Skip to content

Build No Cache

Build No Cache #170

Workflow file for this run

name: Build No Cache
on:
workflow_dispatch:
schedule:
- cron: '0 13 * * 0'
jobs:
build:
runs-on: ubuntu-latest
env:
DOCKER_IMAGE: ghcr.io/dfe-digital/publish-teacher-training
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set Environment variable
run: |
GIT_REF=${{github.ref}}
GIT_BRANCH=${GIT_REF##*/}
echo "BRANCH_TAG=$GIT_BRANCH" >> $GITHUB_ENV
echo "DOCKER_IMAGE_TAG=$GITHUB_SHA" >> $GITHUB_ENV
# tag build to the review env for vars and secrets
tf_vars_file=terraform/aks/workspace_variables/review_aks.tfvars.json
echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
echo "KEY_VAULT_INFRA_SECRET_NAME=$(jq -r '.key_vault_infra_secret_name' ${tf_vars_file})" >> $GITHUB_ENV
- uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS_REVIEW_AKS }}
- name: Validate Azure Key Vault secrets
uses: DFE-Digital/github-actions/validate-key-vault-secrets@master
with:
KEY_VAULT: ${{ env.KEY_VAULT_NAME }}
SECRETS: |
${{ env.KEY_VAULT_INFRA_SECRET_NAME }}
- uses: DFE-Digital/keyvault-yaml-secret@v1
id: get-secret
with:
keyvault: ${{ env.KEY_VAULT_NAME }}
secret: ${{ env.KEY_VAULT_INFRA_SECRET_NAME }}
key: SNYK_TOKEN
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Publish-Teacher-Training-Middleman
uses: docker/build-push-action@v6
with:
tags: ${{ env.DOCKER_IMAGE}}-middleman:${{ env.BRANCH_TAG }}
push: true
target: middleman
build-args: BUILDKIT_INLINE_CACHE=1
- name: Build Publish-Teacher-Training
uses: docker/build-push-action@v6
with:
tags: |
${{ env.DOCKER_IMAGE}}:${{ env.BRANCH_TAG }}
${{ env.DOCKER_IMAGE}}:${{ env.DOCKER_IMAGE_TAG }}
push: false
load: true
build-args: |
BUILDKIT_INLINE_CACHE=1
COMMIT_SHA=${{ env.DOCKER_IMAGE_TAG }}
- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ steps.get-secret.outputs.snyk_token }}
with:
image: ${{ env.DOCKER_IMAGE }}:${{ env.DOCKER_IMAGE_TAG }}
args: --file=Dockerfile --exclude-app-vulns
- name: Push ${{ env.DOCKER_IMAGE }} images
if: ${{ success() }}
run: docker image push --all-tags ${{ env.DOCKER_IMAGE }}
- name: 'Notify #twd_findpub_tech on failure'
if: failure()
uses: rtCamp/action-slack-notify@master
env:
SLACK_CHANNEL: twd_findpub_tech
SLACK_COLOR: '#ef5343'
SLACK_ICON_EMOJI: ':github-logo:'
SLACK_USERNAME: Publish Teacher Training
SLACK_TITLE: Build failure on weekly rebuild cache workflow
SLACK_MESSAGE: ':alert: <!channel> Publish Teacher Training Build failure :sadparrot:'
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}