Skip to content

508 compliance testing in frontend CI workflow (#16352) #4832

508 compliance testing in frontend CI workflow (#16352)

508 compliance testing in frontend CI workflow (#16352) #4832

name: Publish Images to GitHub
on:
workflow_dispatch:
push:
branches:
- main
schedule:
- cron: "0 0 1 * *"
env:
REGISTRY: ghcr.io
SFTP_IMAGE_NAME: cdcgov/prime-reportstream_sftp
jobs:
pre_job:
name: Pre Job
runs-on: ubuntu-latest
outputs:
has_tfcli_change: ${{ steps.skip_check.outputs.tfcli && github.event_name != 'schedule'}}
has_dnsmasq_change: ${{ steps.skip_check.outputs.dnsmasq || github.event_name == 'schedule'}}
run_publish_sftp: ${{ steps.check_sftp_image.outputs.run_job }}
run_publish_sftp_alpine: ${{ steps.check_sftp_alpine_image.outputs.run_job }}
steps:
- name: "Check out changes"
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
id: skip_check
with:
list-files: csv
filters: |
dnsmasq:
- 'operations/dnsmasq/**'
- name: Log In to the Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Check sftp image
id: check_sftp_image
run: |
docker pull atmoz/sftp
docker pull ${{ env.REGISTRY }}/${{ env.SFTP_IMAGE_NAME }}
LATEST_IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' atmoz/sftp)
REPO_IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ env.REGISTRY }}/${{ env.SFTP_IMAGE_NAME }} 2> /dev/null || true)
if [ "$LATEST_IMAGE_DIGEST" != "$REPO_IMAGE_DIGEST" ]; then
echo "image outdated"
echo "run_job=true" >> $GITHUB_OUTPUT
else
echo "image current"
echo "run_job=false" >> $GITHUB_OUTPUT
fi
- name: Check sftp alpine image
id: check_sftp_alpine_image
run: |
docker pull atmoz/sftp:alpine
docker pull ${{ env.REGISTRY }}/${{ env.SFTP_IMAGE_NAME }}:alpine
LATEST_IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' atmoz/sftp:alpine)
REPO_IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ env.REGISTRY }}/${{ env.SFTP_IMAGE_NAME }}:alpine 2> /dev/null || true)
if [ "$LATEST_IMAGE_DIGEST" != "$REPO_IMAGE_DIGEST" ]; then
echo "image outdated"
echo "run_job=true" >> $GITHUB_OUTPUT
else
echo "image current"
echo "run_job=false" >> $GITHUB_OUTPUT
fi
publish_dnsmasq:
name: Publish dnsmasq
needs: pre_job
if: ${{ needs.pre_job.outputs.has_dnsmasq_change == 'true' }}
runs-on: ubuntu-latest
defaults:
run:
working-directory: operations/dnsmasq
env:
IMAGE_NAME: cdcgov/prime-reportstream_dnsmasq
permissions:
contents: read
packages: write
strategy:
matrix:
AZ_ENV: [ demo1, demo2, demo3, test, staging, prod ]
steps:
- name: Check Out Changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Log In to the Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build Docker Terraform CLI
run: |
docker build --build-arg AZ_ENV=${{ matrix.AZ_ENV }} -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.AZ_ENV }} .
- name: Push to the Container Registry
run: |
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} --all-tags
publish_sftp:
name: Publish SFTP
needs: pre_job
if: ${{ needs.pre_job.outputs.run_publish_sftp == 'true' }}
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Check Out Changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Log In to the Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Tag Image
run: |
docker pull atmoz/sftp
docker tag atmoz/sftp ${{ env.REGISTRY }}/${{ env.SFTP_IMAGE_NAME }}
- name: Push to the Container Registry
run: |
docker push ${{ env.REGISTRY }}/${{ env.SFTP_IMAGE_NAME }} --all-tags
publish_sftp_alpine:
name: Publish SFTP Alpine
needs: pre_job
if: ${{ needs.pre_job.outputs.run_publish_sftp_alpine == 'true' }}
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Check Out Changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Log In to the Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Tag Image
run: |
docker pull atmoz/sftp:alpine
docker tag atmoz/sftp:alpine ${{ env.REGISTRY }}/${{ env.SFTP_IMAGE_NAME }}:alpine
- name: Push to the Container Registry
run: |
docker push ${{ env.REGISTRY }}/${{ env.SFTP_IMAGE_NAME }}:alpine