Skip to content

Merge pull request #293 from catenax-ng/release/v2.3.0-security-fixes #184

Merge pull request #293 from catenax-ng/release/v2.3.0-security-fixes

Merge pull request #293 from catenax-ng/release/v2.3.0-security-fixes #184

#################################################################################
# Tractus-X - Digital Product Passport Application
#
# Copyright (c) 2022, 2024 BASF SE, BMW AG, Henkel AG & Co. KGaA
# Copyright (c) 2022, 2024 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
# either express or implied. See the
# License for the specific language govern in permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
#################################################################################
name: "Publish Digital Product Pass Frontend Docker Images"
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on:
push:
branches: [ "main", "develop" ]
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
workflow_dispatch:
inputs:
branch:
description: "Branch to use"
required: true
default: 'main'
type: string
env:
IMAGE_NAME: 'digital-product-pass-frontend'
REGISTRY: 'ghcr.io'
IMAGE_NAMESPACE: 'tractusx'
COMMIT_SHA: ${{ github.sha }}
REPO_URL: ${{ github.server_url }}/${{ github.repository }}
jobs:
build-on-docker:
if: github.repository == 'eclipse-tractusx/digital-product-pass'
runs-on: ubuntu-latest
permissions:
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
# Build actions for docker hub registry
- name: Docker meta
id: meta-for-dockerhub
uses: docker/metadata-action@v5
with:
images: |
${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}
type=semver,pattern={{major}}.{{minor}}
# Login against docker registry
# https://github.com/docker/login-action
- name: Log into a Docker registry
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USER }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
# Build and push Docker image with Buildx
# https://github.com/docker/build-push-action
- name: Build and push frontend
id: build-and-push-frontend-dockerhub
uses: docker/build-push-action@v5
with:
context: dpp-frontend
push: true
tags: ${{ steps.meta-for-dockerhub.outputs.tags }}, ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:latest
labels: ${{ steps.meta-for-dockerhub.outputs.labels }}
build-args: |
REPO_COMMIT_ID=${{ env.COMMIT_SHA }}
REPO_ENDPOINT_URL=${{ env.REPO_URL }}
# https://github.com/peter-evans/dockerhub-description
# Important step to push image description to DockerHub
- name: Update Docker Hub description
uses: peter-evans/dockerhub-description@v4
with:
# readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images'
readme-filepath: docs/notice.md
username: ${{ secrets.DOCKER_HUB_USER }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
build-on-ghcr:
if: github.repository != 'eclipse-tractusx/digital-product-pass'
runs-on: ubuntu-latest
permissions:
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
# Build actions for GHCR registry
- name: Docker meta
id: meta-for-ghcr
uses: docker/metadata-action@v5
with:
images: |
${{ env.REGISTRY }}/${{ github.repository }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}
type=semver,pattern={{major}}.{{minor}}
# Login against GHCR registry
# https://github.com/docker/login-action
- name: Log into GHCR registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Build and push Docker image with Buildx
# https://github.com/docker/build-push-action
- name: Build and push frontend for GHCR registry
id: build-and-push-frontend-ghcr
uses: docker/build-push-action@v5
with:
context: dpp-frontend
push: true
tags: ${{ steps.meta-for-ghcr.outputs.tags }}, ${{ env.REGISTRY }}/${{ github.repository }}/${{ env.IMAGE_NAME }}:latest
labels: ${{ steps.meta-for-ghcr.outputs.labels }}
build-args: |
REPO_COMMIT_ID=${{ env.COMMIT_SHA }}
REPO_ENDPOINT_URL=${{ env.REPO_URL }}