Fix profile xss #1102
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker | |
| # initially we would us on: [release] as well, the problem is that | |
| # the code in clowder would not know what branch the code is in, | |
| # and would not set the right version flags. | |
| # This will run when: | |
| # - when new code is pushed to master/develop to push the tags | |
| # latest and develop | |
| # - when a pull request is created and updated to make sure the | |
| # Dockerfile is still valid. | |
| # To be able to push to dockerhub, this execpts the following | |
| # secrets to be set in the project: | |
| # - DOCKERHUB_USERNAME : username that can push to the org | |
| # - DOCKERHUB_PASSWORD : password asscoaited with the username | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - develop | |
| pull_request: | |
| # Certain actions will only run when this is the master repo. | |
| env: | |
| MASTER_REPO: clowder-framework/clowder | |
| DOCKERHUB_ORG: clowder | |
| jobs: | |
| docker: | |
| runs-on: ubuntu-latest | |
| env: | |
| dockerhub: ${{ secrets.DOCKERHUB_USERNAME }} | |
| permissions: | |
| packages: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| name: | |
| - clowder | |
| - mongo-init | |
| - monitor | |
| - elasticsearch | |
| include: | |
| - name: clowder | |
| FOLDER: "." | |
| IMAGE: clowder | |
| README: README.md | |
| PLATFORM: "linux/amd64,linux/arm64" | |
| - name: mongo-init | |
| FOLDER: scripts/mongo-init | |
| IMAGE: mongo-init | |
| README: "" | |
| PLATFORM: "linux/amd64" | |
| - name: monitor | |
| FOLDER: scripts/monitor | |
| IMAGE: monitor | |
| README: "" | |
| PLATFORM: "linux/amd64,linux/arm64" | |
| - name: elasticsearch | |
| FOLDER: scripts/elasticsearch | |
| IMAGE: elasticsearch | |
| README: "" | |
| PLATFORM: "linux/amd64" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| # calculate some variables that are used later | |
| - name: variable setup | |
| run: | | |
| if [ "${{ github.event.release.target_commitish }}" != "" ]; then | |
| BRANCH="${{ github.event.release.target_commitish }}" | |
| elif [[ $GITHUB_REF =~ pull ]]; then | |
| BRANCH="$(echo $GITHUB_REF | sed 's#refs/pull/\([0-9]*\)/merge#PR-\1#')" | |
| else | |
| BRANCH=${GITHUB_REF##*/} | |
| fi | |
| if [ "$BRANCH" == "master" ]; then | |
| version="$(awk '/version = / { print $4 }' project/Build.scala | sed 's/"//g')" | |
| tags="latest" | |
| oldversion="" | |
| while [ "${oldversion}" != "${version}" ]; do | |
| oldversion="${version}" | |
| tags="${tags} ${version}" | |
| version=${version%.*} | |
| done | |
| version="$(awk '/version = / { print $4 }' project/Build.scala | sed 's/"//g')" | |
| elif [ "$BRANCH" == "develop" ]; then | |
| version="develop" | |
| tags="develop" | |
| else | |
| version="test" | |
| tags="${BRANCH}" | |
| fi | |
| push_tags="" | |
| for tag in ${tags}; do | |
| if [ "${{ secrets.DOCKERHUB_USERNAME }}" != "" ]; then | |
| push_tags="${push_tags}${{ env.DOCKERHUB_ORG }}/${{ matrix.IMAGE }}:${tag}," | |
| fi | |
| push_tags="${push_tags}ghcr.io/${{ github.repository_owner }}/${{ matrix.IMAGE }}:${tag}," | |
| done | |
| push_tags="${push_tags%,*}" | |
| echo "BRANCH=${BRANCH}" | |
| echo "VERSION=${version}" | |
| echo "TAGS=${tags}" | |
| echo "PUSH_TAGS=${push_tags}" | |
| echo "BRANCH=${BRANCH}" >> $GITHUB_ENV | |
| echo "VERSION=${version}" >> $GITHUB_ENV | |
| echo "TAGS=${push_tags}" >> $GITHUB_ENV | |
| # setup docker build | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Inspect Builder | |
| run: | | |
| echo "Name: ${{ steps.buildx.outputs.name }}" | |
| echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}" | |
| echo "Status: ${{ steps.buildx.outputs.status }}" | |
| echo "Flags: ${{ steps.buildx.outputs.flags }}" | |
| echo "Platforms: ${{ steps.buildx.outputs.platforms }}" | |
| # login to registries | |
| - name: Login to DockerHub | |
| if: env.dockerhub != '' | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # build the clowder docker images | |
| - name: Build and push ${{ matrix.IMAGE }}-build | |
| if: matrix.IMAGE == 'clowder' | |
| uses: docker/build-push-action@v2 | |
| with: | |
| push: true | |
| context: ${{ matrix.FOLDER }} | |
| platforms: ${{ matrix.PLATFORM }} | |
| target: ${{ matrix.IMAGE }}-build | |
| cache-from: type=registry,ref=${{ env.DOCKERHUB_ORG }}/${{ matrix.IMAGE }}-build-cache:${{ env.BRANCH }} | |
| cache-to: type=registry,ref=${{ env.DOCKERHUB_ORG }}/${{ matrix.IMAGE }}-build-cache:${{ env.BRANCH }},mode=max | |
| tags: ${{ env.TAGS }} | |
| build-args: | | |
| BRANCH=${{ env.BRANCH }} | |
| VERSION=${{ env.VERSION }} | |
| BUILDNUMBER=${{ github.run_number }} | |
| GITSHA1=${{ github.sha }} | |
| - name: Build and push ${{ matrix.IMAGE }}-runtime | |
| if: matrix.IMAGE == 'clowder' | |
| uses: docker/build-push-action@v2 | |
| with: | |
| push: true | |
| context: ${{ matrix.FOLDER }} | |
| platforms: ${{ matrix.PLATFORM }} | |
| target: ${{ matrix.IMAGE }}-runtime | |
| cache-from: type=registry,ref=${{ env.DOCKERHUB_ORG }}/${{ matrix.IMAGE }}-runtime-cache:${{ env.BRANCH }} | |
| cache-to: type=registry,ref=${{ env.DOCKERHUB_ORG }}/${{ matrix.IMAGE }}-runtime-cache:${{ env.BRANCH }} | |
| tags: ${{ env.TAGS }} | |
| build-args: | | |
| BRANCH=${{ env.BRANCH }} | |
| VERSION=${{ env.VERSION }} | |
| BUILDNUMBER=${{ github.run_number }} | |
| GITSHA1=${{ github.sha }} | |
| # build the other docker images | |
| - name: Build and push ${{ matrix.IMAGE }} | |
| if: matrix.IMAGE != 'clowder' | |
| uses: docker/build-push-action@v2 | |
| with: | |
| push: true | |
| context: ${{ matrix.FOLDER }} | |
| platforms: ${{ matrix.PLATFORM }} | |
| cache-from: type=registry,ref=${{ env.DOCKERHUB_ORG }}/${{ matrix.IMAGE }}-cache:${{ env.BRANCH }} | |
| cache-to: type=registry,ref=${{ env.DOCKERHUB_ORG }}/${{ matrix.IMAGE }}-cache:${{ env.BRANCH }},mode=max | |
| tags: ${{ env.TAGS }} | |
| build-args: | | |
| BRANCH=${{ env.BRANCH }} | |
| VERSION=${{ env.VERSION }} | |
| BUILDNUMBER=${{ github.run_number }} | |
| GITSHA1=${{ github.sha }} | |
| # update README at DockerHub | |
| - name: Docker Hub Description | |
| if: env.dockerhub != '' && matrix.README != '' && github.event_name == 'push' && github.repository == env.MASTER_REPO && env.BRANCH == 'master' | |
| uses: peter-evans/dockerhub-description@v2 | |
| env: | |
| DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
| DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| DOCKERHUB_REPOSITORY: ${{ env.DOCKERHUB_ORG }}/${{ matrix.IMAGE }} | |
| README_FILEPATH: ${{ matrix.README }} |