Skip to content

Merge pull request #6 from virtualidentityag/CARITAS-244-add-distrubu… #7

Merge pull request #6 from virtualidentityag/CARITAS-244-add-distrubu…

Merge pull request #6 from virtualidentityag/CARITAS-244-add-distrubu… #7

Workflow file for this run

name: Publish Docker image
on:
push:
branches:
- 'release'
- 'staging'
- 'develop'
tags:
- "dockerImage.v.*"
- "v*"
workflow_dispatch:
jobs:
test:
name: Build and run unit tests
runs-on: ubuntu-latest
env:
FAIL_WEBHOOK_SECRET: ${{ secrets.MS_TEAMS_FAIL_WEBHOOK_URI }}
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Prepare environment variables
run: |
raw=$(git branch -r --contains ${{ github.ref }})
branch=${raw##*/}
echo BRANCH_NAME=$(echo -n "${branch}") >> $GITHUB_ENV
- name: Setup JVM
uses: actions/setup-java@v1
with:
java-version: 11.0.10
java-package: jdk
architecture: x64
- name: Caching maven dependencies
uses: actions/cache@v1
env:
cache-name: cache-maven-dependencies
with:
path: ~/.m2/repository
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
- name: Maven Package
run: mvn -B -Pprod clean package -DskipTests
- name: Maven Verify
run: mvn -B -Pprod clean verify
- uses: actions/upload-artifact@v2
with:
name: targetfiles
path: target/*.jar
- name: Microsoft Teams Fail Card
if: ${{ (env.FAIL_WEBHOOK_SECRET != null) && (env.FAIL_WEBHOOK_SECRET != '') && (failure() || cancelled()) }}
uses: toko-bifrost/[email protected]
with:
github-token: ${{ github.token }}
webhook-uri: ${{ secrets.MS_TEAMS_FAIL_WEBHOOK_URI }}
show-on-start: false
show-on-exit: true
show-on-failure: true
card-layout-exit: complete
environment: ${{ env.BRANCH_NAME }}
custom-actions: |
- text: View CI
url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
push_to_registry:
strategy:
matrix:
registry: ["ghcr.io"]
needs: [test]
name: Push Docker image to GitHub Packages
runs-on: ubuntu-latest
env:
IMAGE_WEBHOOK_SECRET: ${{ secrets.MS_TEAMS_IMAGE_WEBHOOK_URI }}
FAIL_WEBHOOK_SECRET: ${{ secrets.MS_TEAMS_FAIL_WEBHOOK_URI }}
steps:
- uses: actions/checkout@v2
- name: Download buildfiles artifact
uses: actions/download-artifact@v2
with:
name: targetfiles
- name: Get current time
id: time
uses: nanzm/[email protected]
with:
timeZone: 2
format: "YYYYMMDD[_]HHmmss"
- name: Prepare environment variables
run: |
raw=$(git branch -r --contains ${{ github.ref }})
branch=${raw##*/}
echo BRANCH_NAME=$(echo -n "${branch}") >> $GITHUB_ENV
echo "DOCKER_REGISTRY=$(echo "${{ matrix.registry }}/${{ github.repository }}" | awk '{print tolower($0)}')" >> $GITHUB_ENV
echo "DOCKER_IMAGE=$(echo "${{ github.repository }}" | awk -F / '{print tolower($2)}')" >> $GITHUB_ENV
echo "REPO_NAME_WITHOUT_PREFIX"=$(echo "${{ github.repository }}" | sed "s/.*\///" | awk -F / '{print tolower($0)}') >> $GITHUB_ENV
echo CLEAN_REF=$(echo "${GITHUB_REF_NAME#refs/heads/}") >> $GITHUB_ENV
echo TYPE=$(echo -n "${GITHUB_REF_TYPE}") >> $GITHUB_ENV
echo TIME_STAMP=$(echo -n "${{ steps.time.outputs.time }}") >> $GITHUB_ENV
shell: bash
- name: Set branch_timestamp for image from branch
if: ${{ env.TYPE == 'branch' }}
run: echo DOCKER_IMAGE_TAG=$(echo "${{ env.CLEAN_REF }}_${{ env.TIME_STAMP }}") >> $GITHUB_ENV
shell: bash
- name: Set tag for image from tag
if: ${{ env.TYPE == 'tag' }}
run: echo DOCKER_IMAGE_TAG=$(echo "${{ env.CLEAN_REF }}") >> $GITHUB_ENV
shell: bash
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: '${{ env.DOCKER_REGISTRY }}/${{ env.REPO_NAME_WITHOUT_PREFIX }}'
flavor: |
latest=false
tags: |
type=ref,event=branch
type=ref,event=tag
type=raw,value=${{ env.DOCKER_IMAGE_TAG}}
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'release') }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ${{ env.DOCKER_REGISTRY }}
username: ${{ secrets.GH_PACKAGE_RELEASE_USER }}
password: ${{ secrets.GH_PACKAGE_RELEASE_TOKEN }}
- name: Push to GitHub Packages
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Hint about the Docker Image Tag if successfull
if: ${{ success() }}
run: |
echo "### Publish Docker image :white_check_mark:" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- Image name: ${{ env.DOCKER_IMAGE }}" >> $GITHUB_STEP_SUMMARY
echo "- Version: ${{ env.DOCKER_IMAGE_TAG }}" >> $GITHUB_STEP_SUMMARY
- name: Hint about the Docker Image Tag if not successfull
if: ${{ failure() || cancelled() }}
run: |
echo "### Publish Docker image :x:" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- It seems that something has gone wrong" >> $GITHUB_STEP_SUMMARY
- name: Run Trivy vulnerability image scanner
if: ${{ (matrix.registry == 'ghcr.io') }}
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.DOCKER_REGISTRY }}/${{ env.REPO_NAME_WITHOUT_PREFIX }}:${{ env.DOCKER_IMAGE_TAG }}'
format: 'table'
exit-code: '1'
vuln-type: 'os,library'
severity: 'CRITICAL'
- name: Microsoft Teams Fail Card
if: ${{ (env.FAIL_WEBHOOK_SECRET != null) && (env.FAIL_WEBHOOK_SECRET != '') && (matrix.registry == 'ghcr.io') && (failure() || cancelled()) }}
uses: toko-bifrost/[email protected]
with:
github-token: ${{ github.token }}
webhook-uri: ${{ secrets.MS_TEAMS_FAIL_WEBHOOK_URI }}
show-on-start: false
show-on-exit: true
show-on-failure: true
card-layout-exit: complete
environment: ${{ env.BRANCH_NAME }}
custom-actions: |
- text: View CI
url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
- name: Microsoft Teams Image Card
if: ${{ (env.IMAGE_WEBHOOK_SECRET != null) && (env.IMAGE_WEBHOOK_SECRET != '') && (matrix.registry == 'ghcr.io') && success() }}
uses: toko-bifrost/[email protected]
with:
github-token: ${{ github.token }}
webhook-uri: ${{ secrets.MS_TEAMS_IMAGE_WEBHOOK_URI }}
show-on-start: false
show-on-exit: true
show-on-failure: false
card-layout-exit: complete
environment: ${{ env.BRANCH_NAME }}
custom-facts: |
- name: Registry
value: ${{ env.DOCKER_REGISTRY }}/${{ env.REPO_NAME_WITHOUT_PREFIX }}
- name: Tag
value: ${{ env.DOCKER_IMAGE_TAG }}
custom-actions: |
- text: View CI
url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"