-
Notifications
You must be signed in to change notification settings - Fork 5
184 lines (181 loc) · 7.35 KB
/
dockerImage.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
name: Publish Docker image
on:
push:
branches:
- 'release'
- 'staging'
- 'develop'
tags:
- "dockerImage.v.*"
- "v*"
jobs:
test:
name: Build and run unit tests
runs-on: ubuntu-latest
env:
FAIL_WEBHOOK_SECRET: ${{ secrets.MS_TEAMS_FAIL_WEBHOOK_URI }}
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Prepare environment variables
run: |
raw=$(git branch -r --contains ${{ github.ref }})
branch=${raw##*/}
echo BRANCH_NAME=$(echo -n "${branch}") >> $GITHUB_ENV
- name: Setup JVM
uses: actions/setup-java@v1
with:
java-version: 17.0.7
java-package: jdk
architecture: x64
- name: Caching maven dependencies
uses: actions/cache@v1
env:
cache-name: cache-maven-dependencies
with:
path: ~/.m2/repository
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
- name: Maven Package
run: mvn -B -Pprod clean package -DskipTests
- name: Maven Verify
run: mvn -B -Pprod clean verify
- uses: actions/upload-artifact@v4
with:
name: targetfiles
path: target/*.jar
- name: Microsoft Teams Fail Card
if: ${{ (env.FAIL_WEBHOOK_SECRET != null) && (env.FAIL_WEBHOOK_SECRET != '') && (failure() || cancelled()) }}
uses: toko-bifrost/[email protected]
with:
github-token: ${{ github.token }}
webhook-uri: ${{ secrets.MS_TEAMS_FAIL_WEBHOOK_URI }}
show-on-start: false
show-on-exit: true
show-on-failure: true
card-layout-exit: complete
environment: ${{ env.BRANCH_NAME }}
custom-actions: |
- text: View CI
url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
push_to_registry:
strategy:
matrix:
registry: ["ghcr.io"]
needs: [test]
name: Push Docker image to GitHub Packages
runs-on: ubuntu-latest
env:
IMAGE_WEBHOOK_SECRET: ${{ secrets.MS_TEAMS_IMAGE_WEBHOOK_URI }}
FAIL_WEBHOOK_SECRET: ${{ secrets.MS_TEAMS_FAIL_WEBHOOK_URI }}
steps:
- uses: actions/checkout@v2
- name: Download buildfiles artifact
uses: actions/download-artifact@v4
with:
name: targetfiles
- name: Get current time
id: time
uses: nanzm/[email protected]
with:
timeZone: 2
format: "YYYYMMDD[_]HHmmss"
- name: Prepare environment variables
run: |
raw=$(git branch -r --contains ${{ github.ref }})
branch=${raw##*/}
echo BRANCH_NAME=$(echo -n "${branch}") >> $GITHUB_ENV
echo "DOCKER_REGISTRY=$(echo "${{ matrix.registry }}/${{ github.repository }}" | awk '{print tolower($0)}')" >> $GITHUB_ENV
echo "DOCKER_IMAGE=$(echo "${{ github.repository }}" | awk -F / '{print tolower($2)}')" >> $GITHUB_ENV
echo "REPO_NAME_WITHOUT_PREFIX"=$(echo "${{ github.repository }}" | sed "s/.*\///" | awk -F / '{print tolower($0)}') >> $GITHUB_ENV
echo CLEAN_REF=$(echo "${GITHUB_REF_NAME#refs/heads/}") >> $GITHUB_ENV
echo TYPE=$(echo -n "${GITHUB_REF_TYPE}") >> $GITHUB_ENV
echo TIME_STAMP=$(echo -n "${{ steps.time.outputs.time }}") >> $GITHUB_ENV
shell: bash
- name: Set branch_timestamp for image from branch
if: ${{ env.TYPE == 'branch' }}
run: echo DOCKER_IMAGE_TAG=$(echo "${{ env.CLEAN_REF }}_${{ env.TIME_STAMP }}") >> $GITHUB_ENV
shell: bash
- name: Set tag for image from tag
if: ${{ env.TYPE == 'tag' }}
run: echo DOCKER_IMAGE_TAG=$(echo "${{ env.CLEAN_REF }}") >> $GITHUB_ENV
shell: bash
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: '${{ env.DOCKER_REGISTRY }}/${{ env.REPO_NAME_WITHOUT_PREFIX }}'
flavor: |
latest=false
tags: |
type=ref,event=branch
type=ref,event=tag
type=raw,value=${{ env.DOCKER_IMAGE_TAG}}
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'release') }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ${{ env.DOCKER_REGISTRY }}
username: ${{ secrets.GH_PACKAGE_RELEASE_USER }}
password: ${{ secrets.GH_PACKAGE_RELEASE_TOKEN }}
- name: Push to GitHub Packages
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Hint about the Docker Image Tag if successfull
if: ${{ success() }}
run: |
echo "### Publish Docker image :white_check_mark:" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- Image name: ${{ env.DOCKER_IMAGE }}" >> $GITHUB_STEP_SUMMARY
echo "- Version: ${{ env.DOCKER_IMAGE_TAG }}" >> $GITHUB_STEP_SUMMARY
- name: Hint about the Docker Image Tag if not successfull
if: ${{ failure() || cancelled() }}
run: |
echo "### Publish Docker image :x:" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- It seems that something has gone wrong" >> $GITHUB_STEP_SUMMARY
- name: Run Trivy vulnerability image scanner
if: ${{ (matrix.registry == 'ghcr.io') }}
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.DOCKER_REGISTRY }}/${{ env.REPO_NAME_WITHOUT_PREFIX }}:${{ env.DOCKER_IMAGE_TAG }}'
format: 'table'
exit-code: '1'
vuln-type: 'os,library'
severity: 'CRITICAL'
- name: Microsoft Teams Fail Card
if: ${{ (env.FAIL_WEBHOOK_SECRET != null) && (env.FAIL_WEBHOOK_SECRET != '') && (matrix.registry == 'ghcr.io') && (failure() || cancelled()) }}
uses: toko-bifrost/[email protected]
with:
github-token: ${{ github.token }}
webhook-uri: ${{ secrets.MS_TEAMS_FAIL_WEBHOOK_URI }}
show-on-start: false
show-on-exit: true
show-on-failure: true
card-layout-exit: complete
environment: ${{ env.BRANCH_NAME }}
custom-actions: |
- text: View CI
url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
- name: Microsoft Teams Image Card
if: ${{ (env.IMAGE_WEBHOOK_SECRET != null) && (env.IMAGE_WEBHOOK_SECRET != '') && (matrix.registry == 'ghcr.io') && success() }}
uses: toko-bifrost/[email protected]
with:
github-token: ${{ github.token }}
webhook-uri: ${{ secrets.MS_TEAMS_IMAGE_WEBHOOK_URI }}
show-on-start: false
show-on-exit: true
show-on-failure: false
card-layout-exit: complete
environment: ${{ env.BRANCH_NAME }}
custom-facts: |
- name: Registry
value: ${{ env.DOCKER_REGISTRY }}/${{ env.REPO_NAME_WITHOUT_PREFIX }}
- name: Tag
value: ${{ env.DOCKER_IMAGE_TAG }}
custom-actions: |
- text: View CI
url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"