Upgrade dependencies & bump IFRS #57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build on PR or dispatch | |
on: | |
workflow_dispatch: | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
- reopened | |
- labeled | |
env: | |
DOCKERHUB_NAMESPACE: ghga | |
DOCKERHUB_PLATFORMS: "linux/amd64,linux/arm64" | |
TRIVY_SEVERITY: "CRITICAL,HIGH" | |
IFRS_CONFIG_YAML: ./services/ifrs/dev_config.yaml | |
IRS_CONFIG_YAML: ./services/irs/dev_config.yaml | |
PCS_CONFIG_YAML: ./services/pcs/dev_config.yaml | |
UCS_CONFIG_YAML: ./services/ucs/dev_config.yaml | |
DCS_CONFIG_YAML: ./services/dcs/dev_config.yaml | |
EKSS_CONFIG_YAML: ./services/ekss/dev_config.yaml | |
FIS_CONFIG_YAML: ./services/fis/dev_config.yaml | |
FINS_CONFIG_YAML: ./services/fins/dev_config.yaml | |
jobs: | |
changed-services: | |
if: github.event_name == 'workflow_dispatch' || ( github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'build') ) || ( github.event.action == 'labeled' && github.event.label.name == 'build' ) | |
uses: ./.github/workflows/get_affected_services.yaml | |
push-to-docker: | |
runs-on: ubuntu-latest | |
needs: changed-services | |
if: ${{ needs.changed-services.outputs.services != '' && needs.changed-services.outputs.services != '[]' }} | |
strategy: | |
matrix: | |
service: ${{ fromJson(needs.changed-services.outputs.services) }} | |
flavor: ["", "debian"] | |
fail-fast: false | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 | |
- name: Set up Python 3.12 | |
id: setup-python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.12 | |
- name: Install stringcase and typer | |
id: setup-stringcase | |
run: pip install stringcase typer | |
- name: Extract service name for ${{ matrix.service }} | |
id: extract-service-name | |
shell: bash | |
run: | | |
echo name=$(python3 scripts/service_name.py ${{ matrix.service }}) >> $GITHUB_OUTPUT | |
- name: Extract service version for ${{ matrix.service }} | |
id: extract-service-version | |
shell: bash | |
run: | | |
echo version=$(python3.12 -c "import tomllib; print(tomllib.load(open('services/${{ matrix.service }}/pyproject.toml', 'rb'))['project']['version'])") >> $GITHUB_OUTPUT | |
- name: Ensure that tag complies with semantic versioning. | |
uses: matt-usurp/validate-semver@v2 | |
with: | |
version: ${{ steps.extract-service-version.outputs.version }} | |
- name: Symlink requirement files | |
id: symlink-requirements | |
run: cp -r lock services/${{ matrix.service }}/lock | |
- name: Prepare Dockerfiles | |
id: prepare-dockerfiles | |
run: cp Dockerfile* services/${{ matrix.service }}/ && sed -i "s/\(ENTRYPOINT \)\[\]/\1[\"${{ matrix.service }}\"]/" services/${{ matrix.service }}/Dockerfile* | |
- name: Docker build and push | |
uses: ghga-de/gh-action-ci@v1 | |
with: | |
checkout: "false" | |
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} | |
dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }} | |
tag: "${{ env.DOCKERHUB_NAMESPACE }}/${{ steps.extract-service-name.outputs.name }}:${{ steps.extract-service-version.outputs.version }}-${{ github.sha }}" | |
trivy_severity: "CRITICAL" | |
flavor: "${{ matrix.flavor }}" | |
working_directory: "services/${{ matrix.service }}" |