From b152cac558bdebb1e77dd01cacc29fbda9f2bcdf Mon Sep 17 00:00:00 2001 From: Peter Muriuki Date: Fri, 11 Oct 2024 15:41:33 +0300 Subject: [PATCH] Revert ci (#1486) * Revert "Fix workflow (#1482)" This reverts commit 8fc3179cdf9d9e3963dc7f7cd9d738868b6bd45f. * Revert "Fix yaml lint issue (#1481)" This reverts commit db461261841aba08eb4820324cbf5c87b3506b00. * Revert "Update gh actions (#1475)" This reverts commit 494872438f5bbe520b4504d03a1475eb5ecc83e5. --- .github/workflows/cd-test.yml | 4 +- .github/workflows/docker-docs.yml | 6 +- .github/workflows/docker-publish.yml | 93 ++++++++++++---------------- 3 files changed, 46 insertions(+), 57 deletions(-) diff --git a/.github/workflows/cd-test.yml b/.github/workflows/cd-test.yml index 8fa7dad40..5d609804a 100644 --- a/.github/workflows/cd-test.yml +++ b/.github/workflows/cd-test.yml @@ -38,12 +38,12 @@ jobs: run: yarn lerna:prepublish - name: Run all tests - run: yarn test --verbose --collectCoverage=true --forceExit + run: yarn test --verbose --collectCoverage=true --forceExit --detectOpenHandles env: NODE_OPTIONS: --max_old_space_size=5120 - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v2 with: token: ${{ secrets.CODECOV_TOKEN }} directory: ./coverage diff --git a/.github/workflows/docker-docs.yml b/.github/workflows/docker-docs.yml index bd110563c..f3572b180 100644 --- a/.github/workflows/docker-docs.yml +++ b/.github/workflows/docker-docs.yml @@ -5,16 +5,16 @@ on: paths: - "docs/fhir-web-docker-deployment.md" branches: - - main + - master jobs: update-docker-hub-documentation: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v2 - name: Update Docker Hub ReadMe - uses: peter-evans/dockerhub-description@v4 + uses: peter-evans/dockerhub-description@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 46dca1a08..5c02e8b17 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -7,7 +7,7 @@ on: # Publish `master` as Docker `master` tag. # See also https://github.com/crazy-max/ghaction-docker-meta#basic branches: - - main + - master # Publish `v1.2.3` tags as releases. tags: @@ -31,7 +31,7 @@ jobs: if: github.event_name == 'pull_request' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v2 with: submodules: recursive @@ -43,74 +43,63 @@ jobs: if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v2 with: submodules: recursive - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 +# - name: Set up QEMU +# uses: docker/setup-qemu-action@v1 + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v1 - - name: Extract metadata for Docker - id: meta - uses: docker/metadata-action@v5 + - name: Docker meta + id: docker_meta + uses: crazy-max/ghaction-docker-meta@v1 with: - images: | - opensrp/web - tags: | - type=ref,event=branch,key=main,tag=latest - type=ref,event=branch,pattern=release/*,group=1 - type=ref,event=tag - type=sha - # Add a custom tag if provided through workflow_dispatch input - type=raw,value=${{ github.event.inputs.customTag }} + images: opensrp/web + tag-custom: ${{ github.event.inputs.customTag }} - name: Login to DockerHub - uses: docker/login-action@v3 + uses: docker/login-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Push to Docker Image Repositories - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v2 id: docker_build with: push: true - platforms: linux/amd64,linux/arm64 +# platforms: linux/amd64,linux/arm64 tags: | - ${{ steps.meta.outputs.tags }} - cache-from: type=gha,scope=${{ github.workflow }} - cache-to: type=gha,mode=max,scope=${{ github.workflow }} + ${{ steps.docker_meta.outputs.tags }} + ghcr.io/${{ steps.docker_meta.outputs.tags }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache - name: Image digest run: echo ${{ steps.docker_build.outputs.digest }} - - - name: Scan Docker Image with Docker Scout and Save Report - id: scout - run: | - # Save the Docker Scout report as JSON and Markdown - docker scout cves ${{ steps.meta.outputs.tags }} --output json > scout-report.json - docker scout cves ${{ steps.meta.outputs.tags }} --output markdown > scout-report.md - - - name: Check Docker Scout Scan Result - id: check-scout-result - run: | - # Check if any vulnerabilities are reported in the JSON output - if grep -q '"severity":' scout-report.json; then - echo "Vulnerabilities found in Docker Scout report." - echo "found_vulnerabilities=true" >> $GITHUB_ENV - else - echo "No vulnerabilities found." - echo "found_vulnerabilities=false" >> $GITHUB_ENV - - - name: Create GitHub Issue for Vulnerabilities - if: env.found_vulnerabilities == 'true' - uses: peter-evans/create-issue-from-file@v4 - with: - title: "Docker Scout Vulnerability Report for Image ${{ steps.meta.outputs.tags }}" - content-filepath: scout-report.md - labels: | - "Security Support" - "Bug Report"