Skip to content

Commit

Permalink
Merge branch 'main' into 1476-query-invalidation
Browse files Browse the repository at this point in the history
  • Loading branch information
peterMuriuki authored Oct 11, 2024
2 parents 25aa929 + b152cac commit e7dddc7
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 57 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/cd-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,12 @@ jobs:
run: yarn lerna:prepublish

- name: Run all tests
run: yarn test --verbose --collectCoverage=true --forceExit
run: yarn test --verbose --collectCoverage=true --forceExit --detectOpenHandles
env:
NODE_OPTIONS: --max_old_space_size=5120

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
uses: codecov/codecov-action@v2
with:
token: ${{ secrets.CODECOV_TOKEN }}
directory: ./coverage
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/docker-docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,16 @@ on:
paths:
- "docs/fhir-web-docker-deployment.md"
branches:
- main
- master

jobs:
update-docker-hub-documentation:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v2

- name: Update Docker Hub ReadMe
uses: peter-evans/dockerhub-description@v4
uses: peter-evans/dockerhub-description@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
Expand Down
93 changes: 41 additions & 52 deletions .github/workflows/docker-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ on:
# Publish `master` as Docker `master` tag.
# See also https://github.com/crazy-max/ghaction-docker-meta#basic
branches:
- main
- master

# Publish `v1.2.3` tags as releases.
tags:
Expand All @@ -31,7 +31,7 @@ jobs:
if: github.event_name == 'pull_request'

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v2
with:
submodules: recursive

Expand All @@ -43,74 +43,63 @@ jobs:
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v2
with:
submodules: recursive

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v1

- name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v1

- name: Extract metadata for Docker
id: meta
uses: docker/metadata-action@v5
- name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: |
opensrp/web
tags: |
type=ref,event=branch,key=main,tag=latest
type=ref,event=branch,pattern=release/*,group=1
type=ref,event=tag
type=sha
# Add a custom tag if provided through workflow_dispatch input
type=raw,value=${{ github.event.inputs.customTag }}
images: opensrp/web
tag-custom: ${{ github.event.inputs.customTag }}

- name: Login to DockerHub
uses: docker/login-action@v3
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}

- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Push to Docker Image Repositories
uses: docker/build-push-action@v6
uses: docker/build-push-action@v2
id: docker_build
with:
push: true
platforms: linux/amd64,linux/arm64
# platforms: linux/amd64,linux/arm64
tags: |
${{ steps.meta.outputs.tags }}
cache-from: type=gha,scope=${{ github.workflow }}
cache-to: type=gha,mode=max,scope=${{ github.workflow }}
${{ steps.docker_meta.outputs.tags }}
ghcr.io/${{ steps.docker_meta.outputs.tags }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new

# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}

- name: Scan Docker Image with Docker Scout and Save Report
id: scout
run: |
# Save the Docker Scout report as JSON and Markdown
docker scout cves ${{ steps.meta.outputs.tags }} --output json > scout-report.json
docker scout cves ${{ steps.meta.outputs.tags }} --output markdown > scout-report.md
- name: Check Docker Scout Scan Result
id: check-scout-result
run: |
# Check if any vulnerabilities are reported in the JSON output
if grep -q '"severity":' scout-report.json; then
echo "Vulnerabilities found in Docker Scout report."
echo "found_vulnerabilities=true" >> $GITHUB_ENV
else
echo "No vulnerabilities found."
echo "found_vulnerabilities=false" >> $GITHUB_ENV
- name: Create GitHub Issue for Vulnerabilities
if: env.found_vulnerabilities == 'true'
uses: peter-evans/create-issue-from-file@v4
with:
title: "Docker Scout Vulnerability Report for Image ${{ steps.meta.outputs.tags }}"
content-filepath: scout-report.md
labels: |
"Security Support"
"Bug Report"

0 comments on commit e7dddc7

Please sign in to comment.