docker-ckan/.github/workflows/docker-pr.yml

name: Test ckan-docker images (PR)

on:
  pull_request:
    branches:
        - main
        - 'ckan-*.*.*'
        - '!dev/ckan-*.*.*'
        - '!*/*'

env:
    REGISTRY: ghcr.io
    IMAGE_NAME: ${{ github.repository }}
    CONTEXT: .
    BRANCH: ${{ github.head_ref }}
    DOCKERFILE_PATH: /ckan
    DOCKERFILE: Dockerfile
    HADOLINT_VERSION: 2.12.0

jobs:
  docker:
    name: runner/test-docker-pr:${{ github.head_ref }}
    runs-on: ubuntu-latest
    if: github.event_name == 'pull_request'
    steps:
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Checkout
        uses: actions/checkout@v4

      -  name: NGINX build
         uses: docker/build-push-action@v5
         with:
            context: ./nginx
            file: ./nginx/Dockerfile
            push: false
            tags: mjanez/ckan-docker-nginx:test-build-only

      -  name: Apache HTTP Server build
         uses: docker/build-push-action@v5
         with:
            context: ./apache
            file: ./apache/Dockerfile
            push: false
            tags: mjanez/ckan-docker-apache:test-build-only

      -  name: PostgreSQL build
         uses: docker/build-push-action@v5
         with:
              context: ./postgresql
              file: ./postgresql/Dockerfile
              push: false
              tags: mjanez/ckan-docker-postgresql:test-build-only

      -  name: Solr build
         uses: docker/build-push-action@v5
         with:
              context: ./solr
              file: ./solr/Dockerfile
              push: false
              tags: mjanez/ckan-docker-solr:test-build-only

      -  name: ckan-pycsw build
         uses: docker/build-push-action@v4
         with:
              context: ./ckan-pycsw
              file: ./ckan-pycsw/Dockerfile
              push: false
              tags: mjanez/ckan-docker-pycsw:test-build-only

      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          labels: |
            org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md
            org.opencontainers.image.version=${{ env.BRANCH }}

      - name: Build to test
        uses: docker/build-push-action@v5
        id: docker-push
        with:
            push: false
            tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:test-build-only
            labels: ${{ steps.meta.outputs.labels }}
            context: ${{ env.CONTEXT }}
            file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}

      - name: Linting Dockerfile and annotate code inline in the github PR viewer
        id: hadolint
        uses: jbergstroem/hadolint-gh-action@v1.11.0
        with:
          dockerfile: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
          version: ${{ env.HADOLINT_VERSION }}
          annotate: true
          error_level: -1

      - name: Run Trivy container image vulnerability scanner
        uses: aquasecurity/trivy-action@0.12.0
        with:
          image-ref:  ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:test-build-only
          format: sarif
          output: trivy-results.sarif
  
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        if: always()
        with:
          sarif_file: trivy-results.sarif
Update actions - Add PR build & test - Add PR closed build & push ckan-docker image 2023-09-27 16:52:39 +02:00			`name: Test ckan-docker images (PR)`

			`on:`
			`pull_request:`
			`branches:`
			`- main`
			`- 'ckan-..*'`
			`- '!dev/ckan-..*'`
Avoid / branches test 2023-09-27 16:56:16 +02:00			`- '!/'`
Update actions - Add PR build & test - Add PR closed build & push ckan-docker image 2023-09-27 16:52:39 +02:00
			`env:`
			`REGISTRY: ghcr.io`
			`IMAGE_NAME: ${{ github.repository }}`
			`CONTEXT: .`
			`BRANCH: ${{ github.head_ref }}`
			`DOCKERFILE_PATH: /ckan`
			`DOCKERFILE: Dockerfile`
			`HADOLINT_VERSION: 2.12.0`

			`jobs:`
			`docker:`
			`name: runner/test-docker-pr:${{ github.head_ref }}`
			`runs-on: ubuntu-latest`
			`if: github.event_name == 'pull_request'`
			`steps:`
			`- name: Set up QEMU`
			`uses: docker/setup-qemu-action@v3`

			`- name: Set up Docker Buildx`
			`uses: docker/setup-buildx-action@v3`

			`- name: Checkout`
			`uses: actions/checkout@v4`

			`- name: NGINX build`
			`uses: docker/build-push-action@v5`
			`with:`
			`context: ./nginx`
			`file: ./nginx/Dockerfile`
			`push: false`
			`tags: mjanez/ckan-docker-nginx:test-build-only`

			`- name: Apache HTTP Server build`
			`uses: docker/build-push-action@v5`
			`with:`
			`context: ./apache`
			`file: ./apache/Dockerfile`
			`push: false`
			`tags: mjanez/ckan-docker-apache:test-build-only`

			`- name: PostgreSQL build`
			`uses: docker/build-push-action@v5`
			`with:`
			`context: ./postgresql`
			`file: ./postgresql/Dockerfile`
			`push: false`
			`tags: mjanez/ckan-docker-postgresql:test-build-only`

			`- name: Solr build`
			`uses: docker/build-push-action@v5`
			`with:`
			`context: ./solr`
			`file: ./solr/Dockerfile`
			`push: false`
			`tags: mjanez/ckan-docker-solr:test-build-only`

			`- name: ckan-pycsw build`
			`uses: docker/build-push-action@v4`
			`with:`
			`context: ./ckan-pycsw`
			`file: ./ckan-pycsw/Dockerfile`
			`push: false`
			`tags: mjanez/ckan-docker-pycsw:test-build-only`

			`- name: Extract Docker metadata`
			`id: meta`
			`uses: docker/metadata-action@v4`
			`with:`
			`images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}`
			`labels: \|`
			`org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md`
			`org.opencontainers.image.version=${{ env.BRANCH }}`

			`- name: Build to test`
			`uses: docker/build-push-action@v5`
			`id: docker-push`
			`with:`
			`push: false`
Add :test-build-only tag 2023-09-27 17:01:30 +02:00			`tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:test-build-only`
Update actions - Add PR build & test - Add PR closed build & push ckan-docker image 2023-09-27 16:52:39 +02:00			`labels: ${{ steps.meta.outputs.labels }}`
			`context: ${{ env.CONTEXT }}`
			`file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}`

			`- name: Linting Dockerfile and annotate code inline in the github PR viewer`
			`id: hadolint`
			`uses: jbergstroem/hadolint-gh-action@v1.11.0`
			`with:`
			`dockerfile: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}`
			`version: ${{ env.HADOLINT_VERSION }}`
			`annotate: true`
			`error_level: -1`

			`- name: Run Trivy container image vulnerability scanner`
			`uses: aquasecurity/trivy-action@0.12.0`
			`with:`
Add :test-build-only tag 2023-09-27 17:01:30 +02:00			`image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:test-build-only`
Update actions - Add PR build & test - Add PR closed build & push ckan-docker image 2023-09-27 16:52:39 +02:00			`format: sarif`
			`output: trivy-results.sarif`

			`- name: Upload Trivy scan results to GitHub Security tab`
			`uses: github/codeql-action/upload-sarif@v2`
			`if: always()`
			`with:`
			`sarif_file: trivy-results.sarif`