This repository uses GitHub Actions for CI/CD to build and push OpenSPP Docker images to the ACN Nexus Docker Registry.
Configure the following secrets in your GitHub repository settings:
NEXUS_USERNAME: Nexus registry username (e.g.,admin)NEXUS_PASSWORD: Nexus registry password
SLACK_WEBHOOK: Slack webhook URL for build notifications (optional)
- Go to your repository on GitHub
- Navigate to Settings > Secrets and variables > Actions
- Click New repository secret
- Add each secret:
- Name:
NEXUS_USERNAME - Value: Your Nexus username
- Click Add secret
- Repeat for
NEXUS_PASSWORDand optionallySLACK_WEBHOOK
- Name:
Triggers:
- Push to main, master, develop, or release/* branches
- Pull requests to main, master, or develop
- Git tags (v*, semantic versioning)
- Manual workflow dispatch
Actions:
- Builds Ubuntu 24.04 and Debian slim Docker images
- Platform: linux/amd64 only (no ARM support)
- Pushes to Nexus registry (
docker-push.acn.fr) - Images available publicly at
docker.acn.fr/openspp/openspp - Runs tests on pull requests
- Updates Kubernetes manifests on tag releases
Image Tags:
latest/latest-slim- Latest from main branchdaily/daily-slim- Daily builds from main branchv1.0.0/v1.0.0-slim- Version tagsdevelop-sha123abc- Branch with commit SHApr-123- Pull request builds
Triggers:
- Push to main branches
- Pull requests
- Daily at 2 AM UTC
- Manual workflow dispatch
Actions:
- Trivy vulnerability scanning
- Hadolint Dockerfile linting
- OWASP dependency checking
- Results uploaded to GitHub Security tab
- Go to Actions tab in your repository
- Select Docker Build and Push workflow
- Click Run workflow
- Choose branch and whether to push images
- Click Run workflow button
Images are automatically built and pushed when:
- Pushing to main/master/develop branches
- Creating a new release tag
- Changes are tested (but not pushed) on pull requests
docker-push.acn.fr/openspp/openspp
docker.acn.fr/openspp/openspp
After images are built and pushed, they're available at:
# Latest stable
docker pull docker.acn.fr/openspp/openspp:latest
docker pull docker.acn.fr/openspp/openspp:latest-slim
# Daily builds
docker pull docker.acn.fr/openspp/openspp:daily
docker pull docker.acn.fr/openspp/openspp:daily-slim
# Specific version
docker pull docker.acn.fr/openspp/openspp:v1.0.0
docker pull docker.acn.fr/openspp/openspp:v1.0.0-slimYou can view build status in the Actions tab of your repository. Each workflow run shows:
- Build logs
- Test results
- Security scan findings
- Artifacts (if any)
If builds fail with authentication errors:
-
Verify
NEXUS_USERNAMEandNEXUS_PASSWORDsecrets are set correctly -
Test credentials locally:
docker login docker-push.acn.fr -u <username>
- Check the workflow logs in the Actions tab
- Common issues:
- APT repository connectivity
- Package installation failures
- Dockerfile syntax errors
Security scans may find vulnerabilities. Check:
- Security tab for detailed reports
- Trivy results in workflow logs
- Consider updating base images or packages
- Build Platform: linux/amd64 only
- Base Images:
- Ubuntu:
ubuntu:24.04 - Slim:
debian:bookworm-slim
- Ubuntu:
- OpenSPP Source: APT repository at https://builds.acn.fr/repository/apt-openspp-daily/
If SLACK_WEBHOOK is configured, you'll receive notifications for:
- Successful builds
- Failed builds
- Security scan results
Enable GitHub notifications to receive updates about:
- Workflow failures
- Security alerts
- Pull request checks
- Always test in pull requests before merging to main
- Review security scan results regularly
- Tag releases properly for production deployments
- Monitor build times and optimize if needed
- Keep secrets secure and rotate regularly
For issues with:
- GitHub Actions: Check GitHub Actions documentation
- Docker builds: Review Dockerfile and build logs
- Nexus registry: Contact your Nexus administrator
- OpenSPP packages: Check APT repository status