Skip to content

Commit

Permalink
fix(build): set explicit target & clean-up (#128)
Browse files Browse the repository at this point in the history
  • Loading branch information
david-leifker authored Sep 3, 2024
1 parent 15ed280 commit c5f6dba
Showing 1 changed file with 30 additions and 15 deletions.
45 changes: 30 additions & 15 deletions .github/workflows/datahub-actions-docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,8 @@ jobs:
run: |
echo "Enable publish: ${{ env.ENABLE_PUBLISH != '' }}"
echo "publish=${{ env.ENABLE_PUBLISH != '' }}" >> "$GITHUB_OUTPUT"
push_to_registries:
name: Build and Push Docker Image to DockerHub
regular_image:
name: Build & Push Image to DockerHub
runs-on: ubuntu-latest
if: ${{ needs.setup.outputs.publish == 'true' }}
needs: setup
Expand All @@ -70,53 +70,68 @@ jobs:
with:
username: ${{ secrets.ACRYL_DOCKER_USERNAME }}
password: ${{ secrets.ACRYL_DOCKER_PASSWORD }}
- name: Build and Push Image
- name: Build & Push Image
uses: docker/build-push-action@v6
with:
file: ./docker/datahub-actions/Dockerfile
platforms: linux/amd64,linux/arm64
tags: ${{ steps.docker_meta.outputs.tags }}
push: ${{ needs.setup.outputs.publish == 'true' }}
build-args:
target: final
build-args:
"GEM_FURY_TOKEN=${{ secrets.GEMFURY_PULL_TOKEN }}"
- name: Docker meta command separated
id: docker_meta_comma_sep
slim_image:
name: Build & Push Image to DockerHub (slim)
runs-on: ubuntu-latest
if: ${{ needs.setup.outputs.publish == 'true' }}
needs: setup
steps:
- name: Check out the repo (slim)
uses: actions/checkout@v3
- name: Docker meta (slim)
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: |
acryldata/datahub-actions
tag-custom: ${{ needs.setup.outputs.tag }}
tag-custom-only: true
sep-tags: ','
- name: Docker meta
- name: Set up QEMU (slim)
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx (slim)
uses: docker/setup-buildx-action@v2
- name: Login to DockerHub (slim)
uses: docker/login-action@v2
with:
username: ${{ secrets.ACRYL_DOCKER_USERNAME }}
password: ${{ secrets.ACRYL_DOCKER_PASSWORD }}
- name: Docker meta (slim)
id: docker_meta_slim
uses: crazy-max/ghaction-docker-meta@v1
with:
images: |
acryldata/datahub-actions-slim
tag-custom: ${{ needs.setup.outputs.tag }}
tag-custom-only: true
- name: Actions Docker Tag
id: action_tag
run: echo "tag=$(cut -d',' -f1 <<<'${{ steps.docker_meta_comma_sep.outputs.tags }}')" >> "$GITHUB_OUTPUT"
- name: Build and Push Image (slim)
- name: Build & Push Image (slim)
uses: docker/build-push-action@v6
with:
file: ./docker/datahub-actions/Dockerfile
platforms: linux/amd64,linux/arm64
tags: ${{ steps.docker_meta_slim.outputs.tags }}
push: ${{ needs.setup.outputs.publish == 'true' }}
target: final
build-args: |
"APP_ENV=prod-slim"
"DOCKER_BASE_IMAGE=${{ steps.action_tag.outputs.tag }}"
"GEM_FURY_TOKEN=${{ secrets.GEMFURY_PULL_TOKEN }}"
# image_scan:
# permissions:
# contents: read # for actions/checkout to fetch code
# security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
# actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
# name: "[Monitoring] Scan action images for vulnerabilities"
# runs-on: ubuntu-latest
# needs: [setup, push_to_registries]
# needs: [setup, slim_image]
# steps:
# - name: Checkout # adding checkout step just to make trivy upload happy
# uses: actions/checkout@v3
Expand Down Expand Up @@ -148,7 +163,7 @@ jobs:
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: "[Monitoring] Scan slim action images for vulnerabilities"
runs-on: ubuntu-latest
needs: [setup, push_to_registries]
needs: [setup, slim_image]
steps:
- name: Checkout # adding checkout step just to make trivy upload happy
uses: actions/checkout@v3
Expand Down

0 comments on commit c5f6dba

Please sign in to comment.