Push #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Push | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - stable | |
| paths: | |
| - 'deafrica_waterbodies/**' | |
| - '.github/workflows/push.yml' | |
| - 'Dockerfile' | |
| release: | |
| types: [created, edited] | |
| env: | |
| IMAGE_NAME: digitalearthafrica/deafrica-waterbodies | |
| jobs: | |
| push: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get tag for this build if it exists | |
| if: github.event_name == 'release' | |
| run: | | |
| echo "RELEASE=${GITHUB_REF/refs\/tags\/}" >> $GITHUB_ENV | |
| - name: Build and Push semver tagged Docker Image for Release | |
| uses: whoan/docker-build-with-cache-action@v6 | |
| if: github.event_name == 'release' | |
| with: | |
| image_name: ${{ env.IMAGE_NAME }} | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DEAFRICA_DOCKER_PASSWORD}} | |
| image_tag: ${{ env.RELEASE }} | |
| - name: Run Trivy vulnerability scanner for Release | |
| uses: aquasecurity/trivy-action@master | |
| if: github.event_name == 'release' | |
| with: | |
| image-ref: 'docker.io/digitalearthafrica/deafrica-waterbodies:${{ env.RELEASE }}' | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Get git commit hash for push to main | |
| if: github.event_name != 'release' | |
| run: | | |
| git fetch --all --tags | |
| echo "RELEASE=$(git describe --tags)" >> $GITHUB_ENV | |
| - name: Build and Push unstable Docker Image for push to main | |
| uses: whoan/docker-build-with-cache-action@v6 | |
| if: github.event_name != 'release' | |
| with: | |
| image_name: ${{ env.IMAGE_NAME }} | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DEAFRICA_DOCKER_PASSWORD}} | |
| image_tag: latest,${{ env.RELEASE }} | |
| - name: Run Trivy vulnerability scanner for push to main | |
| uses: aquasecurity/trivy-action@master | |
| if: github.event_name != 'release' | |
| with: | |
| image-ref: 'docker.io/digitalearthafrica/deafrica-waterbodies:${{ env.RELEASE }}' | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' |