Update 02-passwort-zuruecksetzen.mdx #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Docker image | |
| on: | |
| push: | |
| branches: | |
| - 'docusaurus-template' | |
| - 'staging' | |
| - 'develop' | |
| tags: | |
| - "dockerImage.v.*" | |
| - "v*" | |
| jobs: | |
| push_to_registry: | |
| strategy: | |
| matrix: | |
| registry: [ "ghcr.io" ] | |
| name: Push Docker image to GitHub Packages | |
| runs-on: ubuntu-latest | |
| env: | |
| IMAGE_WEBHOOK_SECRET: ${{ secrets.MS_TEAMS_IMAGE_WEBHOOK_URI }} | |
| FAIL_WEBHOOK_SECRET: ${{ secrets.MS_TEAMS_FAIL_WEBHOOK_URI }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Run install | |
| uses: borales/actions-yarn@v4 | |
| with: | |
| cmd: install # will run `yarn install` command | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} # if needed | |
| - name: Get current time | |
| id: time | |
| uses: nanzm/[email protected] | |
| with: | |
| timeZone: 2 | |
| format: "YYYYMMDD[_]HHmmss" | |
| - name: Prepare environment variables | |
| run: | | |
| raw=$(git branch -r --contains ${{ github.ref }}) | |
| branch=${raw##*/} | |
| echo BRANCH_NAME=$(echo -n "${branch}") >> $GITHUB_ENV | |
| echo "DOCKER_REGISTRY=$(echo "${{ matrix.registry }}/${{ github.repository }}" | awk '{print tolower($0)}')" >> $GITHUB_ENV | |
| echo "DOCKER_IMAGE=$(echo "${{ github.repository }}" | awk -F / '{print tolower($2)}')" >> $GITHUB_ENV | |
| echo "REPO_NAME_WITHOUT_PREFIX"=$(echo "${{ github.repository }}" | sed "s/.*\///" | awk -F / '{print tolower($0)}') >> $GITHUB_ENV | |
| echo CLEAN_REF=$(echo "${GITHUB_REF_NAME#refs/heads/}") >> $GITHUB_ENV | |
| echo TYPE=$(echo -n "${GITHUB_REF_TYPE}") >> $GITHUB_ENV | |
| echo TIME_STAMP=$(echo -n "${{ steps.time.outputs.time }}") >> $GITHUB_ENV | |
| shell: bash | |
| - name: Set branch_timestamp for image from branch | |
| if: ${{ env.TYPE == 'branch' }} | |
| run: echo DOCKER_IMAGE_TAG=$(echo "${{ env.CLEAN_REF }}_${{ env.TIME_STAMP }}") >> $GITHUB_ENV | |
| shell: bash | |
| - name: Set tag for image from tag | |
| if: ${{ env.TYPE == 'tag' }} | |
| run: echo DOCKER_IMAGE_TAG=$(echo "${{ env.CLEAN_REF }}") >> $GITHUB_ENV | |
| shell: bash | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: '${{ env.DOCKER_REGISTRY }}/${{ env.REPO_NAME_WITHOUT_PREFIX }}' | |
| flavor: | | |
| latest=false | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=raw,value=${{ env.DOCKER_IMAGE_TAG}} | |
| type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'release') }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ${{ env.DOCKER_REGISTRY }} | |
| username: ${{ secrets.GH_PACKAGE_RELEASE_USER }} | |
| password: ${{ secrets.GH_PACKAGE_RELEASE_TOKEN }} | |
| - name: Push to GitHub Packages | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| - name: Hint about the Docker Image Tag if successfull | |
| if: ${{ success() }} | |
| run: | | |
| echo "### Publish Docker image :white_check_mark:" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "- Image name: ${{ env.DOCKER_IMAGE }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- Version: ${{ env.DOCKER_IMAGE_TAG }}" >> $GITHUB_STEP_SUMMARY | |
| - name: Hint about the Docker Image Tag if not successfull | |
| if: ${{ failure() || cancelled() }} | |
| run: | | |
| echo "### Publish Docker image :x:" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "- It seems that something has gone wrong" >> $GITHUB_STEP_SUMMARY | |
| - name: Run Trivy vulnerability image scanner | |
| if: ${{ (matrix.registry == 'ghcr.io') }} | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: '${{ env.DOCKER_REGISTRY }}/${{ env.REPO_NAME_WITHOUT_PREFIX }}:${{ env.DOCKER_IMAGE_TAG }}' | |
| format: 'table' | |
| exit-code: '0' | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL' | |
| - name: Microsoft Teams Fail Card | |
| if: ${{ (env.FAIL_WEBHOOK_SECRET != null) && (env.FAIL_WEBHOOK_SECRET != '') && (matrix.registry == 'ghcr.io') && (failure() || cancelled()) }} | |
| uses: toko-bifrost/[email protected] | |
| with: | |
| github-token: ${{ github.token }} | |
| webhook-uri: ${{ secrets.MS_TEAMS_FAIL_WEBHOOK_URI }} | |
| show-on-start: false | |
| show-on-exit: true | |
| show-on-failure: true | |
| card-layout-exit: complete | |
| environment: ${{ env.BRANCH_NAME }} | |
| custom-actions: | | |
| - text: View CI | |
| url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| - name: Microsoft Teams Image Card | |
| if: ${{ (env.IMAGE_WEBHOOK_SECRET != null) && (env.IMAGE_WEBHOOK_SECRET != '') && (matrix.registry == 'ghcr.io') && success() }} | |
| uses: toko-bifrost/[email protected] | |
| with: | |
| github-token: ${{ github.token }} | |
| webhook-uri: ${{ secrets.MS_TEAMS_IMAGE_WEBHOOK_URI }} | |
| show-on-start: false | |
| show-on-exit: true | |
| show-on-failure: false | |
| card-layout-exit: complete | |
| environment: ${{ env.BRANCH_NAME }} | |
| custom-facts: | | |
| - name: Registry | |
| value: ${{ env.DOCKER_REGISTRY }}/${{ env.REPO_NAME_WITHOUT_PREFIX }} | |
| - name: Tag | |
| value: ${{ env.DOCKER_IMAGE_TAG }} | |
| custom-actions: | | |
| - text: View CI | |
| url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" |