fix: publish image to GHCR #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Wiredoor CI Pipeline | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - development | |
| pull_request: | |
| branches: | |
| - main | |
| - development | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| build-dev: | |
| name: Build dev image | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Log in to GHCR | |
| run: echo "${{ secrets.WIREDOOR_GHCR_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Build Dev Image | |
| run: docker build -t ghcr.io/${{ github.repository_owner }}/wiredoor:build-${{ github.sha }} --target development -f docker/Dockerfile . | |
| - name: Push image | |
| run: docker push ghcr.io/${{ github.repository_owner }}/wiredoor:build-${{ github.sha }} | |
| lint: | |
| name: Lint Dev Image | |
| runs-on: ubuntu-latest | |
| needs: build-dev | |
| steps: | |
| - name: Log in to GHCR | |
| run: echo "${{ secrets.WIREDOOR_GHCR_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Run Lint | |
| run: | | |
| docker run --rm ghcr.io/${{ github.repository_owner }}/wiredoor:build-${{ github.sha }} npm run lint | |
| test: | |
| name: Run Tests in Dev Image | |
| runs-on: ubuntu-latest | |
| needs: build-dev | |
| steps: | |
| - name: Log in to GHCR | |
| run: echo "${{ secrets.WIREDOOR_GHCR_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Run Tests | |
| run: | | |
| docker run --rm ghcr.io/${{ github.repository_owner }}/wiredoor:build-${{ github.sha }} npm run test | |
| build-prod: | |
| name: Build Prod Image | |
| runs-on: ubuntu-latest | |
| needs: [test, lint] | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Log in to GHCR | |
| run: echo "${{ secrets.WIREDOOR_GHCR_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Build Prod Image | |
| run: | | |
| docker build -t ghcr.io/${{ github.repository_owner }}/wiredoor:build-${{ github.sha }} -f docker/Dockerfile --target=production . | |
| - name: Push image | |
| run: docker push ghcr.io/${{ github.repository_owner }}/wiredoor:build-${{ github.sha }} | |
| scan-image: | |
| name: Scan Prod Image with Trivy | |
| runs-on: ubuntu-latest | |
| needs: build-prod | |
| steps: | |
| - name: Log in to GHCR | |
| run: echo "${{ secrets.WIREDOOR_GHCR_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Install Trivy | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ghcr.io/${{ github.repository_owner }}/wiredoor:build-${{ github.sha }} | |
| format: table | |
| exit-code: 0 | |
| ignore-unfixed: true | |
| publish-image: | |
| name: Publish to GHCR | |
| runs-on: ubuntu-latest | |
| needs: scan-image | |
| if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/development' | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Log in to GHCR | |
| run: | | |
| echo "${{ secrets.WIREDOOR_GHCR_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Tag & Push Image | |
| run: | | |
| SHORT_SHA=${GITHUB_SHA::7} | |
| IMAGE=ghcr.io/${{ github.repository_owner }}/wiredoor | |
| docker pull $IMAGE:build-${{ github.sha }} | |
| if [ "${GITHUB_REF##*/}" = "main" ]; then | |
| docker tag $IMAGE:build-${{ github.sha }} $IMAGE:latest | |
| docker tag $IMAGE:build-${{ github.sha }} $IMAGE:$SHORT_SHA | |
| docker push $IMAGE:latest | |
| docker push $IMAGE:$SHORT_SHA | |
| elif [ "${GITHUB_REF##*/}" = "development" ]; then | |
| docker tag $IMAGE:build-${{ github.sha }} $IMAGE:dev | |
| docker tag $IMAGE:build-${{ github.sha }} $IMAGE:dev-$SHORT_SHA | |
| docker push $IMAGE:dev | |
| docker push $IMAGE:dev-$SHORT_SHA | |
| fi |