Skip to content
Back to pull request #180

Feat: Update Composer #197

Sign in to view logs

Feat: Update Composer

Feat: Update Composer #197

Workflow file for this run

.github/workflows/docker-image.yml at ca55a24
name: Build and Publish Docker Image
on:
pull_request:
branches:
- develop
- master
push:
tags:
- 'v*'
branches:
- develop
- master
jobs:
build-and-publish:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
pull-requests: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver: docker-container
- name: Set Vars
id: vars
run: |
# Set the core branch to use for tests
if [ "${{ github.ref }}" == "refs/heads/master" ] || [ "${{ github.event.pull_request.base.ref }}" == "master" ]; then
# Base branch or current branch of boilerplate is master
echo "CORE_BRANCH=main" >> $GITHUB_ENV
else
echo "CORE_BRANCH=develop" >> $GITHUB_ENV
fi
# Build all the tags for the image
- name: Create tags
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/2pisoftware/cmfive
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=raw,value=latest,enable={{is_default_branch}}
labels: |
org.opencontainers.image.title=Cmfive
org.opencontainers.image.description=Cmfive in a docker image
org.opencontainers.image.vendor=2pisoftware
# Login to GHCR
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Build combined ARM/x86-64 image on master and develop branches
- name: Build and push cmfive ARM/x86-64 image
uses: docker/build-push-action@v6
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/tags/v')
with:
context: .
push: true
build-args: |
BUILT_IN_CORE_BRANCH=${{ env.CORE_BRANCH }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=ghcr.io/2pisoftware/cmfive:buildcache
cache-to: type=registry,ref=ghcr.io/2pisoftware/cmfive:buildcache,mode=max
# x86-64 and ARM64
platforms: linux/amd64,linux/arm64
# Build x86-64 image on other branches
- name: Build and push cmfive x86-64 image
uses: docker/build-push-action@v6
if: github.ref != 'refs/heads/master' && github.ref != 'refs/heads/develop' && !startsWith(github.ref, 'refs/tags/v')
with:
context: .
push: true
build-args: |
BUILT_IN_CORE_BRANCH=${{ env.CORE_BRANCH }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=ghcr.io/2pisoftware/cmfive:buildcache
cache-to: type=registry,ref=ghcr.io/2pisoftware/cmfive:buildcache,mode=max
# x86-64
platforms: linux/amd64
# Scan the docker image and compare it with the latest image
- name: Docker Scout
uses: docker/scout-action@v1
# only on pull requests
if: github.event_name == 'pull_request'
with:
command: compare,cves
image: ${{ steps.meta.outputs.tags }}
to: ghcr.io/2pisoftware/cmfive:develop
only-severities: critical,high,medium
write-comment: true
github-token: ${{ secrets.GITHUB_TOKEN }} # to be able to write the comment
dockerhub-user: ${{ secrets.DOCKER_USER }}
dockerhub-password: ${{ secrets.DOCKER_TOKEN }}
playwright:
needs: build-and-publish
uses: ./.github/workflows/playwright.yml
# Only run on pull requests
if: github.event_name == 'pull_request'