Builder #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Builder" | |
| # Controls when the workflow will run | |
| on: | |
| push: | |
| branches: ['main'] | |
| tags: | |
| - 'v*.*.*' | |
| pull_request: | |
| branches: ['main'] | |
| schedule: | |
| - cron: '18 6 */2 * *' | |
| # Run builds at 06:18 on every 2nd day-of-month. | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| snyk: | |
| name: "Snyk: scanner" | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Build a Docker image | |
| run: docker build -t moj/wordpress-base-fpm . | |
| - name: Run Snyk | Check Docker image for vulnerabilities | |
| uses: snyk/actions/docker@master | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| image: moj/wordpress-base-fpm | |
| args: --file=Dockerfile --severity-threshold=medium | |
| build: | |
| if: github.event_name != 'pull_request' | |
| name: "Build: multi-arch docker" | |
| needs: snyk | |
| runs-on: ubuntu-latest | |
| steps: | |
| # First, checkout | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # QEMU; multi-arch stuff | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| # get buildx - build multi-arch stuff | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # Access Docker Hub | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # Gather meta for the builds | |
| - name: Docker meta | |
| id: wordpress-base-meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ministryofjustice/wordpress-base-fpm | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| flavor: | | |
| latest=true | |
| # perform the builds | |
| - name: Build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| platforms: | | |
| linux/amd64 | |
| linux/arm64/v8 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.wordpress-base-meta.outputs.tags }} | |
| labels: ${{ steps.wordpress-base-meta.outputs.labels }} |