Skip to content

Commit

Permalink
feat: Refactor container image build workflow (#68)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ppawlowski
ppawlowski authored Sep 9, 2024
1 parent e7237ee commit 1e7280d
Showing 1 changed file with 30 additions and 27 deletions.
57 changes: 30 additions & 27 deletions .github/workflows/build_container_image.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,43 +3,43 @@ name: Build container image
on:
workflow_call:
inputs:
image_name:
description: 'Name of the image to build'
required: true
type: string
image_tag_prefix:
description: 'Prefix for the image tag'
required: false
type: string
default: ''
package_dependencies:
description: 'List of dependencies to update'
aws_access_key_id:
description: 'AWS access key ID'
type: string
required: false
default: ''
build_context:
description: 'Path to the build context'
type: string
required: true
build_platforms:
description: 'Platforms to build the image for'
build_platform:
description: 'Platform to build the image for'
type: string
required: false
default: '["linux/amd64","linux/arm64"]'
default: 'linux/amd64'
dockerfile_path:
description: 'Path to the Dockerfile, within $build_context, used for image build'
type: string
required: false
default: 'Dockerfile'
image_name:
description: 'Name of the image to build'
required: true
type: string
image_tag_prefix:
description: 'Prefix for the image tag'
required: false
type: string
default: ''
npm_registry_url:
description: 'NPM registry URL'
type: string
required: false
default: registry.npmjs.org
aws_access_key_id:
description: 'AWS access key ID'
package_dependencies:
description: 'List of dependencies to update'
type: string
required: false
default: ''
scan_image:
description: 'Scan the image for vulnerabilities'
type: boolean
Expand All @@ -51,20 +51,22 @@ on:
temporary_registry_token:
description: 'GitHub token'
required: true
outputs:
image:
description: 'Full image tag'
value: ${{ jobs.build.outputs.image }}

jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
platform: ${{ fromJson(inputs.build_platforms) }}
permissions:
packages: write
contents: write
checks: write
pull-requests: write
security-events: write
outputs:
image: ${{ steps.set_outputs.outputs.image }}
steps:
- name: Checkout
uses: actions/checkout@v4
Expand All @@ -78,7 +80,6 @@ jobs:
- name: Set release name and image tag
run: |
echo "release_name=nightly" >> $GITHUB_ENV
echo "platform_tag=$( echo ${{ matrix.platform }} | tr '/' '-' )" >> $GITHUB_ENV
echo "repository_owner_lower=${GITHUB_REPOSITORY_OWNER,,}" >> $GITHUB_ENV
- name: Set build tag
Expand Down Expand Up @@ -121,19 +122,21 @@ jobs:
context: ${{ inputs.build_context }}
file: "${{ inputs.build_context }}/${{ inputs.dockerfile_path }}"
tags: "ghcr.io/${{ env.repository_owner_lower }}/${{ inputs.image_name }}:${{ inputs.image_tag_prefix }}main-${{ env.platform_tag }}"
platforms: ${{ matrix.platform }}
platforms: ${{ inputs.build_platform}}
load: true
push: true
provenance: false
build-args: |
BUILD_TAG=${{ env.build_tag }}
- name: Pull image
run: |
docker pull "ghcr.io/${{ env.repository_owner_lower }}/${{ inputs.image_name }}:${{ inputs.image_tag_prefix }}main-${{ env.platform_tag }}"
- name: Scan container image for vulnerabilities
if: ${{ fromJson(inputs.scan_image) }}
uses: flowforge/github-actions-workflows/actions/scan_container_image@main
with:
image_ref: "ghcr.io/${{ env.repository_owner_lower }}/${{ inputs.image_name }}:${{ inputs.image_tag_prefix }}main-${{ env.platform_tag }}"
check_name: "${{ inputs.image_name }}:${{ inputs.image_tag_prefix }}main-${{ env.platform_tag }}"

- name: Set workflow outputs
id: set_outputs
run: |
echo "image=ghcr.io/${{ env.repository_owner_lower }}/${{ inputs.image_name }}:${{ inputs.image_tag_prefix }}main" >> $GITHUB_OUTPUT

0 comments on commit 1e7280d

Please sign in to comment.