CI: Harden permissions (#22) #20

	name: build-container

	on:
	push:
	ignore_branches: [ no_test ]
	pull_request:
	ignore_branches: [ no_test ]

	permissions: {}

	jobs:

	build_container_scratch:

	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Run build_container to generate scratch image
	run: scripts/build_container -g scratch -e BASE_IMAGE=scratch

	build_container_params:

	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Run build_container to generate and image using kaniko
	run: scripts/build_container --tag kaniko --builder kaniko -t debug -e UID=1234 -e GID=5678

	- name: Load rabbitmq-dump-queue:kaniko image
	run: docker load -i image.tar

	- name: Test container ids
	run: docker run --rm --entrypoint= rabbitmq-dump-queue:kaniko /bin/id \| grep --color=always '1234' \| grep --color=always '5678'

	build_container_test:

	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Run scripts/test
	run: scripts/test

Provide feedback