Skip to content

Build No Cache

Build No Cache #141

Workflow file for this run

name: Build No Cache
on:
workflow_dispatch:
schedule:
- cron: '0 13 * * 0'
permissions:
packages: write
contents: write
pull-requests: write
jobs:
build:
name: build
environment:
name: review_aks
runs-on: ubuntu-latest
env:
DOCKER_IMAGE: ghcr.io/dfe-digital/apply-teacher-training
GEMS_NODE_MODULES_IMAGE: ghcr.io/dfe-digital/apply-teacher-training-gems-node-modules
outputs:
IMAGE_TAG: ${{ env.IMAGE_TAG }}
GIT_BRANCH: ${{ env.GIT_BRANCH }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set Environment variable
run: |
GIT_REF=${{ github.ref }}
echo "GIT_BRANCH=${GIT_REF##*/}" >> $GITHUB_ENV # GIT_BRANCH will be main for refs/heads/main
echo "IMAGE_TAG=${{ github.sha }}" >> $GITHUB_ENV
# tag build to the review env for vars and secrets
tf_vars_file=terraform/aks/workspace_variables/review_aks.tfvars.json
echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
echo "KEY_VAULT_INFRA_SECRET_NAME=$(jq -r '.key_vault_infra_secret_name' ${tf_vars_file})" >> $GITHUB_ENV
- uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Validate Azure Key Vault secrets
uses: DFE-Digital/github-actions/validate-key-vault-secrets@master
with:
KEY_VAULT: ${{ env.KEY_VAULT_NAME }}
SECRETS: |
${{ env.KEY_VAULT_INFRA_SECRET_NAME }}
- uses: DFE-Digital/keyvault-yaml-secret@v1
id: get-secret
with:
keyvault: ${{ env.KEY_VAULT_NAME }}
secret: ${{ env.KEY_VAULT_INFRA_SECRET_NAME }}
key: SNYK_TOKEN
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build gems-node-modules Docker Image
uses: docker/build-push-action@v6
with:
target: gems-node-modules
tags: |
${{ env.GEMS_NODE_MODULES_IMAGE }}:${{ env.IMAGE_TAG }}
${{ env.GEMS_NODE_MODULES_IMAGE }}:${{ env.GIT_BRANCH }}
push: true
cache-to: type=inline
- name: Build Docker Image
uses: docker/build-push-action@v6
with:
tags: |
${{ env.DOCKER_IMAGE }}:${{ env.IMAGE_TAG }}
${{ env.DOCKER_IMAGE }}:${{ env.GIT_BRANCH }}
push: false
load: true
cache-to: type=inline
build-args: |
SHA=${{ env.IMAGE_TAG }}
- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ steps.get-secret.outputs.snyk_token }}
with:
image: ${{ env.DOCKER_IMAGE }}:${{ env.IMAGE_TAG }}
args: --file=Dockerfile --exclude-app-vulns
- name: Push ${{ env.DOCKER_IMAGE }} images
if: ${{ success() }}
run: docker image push --all-tags ${{ env.DOCKER_IMAGE }}
- name: Notify Slack channel on job failure
if: failure()
uses: rtCamp/action-slack-notify@v2
env:
SLACK_USERNAME: CI Deployment
SLACK_TITLE: Build failure on weekly rebuild cache workflow
SLACK_MESSAGE: ':alert: Build failure :sadparrot:'
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_COLOR: failure
SLACK_FOOTER: Sent from build job in Apply build-nocache workflow