Skip to content

Upgrade dependencies & bump IFRS #57

Upgrade dependencies & bump IFRS

Upgrade dependencies & bump IFRS #57

name: Build on PR or dispatch
on:
workflow_dispatch:
pull_request:
types:
- opened
- synchronize
- reopened
- labeled
env:
DOCKERHUB_NAMESPACE: ghga
DOCKERHUB_PLATFORMS: "linux/amd64,linux/arm64"
TRIVY_SEVERITY: "CRITICAL,HIGH"
IFRS_CONFIG_YAML: ./services/ifrs/dev_config.yaml
IRS_CONFIG_YAML: ./services/irs/dev_config.yaml
PCS_CONFIG_YAML: ./services/pcs/dev_config.yaml
UCS_CONFIG_YAML: ./services/ucs/dev_config.yaml
DCS_CONFIG_YAML: ./services/dcs/dev_config.yaml
EKSS_CONFIG_YAML: ./services/ekss/dev_config.yaml
FIS_CONFIG_YAML: ./services/fis/dev_config.yaml
FINS_CONFIG_YAML: ./services/fins/dev_config.yaml
jobs:
changed-services:
if: github.event_name == 'workflow_dispatch' || ( github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'build') ) || ( github.event.action == 'labeled' && github.event.label.name == 'build' )
uses: ./.github/workflows/get_affected_services.yaml
push-to-docker:
runs-on: ubuntu-latest
needs: changed-services
if: ${{ needs.changed-services.outputs.services != '' && needs.changed-services.outputs.services != '[]' }}
strategy:
matrix:
service: ${{ fromJson(needs.changed-services.outputs.services) }}
flavor: ["", "debian"]
fail-fast: false
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Set up Python 3.12
id: setup-python
uses: actions/setup-python@v5
with:
python-version: 3.12
- name: Install stringcase and typer
id: setup-stringcase
run: pip install stringcase typer
- name: Extract service name for ${{ matrix.service }}
id: extract-service-name
shell: bash
run: |
echo name=$(python3 scripts/service_name.py ${{ matrix.service }}) >> $GITHUB_OUTPUT
- name: Extract service version for ${{ matrix.service }}
id: extract-service-version
shell: bash
run: |
echo version=$(python3.12 -c "import tomllib; print(tomllib.load(open('services/${{ matrix.service }}/pyproject.toml', 'rb'))['project']['version'])") >> $GITHUB_OUTPUT
- name: Ensure that tag complies with semantic versioning.
uses: matt-usurp/validate-semver@v2
with:
version: ${{ steps.extract-service-version.outputs.version }}
- name: Symlink requirement files
id: symlink-requirements
run: cp -r lock services/${{ matrix.service }}/lock
- name: Prepare Dockerfiles
id: prepare-dockerfiles
run: cp Dockerfile* services/${{ matrix.service }}/ && sed -i "s/\(ENTRYPOINT \)\[\]/\1[\"${{ matrix.service }}\"]/" services/${{ matrix.service }}/Dockerfile*
- name: Docker build and push
uses: ghga-de/gh-action-ci@v1
with:
checkout: "false"
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }}
tag: "${{ env.DOCKERHUB_NAMESPACE }}/${{ steps.extract-service-name.outputs.name }}:${{ steps.extract-service-version.outputs.version }}-${{ github.sha }}"
trivy_severity: "CRITICAL"
flavor: "${{ matrix.flavor }}"
working_directory: "services/${{ matrix.service }}"