Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "Remove failing docker publish line" #64

Merged
merged 7 commits into from
Jul 11, 2023
Merged

Revert "Remove failing docker publish line" #64

Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
f97d6e3
Revert "Remove failing docker publish line (#62)"
MSevey Jul 7, 2023
6b0888d
debugging
MSevey Jul 7, 2023
e3fc05b
testing
MSevey Jul 7, 2023
b4dfa99
update conditionals to handle expected request
MSevey Jul 7, 2023
d566bb1
fully split out the images
MSevey Jul 10, 2023
5c8aced
Merge branch 'main' into revert-62-MSevey-patch-1
MSevey Jul 10, 2023
ae8124e
add context and documentation
MSevey Jul 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 27 additions & 8 deletions .github/workflows/reusable_dockerfile_pipeline.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,12 +83,12 @@ jobs:
OUTPUT_IMAGE_NAME: ${{ needs.prepare-env.outputs.output_image_name }}
with:
# here we use the local tag that we've built before
image-ref: '${{ env.OUTPUT_IMAGE_NAME }}:${{ env.OUTPUT_SHORT_SHA }}'
format: 'table'
image-ref: "${{ env.OUTPUT_IMAGE_NAME }}:${{ env.OUTPUT_SHORT_SHA }}"
format: "table"
#exit-code: '1' # uncomment to stop the CI if the scanner fails
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
vuln-type: "os,library"
severity: "CRITICAL,HIGH"

docker-build:
runs-on: "ubuntu-latest"
Expand Down Expand Up @@ -135,9 +135,28 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

# We always build the image but we only push if we are on the `main`,
# `master` branch or a versioned `v*` branch
- name: Build and Push Docker Image (amd64 and arm64)
# Build amd64 images always, and publish when it is not a fork. The Github
# security model prevents forks from pushing to the registry so we can
# only push if the branch/PR is not generated from a fork. Even though
# forks can't push, we still want to try and build the image to catch
# bugs. For testing purposes we only need an amd64 image.
- name: Build and Push Docker Image amd64
uses: docker/build-push-action@v4
env:
OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }}
OUTPUT_IMAGE_NAME: ${{ needs.prepare-env.outputs.output_image_name }}
with:
platforms: linux/amd64
# Only push if the head and base repos match, meaning it is not a fork
# yamllint disable
push: ${{ github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name }}
# yamllint enable
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
file: ${{ inputs.dockerfile }}

# Build and Publish arm64 images on main, master, and versioned branches.
- name: Build and Push Docker Images arm64
uses: docker/build-push-action@v4
# yamllint disable
# only run when the branch is main, master or starts with v*
Expand All @@ -147,8 +166,8 @@ jobs:
OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }}
OUTPUT_IMAGE_NAME: ${{ needs.prepare-env.outputs.output_image_name }}
with:
platforms: linux/arm64
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
Expand Down