Proposed changes
Port the UBI9 Docker image build pipeline introduced in OpenCTI-Platform/connectors#6542 to this repository.
- Add
.github/ubi9-injectors.json listing all injectors eligible for UBI9 image builds, used to generate the build matrix dynamically
- Add
.github/workflows/build-ubi9.yml triggered on push to main, release/** branches and version tags ([0-9]*.[0-9]*.[0-9]*); runs the existing tests as a prerequisite job, then builds and pushes multi-platform (linux/amd64,linux/arm64) UBI9-based Docker images for each listed injector
- Modify
.github/workflows/test-injectors.yml to support workflow_call so it can be reused as a prerequisite job inside the build pipeline
Notes
- All GitHub Actions must be pinned by SHA for supply-chain security
- GHCR support can be commented out initially; only DockerHub active for image pushes
- Image tag is computed from the git ref: version tag →
X.Y.Z-ubi9, main → latest-ubi9, branch → <sanitized-branch>-ubi9
- Reference implementation: OpenCTI-Platform/connectors#6542
Proposed changes
Port the UBI9 Docker image build pipeline introduced in OpenCTI-Platform/connectors#6542 to this repository.
.github/ubi9-injectors.jsonlisting all injectors eligible for UBI9 image builds, used to generate the build matrix dynamically.github/workflows/build-ubi9.ymltriggered on push tomain,release/**branches and version tags ([0-9]*.[0-9]*.[0-9]*); runs the existing tests as a prerequisite job, then builds and pushes multi-platform (linux/amd64,linux/arm64) UBI9-based Docker images for each listed injector.github/workflows/test-injectors.ymlto supportworkflow_callso it can be reused as a prerequisite job inside the build pipelineNotes
X.Y.Z-ubi9,main→latest-ubi9, branch →<sanitized-branch>-ubi9