Update main.yml #62
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Stellar Docker Image CI | |
on: | |
push: | |
branches: | |
- main | |
- develop | |
tags: | |
- "v*.*.*" | |
pull_request: | |
branches: | |
- main | |
- develop | |
env: | |
DOCKERHUB_REPO: ${{ vars.DOCKERHUB_REPO || 'medaziz11' }} | |
DOCKERHUB_IMAGE: ${{ vars.DOCKERHUB_IMAGE || 'uptimekuma_restapi' }} | |
BUILD_TAGS: ${{ vars.BUILD_TAGS }} | |
CACHE_PATH: /tmp/.buildx-cache | |
jobs: | |
build-test-push: | |
runs-on: ubuntu-latest | |
steps: | |
# Check out the repository code | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
# Set up Docker Buildx for building images with BuildKit | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
# Cache Docker layers for faster builds | |
- name: Cache Docker layers | |
uses: actions/cache@v3 | |
with: | |
path: ${{ env.CACHE_PATH }} | |
key: ${{ runner.os }}-buildx-${{ github.ref }}-${{ hashFiles('**/Dockerfile') }} | |
restore-keys: | | |
${{ runner.os }}-buildx-${{ github.ref }}- | |
${{ runner.os }}-buildx- | |
# Log in to Docker Hub using the provided secrets | |
- name: Login to Docker Hub | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Set image tags | |
id: image_tags | |
run: | | |
REPO=${{ env.DOCKERHUB_REPO }} | |
IMAGE=${{ env.DOCKERHUB_IMAGE }} | |
BRANCH=$(echo ${GITHUB_REF#refs/heads/} | sed 's/\//-/g') | |
if [ "${{ github.event_name }}" == "pull_request" ]; then | |
PR_NUMBER=${{ github.event.number }} | |
TAGS="${REPO}/${IMAGE}:pr-${PR_NUMBER}" | |
elif [[ $GITHUB_REF == "refs/heads/main" ]]; then | |
TAGS="${REPO}/${IMAGE}:latest" | |
elif [[ $GITHUB_REF == "refs/heads/develop" ]]; then | |
TAGS="${REPO}/${IMAGE}:dev" | |
elif [[ $GITHUB_REF == refs/tags/* ]]; then | |
VERSION=$(echo ${GITHUB_REF#refs/tags/v} | sed 's/\//-/g') | |
TAGS="${REPO}/${IMAGE}:v${VERSION},${REPO}/${IMAGE}:latest" | |
else | |
echo "Error: Unexpected branch or tag" | |
exit 1 | |
fi | |
echo "{tags}=${TAGS}" >> $GITHUB_OUTPUT | |
echo ${steps.image_tags.outputs.tags} | |
# Build, test, and push the Docker image | |
- name: Build, Test, and Push Docker image | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.image_tags.outputs.tags }} | |
cache-from: type=local,src=${{ env.CACHE_PATH }} | |
cache-to: type=local,dest=${{ env.CACHE_PATH }} | |
# FUTURE TESTS? | |
# # Test the built Docker image | |
# - name: Run container structure tests | |
# run: | | |
# docker run -v $(pwd)/test:/test -v /var/run/docker.sock:/var/run/docker.sock \ | |
# gcr.io/gcp-runtimes/container-structure-test:v1.12.0 \ | |
# test --image ${{ env.DOCKERHUB_REPO }}/${{ env.DOCKERHUB_IMAGE }}:${{ matrix.branch }}-${{ matrix.platform }} \ | |
# --config /test/structure-test-config.yaml | |
# # Scan the built Docker image for security vulnerabilities | |
# - name: Scan Docker image for vulnerabilities | |
# run: | | |
# IMAGE_TAG=${{ matrix.branch }}-${{ env.PLATFORM_TAG }} | |
# docker pull ${{ env.DOCKERHUB_REPO }}/${{ env.DOCKERHUB_IMAGE }}:${IMAGE_TAG} | |
# docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \ | |
# aquasec/trivy:latest \ | |
# --exit-code 1 \ | |
# --severity CRITICAL,HIGH \ | |
# --ignore-unfixed \ | |
# ${{ env.DOCKERHUB_REPO }} | |