-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Expand file tree
/
Copy pathrelease-x-manual-docker-containers.yml
More file actions
98 lines (88 loc) · 3.66 KB
/
release-x-manual-docker-containers.yml
File metadata and controls
98 lines (88 loc) · 3.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
name: "release-X: Release docker containers"
env:
GIT_USERNAME: "DefectDojo release bot"
GIT_EMAIL: "dojo-release-bot@users.noreply.github.com"
on:
workflow_dispatch:
inputs:
# the actual branch that can be chosen on the UI is made irrelevant by further steps
# because someone will forget one day to change it.
release_number:
type: string
description: 'Release version (x.y.z format)'
required: true
platform:
type: string
default: "linux/amd64"
workflow_call:
inputs:
# the actual branch that can be chosen on the UI is made irrelevant by further steps
# because someone will forget one day to change it.
release_number:
type: string
description: 'Release version (x.y.z format)'
required: true
platform:
type: string
default: "linux/amd64"
jobs:
job-build-and-push:
runs-on: ${{ inputs.platform == 'linux/arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
strategy:
fail-fast: false
matrix:
docker-image: [django, nginx]
os: [alpine, debian]
exclude:
- docker-image: nginx
os: debian
steps:
# Replace slashes so we can use this in filenames
- name: Set-platform
run: |
platform=${{ inputs.platform }}
echo "PLATFORM=${platform//\//-}" >> $GITHUB_ENV
echo $GITHUB_ENV
# deduce docker org name from git repo to make the build also work in forks
- id: Set-docker-org
run: echo "DOCKER_ORG=$(echo ${GITHUB_REPOSITORY%%/*} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
- name: Login to DockerHub
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Checkout tag
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.release_number }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
# we cannot set any tags here, those are set on the merged digest in release-x-manual-merge-container-digests.yml
- name: Build and push images
id: build
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
env:
DOCKER_BUILD_CHECKS_ANNOTATIONS: false
with:
push: true
file: ./Dockerfile.${{ matrix.docker-image }}-${{ matrix.os }}
context: .
target: release
outputs: type=image,"name=${{ env.DOCKER_ORG }}/defectdojo-${{ matrix.docker-image}}",push-by-digest=true,name-canonical=true
cache-from: type=gha,scope=${{ matrix.docker-image}}-${{ matrix.os }}-${{ env.PLATFORM }}-${{ github.head_ref || github.ref_name }}
cache-to: type=gha,mode=max,scope=${{ matrix.docker-image}}-${{ matrix.os }}-${{ env.PLATFORM }}-${{ github.head_ref || github.ref_name }}
# export the digest to a file
- name: Export digest
run: |
mkdir -p ${{ runner.temp }}/digests
digest="${{ steps.build.outputs.digest }}"
touch "${{ runner.temp }}/digests/${digest#sha256:}"
# upload the digest file as artifact
- name: Upload digest
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: digests-${{ matrix.docker-image}}-${{ matrix.os }}-${{ env.PLATFORM }}
path: ${{ runner.temp }}/digests/*
if-no-files-found: error
retention-days: 1