Skip to content

Security upgrades

Security upgrades #381

Workflow file for this run

# EDRN Portal Continuous Delivery
# ===============================
#
# This workflow builds and registers an image of the "Renaissance" of P5, the Early Detection Research
# Network's public portal.
---
name: P5 Continuous Delivery
# Triggers
# --------
#
# Run on any push to the Renaissance branch of the P5 code.
on:
push:
branches:
- main
paths:
- 'src/**'
- 'docker/Dockerfile'
# Jobs
# ----
#
# What to do.
jobs:
imaging:
name: 🏞 P5 Renaissance Imaging
runs-on: ubuntu-latest
steps:
-
name: 💳 Docker Hub Identification
uses: docker/login-action@v2
with:
username: ${{secrets.DOCKERHUB_USERNAME}}
password: ${{secrets.DOCKERHUB_TOKEN}}
-
name: 📚 Repository Checkout
uses: actions/checkout@v3
-
name: 🐍 Python Wrangling
uses: actions/setup-python@v4
with:
python-version: '3.10'
-
name: ☸️ Wheel Generation
run: |
python -m pip install --quiet --upgrade pip setuptools wheel build
for pkg in src/*; do
python -m build --outdir dist $pkg
done
-
name: 🎰 QEMU Multiple Machine Emulation
uses: docker/setup-qemu-action@v2
-
name: 🚢 Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: 🧱 Image Construction and Publication — user ID 500
uses: docker/build-push-action@v3
with:
build-args: user_id=500
context: .
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{secrets.DOCKERHUB_USERNAME}}/edrn-portal:latest
${{secrets.DOCKERHUB_USERNAME}}/edrn-portal:latest-uid500
-
name: 🧱 Image Construction and Publication — user ID 26013
uses: docker/build-push-action@v3
with:
build-args: user_id=26013
context: .
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{secrets.DOCKERHUB_USERNAME}}/edrn-portal:latest-uid26013
...
# FYI, as of 2022-01-25, the possible `platforms` that QEMU provides to the `platforms` of the image construction
# step are the following:
#
# linux/amd64,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/mips64le,
# linux/mips64,linux/arm/v7,linux/arm/v6
# -*- mode: YAML; tab-width: 4 -*-