Skip to content

added a warning message that record security is the responsibility of… #295

added a warning message that record security is the responsibility of…

added a warning message that record security is the responsibility of… #295

Workflow file for this run

name: Docker
on:
push:
branches: [ main, beta ]
# Publish semver tags as releases.
release:
types: [published]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
jobs:
docker:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
strategy:
matrix:
flavor: [main, sandbox]
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: "Populate frontend version information"
run: "cd frontend && ./git.version.sh"
- name: Set up depot.dev multi-arch runner
uses: depot/setup-action@v1
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v4
with:
flavor: |
# only latest if push has a tag and we're building the "main" flavor
latest=${{ github.event_name == 'release' && matrix.flavor == 'main' && github.ref_type == 'tag' }}
tags: |
# if this is a tag'd build, prefix it with the flavor (eg. main-v1.2.3 and sandbox-v1.2.3)
type=ref,event=tag,prefix=${{ matrix.flavor }}-
# if this is a main branch build, just tag it with the flavor (eg. main and sandbox)
type=raw,value=${{ matrix.flavor }},enable=${{ github.ref_name == 'main' }}
# if this is a (non main) branch build, tag it with the flavor and branch name (eg. main-branch and sandbox-branch)
type=ref,event=branch,prefix=${{ matrix.flavor }}-,enable=${{ github.ref_name != 'main' }}
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
uses: depot/build-push-action@v1
with:
project: vhwr5r7tw1
# platforms: linux/amd64,linux/arm64,linux/arm/v7
platforms: linux/amd64,linux/arm64
context: .
file: Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
FASTEN_ENV=${{ matrix.flavor == 'sandbox' && 'sandbox' || 'prod' }}
# sbom: true
# sbom-dir: ./sbom-output
# - name: upload SBOM directory as a build artifact
# uses: actions/upload-artifact@v3.1.0
# with:
# path: ./sbom-output
# name: 'SBOM'
#
# - name: upload spdx dependency
# uses: advanced-security/spdx-dependency-submission-action@v0.0.1
# with:
# filePath: ./sbom-output/