set build container user #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Build Application and Upload Container Image to Docker Hub | |
| name: Build | |
| # Events: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows | |
| on: | |
| # Run workflow on push except for ignored branches and paths | |
| push: | |
| # Secrets aren't available for dependabot on push. https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow#error-403-resource-not-accessible-by-integration-when-using-dependabot | |
| branches-ignore: | |
| # - 'dependabot/**' | |
| - 'cherry-pick-*' | |
| paths-ignore: | |
| - '**.md' # Ignore documentation changes | |
| - '.github/dependabot.yml' # Ignore dependabot changes | |
| # Allow user to manually trigger Workflow execution | |
| workflow_dispatch: | |
| # Set Workflow-level permissions: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| # Set Job-level permissions: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idpermissions | |
| permissions: | |
| packages: write | |
| container: | |
| image: registry.access.redhat.com/ubi8/openjdk-17 # Use same build image as Containerfile.multistage | |
| options: --user 185 # Get value from docker inspect {{ image }} | jq .[].Config.User | |
| # volumes: | |
| # - github_runner_temp:/__w/ # Error: EACCES: permission denied, open '/__w/_temp/_runner_file_commands/save_state_19d2adac-52a7-4c94-b746-de81d0e83853' | |
| services: | |
| mysql: | |
| image: mysql:8.0 # Use same mysql image from devcontainer.json | |
| env: | |
| MYSQL_DATABASE: demoapp | |
| MYSQL_USER: user | |
| MYSQL_PASSWORD: password | |
| MYSQL_ROOT_PASSWORD: local | |
| # Ports are required only when `container` keyword is not defined | |
| ports: | |
| - 3306:3306 # Opens tcp port 3306 on the host and service container | |
| steps: | |
| - name: Clone | |
| uses: actions/checkout@v4 # https://github.com/marketplace/actions/checkout | |
| # Uncomment line below when `container` keyword is not defined | |
| # # Setup Java | |
| # - uses: actions/setup-java@v3 # https://github.com/actions/setup-java | |
| # with: | |
| # distribution: microsoft # Microsoft was selected to match Visual Studio Code Dev Container Java distribuition, see .devcontainer/devcontainer.json. Supported distributions: https://github.com/actions/setup-java#supported-distributions | |
| # java-version: '17' # Java version must match `project.properties['java.version']` in pom.xml | |
| # Cache Maven dependencies | |
| - name: Install and Cache Maven dependencies | |
| id: cache | |
| uses: actions/cache@v3 # https://github.com/marketplace/actions/cache#using-a-combination-of-restore-and-save-actions | |
| with: | |
| path: ~/.m2 | |
| key: maven-${{ hashFiles('**/pom.xml') }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 # https://github.com/marketplace/actions/docker-setup-qemu | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 # https://github.com/marketplace/actions/docker-setup-build | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 # https://github.com/marketplace/actions/docker-login | |
| with: | |
| registry: paulgilber/ | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # Build with Maven and Upload Container Image to Docker Hub | |
| - name: Build | |
| env: | |
| # SPRING_DATASOURCE_URL: jdbc:mysql://localhost:3306/demoapp # Use service name when `container` keyword is defined | |
| SPRING_DATASOURCE_URL: jdbc:mysql://mysql:3306/demoapp | |
| SPRING_DATASOURCE_USERNAME: root | |
| SPRING_DATASOURCE_PASSWORD: local | |
| DOCKER_REGISTRY_URL: paulgilber/ # Docker Hub repository: https://hub.docker.com/repository/docker/paulgilber/demoapp-backend | |
| DOCKER_REGISTRY_USERNAME: ${{ secrets.DOCKER_REGISTRY_USERNAME }} | |
| DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} | |
| run: | | |
| mvn package dockerfile:build dockerfile:tag dockerfile:push \ | |
| -DDOCKER_REGISTRY_URL=${{ env.DOCKER_REGISTRY_URL }} \ | |
| -DDOCKER_REGISTRY_USERNAME=${{ env.DOCKER_REGISTRY_USERNAME }} \ | |
| -DDOCKER_REGISTRY_PASSWORD=${{ env.DOCKER_REGISTRY_PASSWORD }} | |
| # Uncomment lines below to build with Docker | |
| # - name: Build container image | |
| # uses: docker/build-push-action@v5 # https://github.com/marketplace/actions/build-and-push-docker-images | |
| # with: | |
| # context: . | |
| # file: Containerfile | |
| # push: true | |
| # tags: paulgilber/demoapp-backend | |
| # cache-from: type=gha | |
| # cache-to: type=gha,mode=max |