diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index e4ecd06..4669e59 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -3,76 +3,69 @@ name: docker on: push: branches: - - master + - main pull_request: branches: - - master + - main concurrency: group: ${{ github.workflow }}-${{ github.event_name == 'push' && github.run_number || github.event.pull_request.number }} cancel-in-progress: true +permissions: + contents: read + id-token: write + jobs: docker: name: Build Docker image runs-on: ubuntu-latest + strategy: + matrix: + os: + - ubuntu + # temporarily disable red hat for faster build/deploy cycles + #- redhat steps: - name: Checkout code uses: actions/checkout@v4 - - name: Setup QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: amd64,arm64 + # temporarily disable multi-arch for faster build-deploy cycles + #- name: Setup QEMU + # uses: docker/setup-qemu-action@v3 + # with: + # platforms: amd64,arm64 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + #- name: Set up Docker Buildx + # uses: docker/setup-buildx-action@v3 - - name: Login to Artifactory - if: ${{ github.event_name == 'push' }} + - name: Login to Dockerhub uses: docker/login-action@v3 with: - registry: splitio-docker-dev.jfrog.io - username: ${{ secrets.ARTIFACTORY_DOCKER_USER }} - password: ${{ secrets.ARTIFACTORY_DOCKER_PASS }} - - - name: Create build version - run: echo "BUILD_VERSION=$(cat package.json | grep version | head -1 | awk '{ print $2 }' | sed 's/[\",]//g' | tr -d '[[:space:]]')" >> $GITHUB_ENV + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_RO_TOKEN }} - - name: Docker build - uses: docker/build-push-action@v6 + - name: Configure AWS credentials + if: ${{ github.event_name == 'push' }} + uses: aws-actions/configure-aws-credentials@v4 with: - context: . - push: ${{ github.event_name == 'push' }} - platforms: linux/amd64,linux/arm64 - tags: splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}:${{ env.BUILD_VERSION}},splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}:latest + role-to-assume: ${{ vars.ECR_TESTING_ROLE_ARN }} + aws-region: us-east-1 - lacework: - name: Scan Docker image - if: ${{ github.event_name == 'pull_request' }} - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 + - name: Login to Amazon ECR + if: ${{ github.event_name == 'push' }} + uses: aws-actions/amazon-ecr-login@v2 - - name: Create build version - run: echo "BUILD_VERSION=$(cat package.json | grep version | head -1 | awk '{ print $2 }' | sed 's/[\",]//g' | tr -d '[[:space:]]')" >> $GITHUB_ENV + - name: Get version + run: echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV - - name: Docker build + - name: Docker Build and Push uses: docker/build-push-action@v6 with: context: . - push: false - tags: splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}:${{ env.BUILD_VERSION}} - build-args: | - ARTIFACTORY_USER=${{ secrets.ARTIFACTORY_USER }} - ARTIFACTORY_TOKEN=${{ secrets.ARTIFACTORY_TOKEN }} - - - name: Scan container using Lacework - uses: lacework/lw-scanner-action@v1.4.5 - with: - LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }} - LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }} - IMAGE_NAME: splitio-docker-dev.jfrog.io/${{ github.event.repository.name }} - IMAGE_TAG: ${{ env.BUILD_VERSION}} - SAVE_RESULTS_IN_LACEWORK: true + file: ${{ matrix.os }}/Dockerfile + push: ${{ github.event_name == 'push' }} + platforms: linux/amd64 # ,linux/arm64 -- temporaily disable multi-arch + tags: | + ${{ vars.ECR_TESTING_URL }}/${{ github.event.repository.name }}-${{ matrix.os }}:${{ env.VERSION }} + ${{ vars.ECR_TESTING_URL }}/${{ github.event.repository.name }}-${{ matrix.os }}:latest diff --git a/.github/workflows/unstable.yml b/.github/workflows/unstable.yml index ee40538..323af7b 100644 --- a/.github/workflows/unstable.yml +++ b/.github/workflows/unstable.yml @@ -3,38 +3,61 @@ name: unstable on: push: branches-ignore: - - master + - main + +permissions: + contents: read + id-token: write jobs: push-docker-image: name: Build and Push Docker Image runs-on: ubuntu-latest + strategy: + matrix: + os: + - ubuntu + # temporarily disable red hat for faster build/deploy cycles + #- redhat steps: - - name: Login to DockerHub - uses: docker/login-action@v3 - with: - registry: splitio-docker-dev.jfrog.io - username: ${{ secrets.ARTIFACTORY_DOCKER_USER }} - password: ${{ secrets.ARTIFACTORY_DOCKER_PASS }} - - name: Checkout code uses: actions/checkout@v4 - - name: Setup QEMU - uses: docker/setup-qemu-action@v3 + # temporarily disable multi-arch for faster build-deploy cycles + #- name: Setup QEMU + # uses: docker/setup-qemu-action@v3 + # with: + # platforms: amd64,arm64 + + #- name: Set up Docker Buildx + # uses: docker/setup-buildx-action@v3 + + - name: Login to Dockerhub + uses: docker/login-action@v3 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_RO_TOKEN }} + + - name: Configure AWS credentials + if: ${{ github.event_name == 'push' }} + uses: aws-actions/configure-aws-credentials@v4 with: - platforms: amd64,arm64 + role-to-assume: ${{ vars.ECR_TESTING_ROLE_ARN }} + aws-region: us-east-1 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + - name: Login to Amazon ECR + if: ${{ github.event_name == 'push' }} + uses: aws-actions/amazon-ecr-login@v2 - name: Get short hash run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV - - name: Docker Build + - name: Docker Build and Push uses: docker/build-push-action@v6 with: context: . - push: true - platforms: linux/amd64,linux/arm64 - tags: splitio-docker-dev.jfrog.io/${{ github.event.repository.name }}:${{ env.SHORT_SHA}} + file: ${{ matrix.os }}/Dockerfile + push: ${{ github.event_name == 'push' }} + platforms: linux/amd64 #,linux/arm64 -- temporarily disable multi-arcxh + tags: | + ${{ vars.ECR_TESTING_URL }}/${{ github.event.repository.name }}-${{ matrix.os }}:${{ env.SHORT_SHA }}