chore(deps): bump docker/build-push-action from 5.1.0 to 6.4.1 #35
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: IRS build | |
| on: | |
| workflow_dispatch: # Trigger manually | |
| pull_request: | |
| paths-ignore: | |
| - '**/*.md' | |
| - '**/*.txt' | |
| - 'charts/**' | |
| - '.config/**' | |
| - 'docs/**' | |
| - '!docs/src/api/**' | |
| - 'local/**' | |
| - 'CHANGELOG.md' | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - '**' | |
| jobs: | |
| init: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image_namespace: tractusx | |
| image_name: irs-api | |
| docker_hub_user: ${{ secrets.DOCKER_HUB_USER }} | |
| # In order to skip sonar if not configured | |
| sonar_configured: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }} | |
| steps: | |
| - run: | | |
| echo "Preparing variables" | |
| echo "sonar_configured: ${{ secrets.SONAR_TOKEN != '' && secrets.SONAR_PROJECT_KEY != '' && secrets.SONAR_ORGANIZATION != '' }}" | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Cache maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-m2 | |
| - name: Build with Maven | |
| run: | | |
| mvn clean verify --batch-mode | |
| analyze_with_Sonar: | |
| needs: [init] | |
| # No need to run if we cannot use the sonar token | |
| if: >- | |
| needs.init.outputs.sonar_configured == 'true' | |
| && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) | |
| && github.actor != 'dependabot[bot]' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of sonar analysis | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Cache maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-m2 | |
| - name: Cache SonarCloud packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.sonar/cache | |
| key: ${{ runner.os }}-sonar | |
| restore-keys: ${{ runner.os }}-sonar | |
| - name: Analyze with Sonar | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: | | |
| mvn --batch-mode --update-snapshots verify \ | |
| org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ | |
| -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }} -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }} \ | |
| -Dcheckstyle.skip -Dpmd.skip=true | |
| build_images: | |
| needs: [init] | |
| strategy: | |
| matrix: | |
| image: | |
| - irs-api | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image-tag: ${{ steps.version.outputs.image_tag }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Build image to make sure Dockerfile is valid | |
| run: | | |
| # RUN --mount=type=cache is used in the IRS Dockerfile to cache directories for maven. | |
| # And the --mount option requires BuildKit. | |
| DOCKER_BUILDKIT=1 docker build --build-arg BUILD_TARGET=${{ matrix.image }} --target ${{ matrix.image }} -t ${{ matrix.image }}:latest . | |
| - name: Set image version | |
| id: version | |
| run: | | |
| # Strip git ref prefix from version | |
| VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | |
| # Strip "v" prefix from tag name | |
| [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') | |
| # Support PR ref versions | |
| [[ "${{ github.ref }}" == "refs/pull/"* ]] && VERSION=PR-$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\)/merge,\1,') | |
| # Use Docker `latest` tag convention | |
| [ "$VERSION" == "main" ] && VERSION=latest | |
| echo VERSION=$VERSION | |
| echo "::set-output name=image_tag::$VERSION" | |
| - name: Login to Docker Hub | |
| if: needs.init.outputs.docker_hub_user != '' | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USER }} | |
| password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
| - name: Push image (DockerHub) | |
| if: needs.init.outputs.docker_hub_user != '' && github.event_name != 'pull_request' | |
| run: | | |
| docker tag ${{ matrix.image }} ${{ needs.init.outputs.image_namespace }}/${{ needs.init.outputs.image_name }}:${{ steps.version.outputs.image_tag }} | |
| docker push ${{ needs.init.outputs.image_namespace }}/${{ needs.init.outputs.image_name }}:${{ steps.version.outputs.image_tag }} | |
| docker tag ${{ matrix.image }} $IMAGE_ID:$GITHUB_SHA | |
| docker push $IMAGE_ID:$GITHUB_SHA | |
| # https://github.com/peter-evans/dockerhub-description | |
| - name: Update Docker Hub description | |
| if: needs.init.outputs.docker_hub_user != '' && github.event_name != 'pull_request' | |
| uses: peter-evans/dockerhub-description@v4 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USER }} | |
| password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
| repository: ${{ needs.init.outputs.image_namespace }}/${{ needs.init.outputs.image_name }} | |
| readme-filepath: ./DOCKER_NOTICE.md | |
| trigger-trivy-image-scan: | |
| if: >- | |
| github.event_name != 'pull_request' | |
| needs: | |
| - build_images | |
| uses: ./.github/workflows/trivy-docker-hub-scan.yml | |