Fix security audit #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| jobs: | |
| docker: | |
| name: Docker | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| tag: | |
| - 3.11-basic | |
| - 3.11-docworker | |
| env: | |
| PUBLIC_IMAGE_PREFIX: 'datastewardshipwizard' | |
| IMAGE_BASE_NAME: 'python-base' | |
| DOCKER_META_CONTEXT: '.' | |
| DOCKER_META_FILE: './${{ matrix.tag }}/Dockerfile' | |
| DOCKER_META_PLATFORMS: 'linux/amd64,linux/arm64' | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Set short SHA | |
| id: vars | |
| run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| # TEST DOCKER IMAGE BUILD | |
| - name: Docker meta [test] | |
| id: meta-test | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| ${{ env.PUBLIC_IMAGE_PREFIX }}/${{ env.IMAGE_BASE_NAME }} | |
| tags: | | |
| type=raw,value=${{ matrix.tag }} | |
| type=raw,value=${{ matrix.tag }}-${{ steps.vars.outputs.sha_short }} | |
| - name: Docker build+push [test] | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: ${{ env.DOCKER_META_CONTEXT }} | |
| file: ${{ env.DOCKER_META_FILE }} | |
| platforms: ${{ env.DOCKER_META_PLATFORMS }} | |
| push: false | |
| tags: ${{ steps.meta-test.outputs.tags }} | |
| labels: ${{ steps.meta-test.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # PUBLIC: DOCKER HUB | |
| - name: Docker login [public] | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| password: ${{ secrets.DOCKER_HUB_PASSWORD }} | |
| - name: Docker meta [public] | |
| id: meta-public | |
| if: github.event_name != 'pull_request' | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| ${{ env.PUBLIC_IMAGE_PREFIX }}/${{ env.IMAGE_BASE_NAME }} | |
| tags: | | |
| type=raw,value=${{ matrix.tag }},enable=${{ github.ref == format('refs/heads/{0}', 'main') }} | |
| type=raw,value=${{ matrix.tag }}-${{ steps.vars.outputs.sha_short }} | |
| type=semver,pattern={{version}},suffix=-${{ matrix.tag }} | |
| type=semver,pattern={{major}}.{{minor}},suffix=-${{ matrix.tag }} | |
| type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }},suffix=-${{ matrix.tag }} | |
| - name: Docker build+push [public] | |
| uses: docker/build-push-action@v3 | |
| if: github.event_name != 'pull_request' && steps.meta-public.outputs.tags != '' | |
| with: | |
| context: ${{ env.DOCKER_META_CONTEXT }} | |
| file: ${{ env.DOCKER_META_FILE }} | |
| platforms: ${{ env.DOCKER_META_PLATFORMS }} | |
| push: true | |
| tags: ${{ steps.meta-public.outputs.tags }} | |
| labels: ${{ steps.meta-public.outputs.labels }} |