Skip to content

Improvements in Dockerfile #1641

Improvements in Dockerfile

Improvements in Dockerfile #1641

Workflow file for this run

name: Deploy
on:
pull_request:
branches:
- 'develop'
types:
- closed
env:
IMAGE_ORG: fiware
IMAGE_NAME: orion-ld
IMAGE_TAG_LATEST: latest
IMAGE_TAG_DEBUG: debug
IMAGE_TAG_PRE: 1.8.0-PRE-${{ github.run_number }}
jobs:
# push to dockerhub
deploy-release-dockerhub:
runs-on: ubuntu-latest
if: ${{ github.event.pull_request.merged == true && github.repository == 'FIWARE/context.Orion-LD' }}
steps:
- uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
push: true
tags: |
${{ env.IMAGE_ORG }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG_LATEST }}
${{ env.IMAGE_ORG }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG_PRE }}
file: docker/Dockerfile-ubi
no-cache: true
- name: Build and push with gdb
id: docker_build_gdb
uses: docker/build-push-action@v2
with:
push: true
tags: |
${{ env.IMAGE_ORG }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG_PRE }}-GDB
build-args: |
BASE_VERSION=${{ env.IMAGE_TAG_PRE }}
file: docker/Dockerfile-gdb
no-cache: true
- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: ${{ env.IMAGE_ORG }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG_PRE }}
args: --file=docker/Dockerfile-ubi
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: snyk.sarif
deploy-debug-dockerhub:
runs-on: ubuntu-latest
if: ${{ github.event.pull_request.merged == true && github.repository == 'FIWARE/context.Orion-LD' }}
steps:
- uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
push: true
tags: ${{ env.IMAGE_ORG }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG_PRE }}-${{ env.IMAGE_TAG_DEBUG }}
file: docker/Dockerfile-debug
no-cache: true
# quay.io
deploy-release-quay:
runs-on: ubuntu-latest
if: ${{ github.event.pull_request.merged == true && github.repository == 'FIWARE/context.Orion-LD' }}
steps:
- uses: actions/checkout@v2
- name: Build Image
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.IMAGE_ORG }}/${{ env.IMAGE_NAME }}
oci: true
labels: |
quay.expires-after=1w
tags: ${{ env.IMAGE_TAG_LATEST }} ${{ env.IMAGE_TAG_PRE }} ${{ github.sha }}
dockerfiles: |
./docker/Dockerfile-ubi
- name: Push To quay.io
id: push-to-quay
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: Build with gdb
id: build-image-gdb
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.IMAGE_ORG }}/${{ env.IMAGE_NAME }}
tags: ${{ env.IMAGE_TAG_PRE }}-GDB
oci: true
labels: |
quay.expires-after=1w
dockerfiles: |
./docker/Dockerfile-gdb
build-args: |
BASE_VERSION=${{ env.IMAGE_TAG_PRE }}
- name: Push To quay.io
id: push-gdb-to-quay
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image-gdb.outputs.image }}
tags: ${{ steps.build-image-gdb.outputs.tags }}
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
deploy-debug-quay:
runs-on: ubuntu-latest
if: ${{ github.event.pull_request.merged == true && github.repository == 'FIWARE/context.Orion-LD' }}
steps:
- uses: actions/checkout@v2
- name: Build Image
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.IMAGE_ORG }}/${{ env.IMAGE_NAME }}
tags: ${{ env.IMAGE_TAG_PRE }}-${{ env.IMAGE_TAG_DEBUG }}
oci: true
labels: |
quay.expires-after=1w
dockerfiles: |
./docker/Dockerfile-debug
- name: Push To quay.io
id: push-debug-to-quay
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}