko.yaml ]]; then
              echo "Warning: no apko.yaml in repo, downloading from $APKO_DEFAULT_CONF"
              curl -sL -o apko.yaml $APKO_DEFAULT_CONF
            fi

            # Login to OCI registry
            apko login $OCI_HOST -u $OCI_USER -p $OCI_PASS

            # Publish image with apko and capture the index digest
            digest=$(apko publish --arch $APKO_ARCHS \
                       -k $APKO_KEYS -r $APKO_REPOS \
                       apko.yaml $OCI_HOST/$OCI_REPO)

            # Sign with cosign
            cosign sign --yes $digest

            # Lastly, tag the image with crane
            crane copy $digest $OCI_HOST/$OCI_REPO:$OCI_TAG

Example: run multiple versions of kubectl using build matrix

Source: multiple-versions-of-kubectl-example.yaml

# .github/workflows/multiple-versions-of-kubectl-example.yaml
on:
  push:
    branches:
      - main
  workflow_dispatch: {}
jobs:
  wolfi-act:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        wolfi_pkg_name_kubectl:
          - kubectl-1.24
          - kubectl-1.25
          - kubectl-1.26
          - kubectl # note: this is 1.27 or latest
    steps:
      - uses: actions/checkout@v3
      - uses: wolfi-dev/wolfi-act@main
        with:
          packages: ${{ matrix.wolfi_pkg_name_kubectl }}
          command: |
            set -x

            # Make a symlink when "kubectl" is not the name of the binary in the package
            if [[ "${{ matrix.wolfi_pkg_name_kubectl }}" != "kubectl" ]]; then
              ln -sf /usr/bin/${{ matrix.wolfi_pkg_name_kubectl }} /usr/bin/kubectl
            fi

            kubectl version --client

wolfi-act's People

Contributors

jdolitsky avatar cpanato avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.