CatalogueRevamping
/
docker-ckan
14
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update actions 

- Add PR build & test
- Add PR closed build & push ckan-docker image
This commit is contained in:
mjanez 2023-09-27 16:52:39 +02:00
parent 66e231b343
commit 553601c570
6 changed files with 196 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
.github/workflows/build-master.yml → .github/.old/build-master.yml vendored
View File

0
.github/workflows/build-tags.yml → .github/.old/build-tags.yml vendored
View File

10
.github/workflows/docker-master.yml → .github/.old/docker-master.yml vendored
View File

@ -20,17 +20,17 @@ jobs:
steps: steps:
- -
name: Set up QEMU name: Set up QEMU
uses: docker/setup-qemu-action@v2 uses: docker/setup-qemu-action@v3
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v3
- -
name: Checkout name: Checkout
uses: actions/checkout@v2 uses: actions/checkout@v4
- -
name: Login to registry name: Login to registry
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
username: ${{ github.actor }} username: ${{ github.actor }}
@ -43,7 +43,7 @@ jobs:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- -
name: Build and push name: Build and push
uses: docker/build-push-action@v3 uses: docker/build-push-action@v5
with: with:
push: ${{ github.event_name != 'pull_request' }} push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}

0
.github/workflows/docker-tags.yml → .github/.old/docker-tags.yml vendored
View File

78
.github/workflows/docker-build.yml vendored Normal file
View File

@ -0,0 +1,78 @@
name: Build and push ckan-docker image from PR Merge
on:
pull_request:
types:
- closed
branches:
- main
- 'ckan-*.*.*'
- '!dev/ckan-*.*.*'
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
TAG: ghcr.io/${{ github.repository }}:${{ github.head_ref }}
CONTEXT: .
BRANCH: ${{ github.head_ref }}
DOCKERFILE_PATH: /ckan
DOCKERFILE: Dockerfile
jobs:
docker:
name: runner/build-docker-push:${{ github.head_ref }}
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Check out code
uses: actions/checkout@v4
- name: Login to registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
labels: |
org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md
org.opencontainers.image.version=${{ env.BRANCH }}
- name: Build and push
uses: docker/build-push-action@v5
with:
push: true
tags: ${{ env.TAG }}
labels: ${{ steps.meta.outputs.labels }}
context: ${{ env.CONTEXT }}
file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
- name: Linting Dockerfile with hadolint in GH Actions
uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
- name: Run Trivy container image vulnerability scanner
uses: aquasecurity/trivy-action@0.12.0
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH }}
format: sarif
output: trivy-results.sarif
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: trivy-results.sarif

113
.github/workflows/docker-pr.yml vendored Normal file
View File

@ -0,0 +1,113 @@
name: Test ckan-docker images (PR)
on:
pull_request:
branches:
- main
- 'ckan-*.*.*'
- '!dev/ckan-*.*.*'
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
CONTEXT: .
BRANCH: ${{ github.head_ref }}
DOCKERFILE_PATH: /ckan
DOCKERFILE: Dockerfile
HADOLINT_VERSION: 2.12.0
jobs:
docker:
name: runner/test-docker-pr:${{ github.head_ref }}
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Checkout
uses: actions/checkout@v4
- name: NGINX build
uses: docker/build-push-action@v5
with:
context: ./nginx
file: ./nginx/Dockerfile
push: false
tags: mjanez/ckan-docker-nginx:test-build-only
- name: Apache HTTP Server build
uses: docker/build-push-action@v5
with:
context: ./apache
file: ./apache/Dockerfile
push: false
tags: mjanez/ckan-docker-apache:test-build-only
- name: PostgreSQL build
uses: docker/build-push-action@v5
with:
context: ./postgresql
file: ./postgresql/Dockerfile
push: false
tags: mjanez/ckan-docker-postgresql:test-build-only
- name: Solr build
uses: docker/build-push-action@v5
with:
context: ./solr
file: ./solr/Dockerfile
push: false
tags: mjanez/ckan-docker-solr:test-build-only
- name: ckan-pycsw build
uses: docker/build-push-action@v4
with:
context: ./ckan-pycsw
file: ./ckan-pycsw/Dockerfile
push: false
tags: mjanez/ckan-docker-pycsw:test-build-only
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
labels: |
org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md
org.opencontainers.image.version=${{ env.BRANCH }}
- name: Build to test
uses: docker/build-push-action@v5
id: docker-push
with:
push: false
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH }}
labels: ${{ steps.meta.outputs.labels }}
context: ${{ env.CONTEXT }}
file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
- name: Linting Dockerfile and annotate code inline in the github PR viewer
id: hadolint
uses: jbergstroem/hadolint-gh-action@v1.11.0
with:
dockerfile: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
version: ${{ env.HADOLINT_VERSION }}
annotate: true
error_level: -1
- name: Run Trivy container image vulnerability scanner
uses: aquasecurity/trivy-action@0.12.0
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH }}
format: sarif
output: trivy-results.sarif
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: trivy-results.sarif