Docker Build & Publish API and Frontend #408
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Build & Publish API and Frontend | |
| on: | |
| schedule: | |
| - cron: '0 0 * * 0' | |
| push: | |
| branches: [ "main" ] | |
| tags: [ 'v*.*.*' ] | |
| pull_request: | |
| branches: [ "main" ] | |
| env: | |
| REGISTRY: ghcr.io | |
| API_IMAGE_NAME: ${{ github.repository }}/api | |
| FRONTEND_IMAGE_NAME: ${{ github.repository }}/frontend | |
| AGENT_SERVER_IMAGE_NAME: ${{ github.repository }}/agent-server | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| # This is used to complete the identity challenge | |
| # with sigstore/fulcio when running outside of PRs. | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Install cosign | |
| if: github.event_name != 'pull_request' | |
| uses: sigstore/[email protected] | |
| with: | |
| cosign-release: 'v2.2.2' | |
| - name: Setup Docker buildx | |
| uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| ##### | |
| ### API | |
| ##### | |
| - name: Extract Docker API metadata | |
| id: meta-api | |
| uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.API_IMAGE_NAME }} | |
| - name: Build and push API Docker image | |
| id: build-and-push-api | |
| uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a | |
| with: | |
| context: . | |
| file: Dockerfile.api | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta-api.outputs.tags }} | |
| labels: ${{ steps.meta-api.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Sign the published API Docker image | |
| if: ${{ github.event_name != 'pull_request' }} | |
| env: | |
| TAGS: ${{ steps.meta-api.outputs.tags }} | |
| DIGEST: ${{ steps.build-and-push-api.outputs.digest }} | |
| run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} | |
| ##### | |
| ### Frontend | |
| ##### | |
| - name: Extract Docker frontend metadata | |
| id: meta-frontend | |
| uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.FRONTEND_IMAGE_NAME }} | |
| - name: Build and push frontend Docker image | |
| id: build-and-push-frontend | |
| uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a | |
| with: | |
| context: . | |
| file: Dockerfile.frontend | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta-frontend.outputs.tags }} | |
| labels: ${{ steps.meta-frontend.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Sign the published frontend Docker image | |
| if: ${{ github.event_name != 'pull_request' }} | |
| env: | |
| TAGS: ${{ steps.meta-frontend.outputs.tags }} | |
| DIGEST: ${{ steps.build-and-push-frontend.outputs.digest }} | |
| run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} | |
| ##### | |
| ### Agent Server | |
| ##### | |
| - name: Extract Docker agent server metadata | |
| id: meta-agent | |
| uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.AGENT_SERVER_IMAGE_NAME }} | |
| - name: Build and push agent server Docker image | |
| id: build-and-push-agent | |
| uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a | |
| with: | |
| context: . | |
| file: Dockerfile.agent | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta-agent.outputs.tags }} | |
| labels: ${{ steps.meta-agent.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Sign the published agent Docker image | |
| if: ${{ github.event_name != 'pull_request' }} | |
| env: | |
| TAGS: ${{ steps.meta-agent.outputs.tags }} | |
| DIGEST: ${{ steps.build-and-push-agent.outputs.digest }} | |
| run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} |