username/esp32-hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity

feat: Push firmware to Harbor for Trivy scanning
Some checks failed
Lint & Build / Security Flaw Analysis (push) Successful in 16s
Details
Lint & Build / Secret Scanning (push) Successful in 5s
Details
Lint & Build / C/C++ Static Analysis (push) Failing after 34s
Details
Lint & Build / Build Firmware (push) Has been skipped
Details

Browse Source 
Add crane-based OCI image push step to CI workflow.
Packages firmware binary into scratch image and pushes to
harbor.mymx.me/library/firmware:<sha> on every build.
Tag pushes also get a version tag. Harbor auto-scans with Trivy.
This commit is contained in:
user
2026-02-14 23:03:27 +01:00
parent c76c1ee61b
commit c895f52151
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
.gitea/workflows/lint.yml
View File

@@ -90,6 +90,29 @@ jobs:
cd get-started/csi_recv_router
idf.py size-components 2>/dev/null | head -30
- name: Push to Harbor
run: |
CRANE_VERSION="v0.20.3"
curl -sL "https://github.com/google/go-containerregistry/releases/download/${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz" \
| tar xz -C /usr/local/bin crane
BIN="get-started/csi_recv_router/build/csi_recv_router.bin"
TAG=$(echo "${{ github.sha }}" | cut -c1-7)
IMAGE="harbor.mymx.me/library/firmware"
crane auth login harbor.mymx.me \
-u "${{ secrets.HARBOR_USER }}" \
-p "${{ secrets.HARBOR_PASS }}"
tar cf /tmp/firmware.tar -C "$(dirname "$BIN")" "$(basename "$BIN")"
crane append -f /tmp/firmware.tar -t "$IMAGE:$TAG"
if [ "${{ github.ref_type }}" = "tag" ]; then
crane tag "$IMAGE:$TAG" "${{ github.ref_name }}"
fi
echo "Pushed $IMAGE:$TAG"
- name: Create release
if: startsWith(github.ref, 'refs/tags/v')
run: |