@@ -3,76 +3,69 @@ name: docker
33on :
44 push :
55 branches :
6- - master
6+ - main
77 pull_request :
88 branches :
9- - master
9+ - main
1010
1111concurrency :
1212 group : ${{ github.workflow }}-${{ github.event_name == 'push' && github.run_number || github.event.pull_request.number }}
1313 cancel-in-progress : true
1414
15+ permissions :
16+ contents : read
17+ id-token : write
18+
1519jobs :
1620 docker :
1721 name : Build Docker image
1822 runs-on : ubuntu-latest
23+ strategy :
24+ matrix :
25+ os :
26+ - ubuntu
27+ # temporarily disable red hat for faster build/deploy cycles
28+ # - redhat
1929 steps :
2030 - name : Checkout code
2131 uses : actions/checkout@v4
2232
23- - name : Setup QEMU
24- uses : docker/setup-qemu-action@v3
25- with :
26- platforms : amd64,arm64
33+ # temporarily disable multi-arch for faster build-deploy cycles
34+ # - name: Setup QEMU
35+ # uses: docker/setup-qemu-action@v3
36+ # with:
37+ # platforms: amd64,arm64
2738
28- - name : Set up Docker Buildx
29- uses : docker/setup-buildx-action@v3
39+ # - name: Set up Docker Buildx
40+ # uses: docker/setup-buildx-action@v3
3041
31- - name : Login to Artifactory
32- if : ${{ github.event_name == 'push' }}
42+ - name : Login to Dockerhub
3343 uses : docker/login-action@v3
3444 with :
35- registry : splitio-docker-dev.jfrog.io
36- username : ${{ secrets.ARTIFACTORY_DOCKER_USER }}
37- password : ${{ secrets.ARTIFACTORY_DOCKER_PASS }}
38-
39- - name : Create build version
40- run : echo "BUILD_VERSION=$(cat package.json | grep version | head -1 | awk '{ print $2 }' | sed 's/[\",]//g' | tr -d '[[:space:]]')" >> $GITHUB_ENV
45+ username : ${{ vars.DOCKERHUB_USERNAME }}
46+ password : ${{ secrets.DOCKERHUB_RO_TOKEN }}
4147
42- - name : Docker build
43- uses : docker/build-push-action@v6
48+ - name : Configure AWS credentials
49+ if : ${{ github.event_name == 'push' }}
50+ uses : aws-actions/configure-aws-credentials@v4
4451 with :
45- context : .
46- push : ${{ github.event_name == 'push' }}
47- platforms : linux/amd64,linux/arm64
48- tags : splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}:${{ env.BUILD_VERSION}},splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}:latest
52+ role-to-assume : ${{ vars.ECR_TESTING_ROLE_ARN }}
53+ aws-region : us-east-1
4954
50- lacework :
51- name : Scan Docker image
52- if : ${{ github.event_name == 'pull_request' }}
53- runs-on : ubuntu-latest
54- steps :
55- - name : Checkout code
56- uses : actions/checkout@v4
55+ - name : Login to Amazon ECR
56+ if : ${{ github.event_name == 'push' }}
57+ uses : aws-actions/amazon-ecr-login@v2
5758
58- - name : Create build version
59- run : echo "BUILD_VERSION =$(cat package.json | grep version | head -1 | awk '{ print $2 }' | sed 's/[\",]//g' | tr -d '[[:space:]]' )" >> $GITHUB_ENV
59+ - name : Get version
60+ run : echo "VERSION =$(cat VERSION )" >> $GITHUB_ENV
6061
61- - name : Docker build
62+ - name : Docker Build and Push
6263 uses : docker/build-push-action@v6
6364 with :
6465 context : .
65- push : false
66- tags : splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}:${{ env.BUILD_VERSION}}
67- build-args : |
68- ARTIFACTORY_USER=${{ secrets.ARTIFACTORY_USER }}
69- ARTIFACTORY_TOKEN=${{ secrets.ARTIFACTORY_TOKEN }}
70-
71- name : Scan container using Lacework
72- uses : lacework/lw-scanner-action@v1.4.5
73- with :
74- LW_ACCOUNT_NAME : ${{ secrets.LW_ACCOUNT_NAME }}
75- LW_ACCESS_TOKEN : ${{ secrets.LW_ACCESS_TOKEN }}
76- IMAGE_NAME : splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}
77- IMAGE_TAG : ${{ env.BUILD_VERSION}}
78- SAVE_RESULTS_IN_LACEWORK : true
66+ file : ${{ matrix.os }}/Dockerfile
67+ push : ${{ github.event_name == 'push' }}
68+ platforms : linux/amd64 # ,linux/arm64 -- temporaily disable multi-arch
69+ tags : |
70+ ${{ vars.ECR_TESTING_URL }}/${{ github.event.repository.name }}-${{ matrix.os }}:${{ env.VERSION }}
71+ ${{ vars.ECR_TESTING_URL }}/${{ github.event.repository.name }}-${{ matrix.os }}:latest
0 commit comments