Skip to content

Commit

Permalink
Revert last Docker CD refactoring (#59)
Browse files Browse the repository at this point in the history
* Revert "Fix tag extraction in dockerhub CD (#56)"

This reverts commit 1d68363.

* Revert "Refactor Docker Hub CI to use composite action and enable debian / alpine flavors (#54)"

This reverts commit 92e9ab3.

* Switch Dockerfile to Alpine
  • Loading branch information
lkuchenb authored Oct 9, 2024
1 parent 69ae7c5 commit bbed029
Show file tree
Hide file tree
Showing 4 changed files with 77 additions and 75 deletions.
49 changes: 36 additions & 13 deletions .github/workflows/ci_workflow_dispatch.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ jobs:
strategy:
matrix:
service: ${{ fromJson(needs.changed-services.outputs.services) }}
flavor: ["", "debian"]
fail-fast: false

steps:
Expand Down Expand Up @@ -74,17 +73,41 @@ jobs:
id: symlink-requirements
run: cp -r lock services/${{ matrix.service }}/lock

- name: Prepare Dockerfiles
id: prepare-dockerfiles
run: cp Dockerfile* services/${{ matrix.service }}/ && sed -i "s/\(ENTRYPOINT \)\[\]/\1[\"${{ matrix.service }}\"]/" services/${{ matrix.service }}/Dockerfile*
- name: Prepare Dockerfile
id: prepare-dockerfile
run: cp Dockerfile services/${{ matrix.service }}/ && sed -i "s/\(ENTRYPOINT \)\[\]/\1[\"${{ matrix.service }}\"]/" services/${{ matrix.service }}/Dockerfile

- name: Docker build and push
uses: ghga-de/gh-action-ci@v1
- uses: docker/setup-qemu-action@v3
name: Set up QEMU

- uses: docker/setup-buildx-action@v3
name: Set up Docker Buildx

- uses: docker/login-action@v3
name: Login to DockerHub
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- uses: docker/build-push-action@v5
name: Build and push
id: docker_build
with:
checkout: "false"
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }}
tag: "${{ env.DOCKERHUB_NAMESPACE }}/${{ steps.extract-service-name.outputs.name }}:${{ steps.extract-service-version.outputs.version }}-${{ github.sha }}"
trivy_severity: "CRITICAL"
flavor: "${{ matrix.flavor }}"
working_directory: "services/${{ matrix.service }}"
push: true
platforms: "${{ env.DOCKERHUB_PLATFORMS }}"
tags: "${{ env.DOCKERHUB_NAMESPACE }}/${{ steps.extract-service-name.outputs.name }}:${{ steps.extract-service-version.outputs.version }}-${{ github.sha }}"
context: "services/${{ matrix.service }}"

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/${{ env.DOCKERHUB_NAMESPACE }}/${{ steps.extract-service-name.outputs.name }}:${{ steps.extract-service-version.outputs.version }}-${{ github.sha }}"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: ${{ env.TRIVY_SEVERITY }}

- name: Image digest
shell: bash
run: echo ${{ steps.docker_build.outputs.digest }}
54 changes: 41 additions & 13 deletions .github/workflows/docker_on_release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,6 @@ jobs:
strategy:
matrix:
service: ${{ fromJson(needs.changed-services.outputs.services) }}
flavor: ["", "debian"]
fail-fast: false

steps:
Expand Down Expand Up @@ -174,21 +173,50 @@ jobs:
exit 1
fi
- name: Ensure that tag complies with semantic versioning.
uses: matt-usurp/validate-semver@v2
with:
version: ${{ steps.extract-service-version.outputs.version }}

- name: Symlink requirement files
id: symlink-requirements
run: cp -r lock services/${{ matrix.service }}/lock

- name: Prepare Dockerfiles
id: prepare-dockerfiles
run: cp Dockerfile* services/${{ matrix.service }}/ && sed -i "s/\(ENTRYPOINT \)\[\]/\1[\"${{ matrix.service }}\"]/" services/${{ matrix.service }}/Dockerfile*
- name: Prepare Dockerfile
id: prepare-dockerfile
run: cp Dockerfile services/${{ matrix.service }}/ && sed -i "s/\(ENTRYPOINT \)\[\]/\1[\"${{ matrix.service }}\"]/" services/${{ matrix.service }}/Dockerfile

- uses: docker/setup-qemu-action@v3
name: Set up QEMU

- name: Docker build and push
uses: ghga-de/gh-action-ci@v1
- uses: docker/setup-buildx-action@v3
name: Set up Docker Buildx

- uses: docker/login-action@v3
name: Login to DockerHub
with:
checkout: "false"
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }}
tag: "${{ steps.extract-service-version.outputs.version }}"
trivy_severity: "CRITICAL"
flavor: "${{ matrix.flavor }}"
working_directory: "services/${{ matrix.service }}"
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- uses: docker/build-push-action@v5
name: Build and push
id: docker_build
with:
push: true
platforms: "${{ env.DOCKERHUB_PLATFORMS }}"
tags: "${{ steps.docker-tag.outputs.tag }}"
context: "services/${{ matrix.service }}"

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/${{ steps.docker-tag.outputs.tag }}"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: ${{ env.TRIVY_SEVERITY }}

- name: Image digest
shell: bash
run: echo ${{ steps.docker_build.outputs.digest }}
1 change: 0 additions & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -46,5 +46,4 @@ WORKDIR /home/appuser
USER appuser
ENV PYTHONUNBUFFERED=1

# Please adapt to package name:
ENTRYPOINT []
48 changes: 0 additions & 48 deletions Dockerfile.debian

This file was deleted.

0 comments on commit bbed029

Please sign in to comment.