fix: move TARGETARCH argument to python-base stage in Dockerfile #411

Workflow file for this run

	name: Wiredoor CI Pipeline

	on:
	push:
	branches:
	- main
	- development
	tags:
	- "v..*"
	pull_request:
	branches:
	- main
	- development
	workflow_dispatch:
	inputs:
	ref:
	description: "Git Branch, Tag or SHA"
	required: false

	permissions:
	contents: read
	packages: write

	jobs:
	build-dev:
	name: Build dev image
	runs-on: ubuntu-latest

	steps:
	- name: Checkout repo
	uses: actions/checkout@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Log in to GHCR
	run: echo "${{ secrets.WIREDOOR_GHCR_TOKEN }}" \| docker login ghcr.io -u ${{ github.actor }} --password-stdin

	- name: Build Dev Image
	run: docker build -t ghcr.io/${{ github.repository_owner }}/wiredoor:build-${{ github.sha }} --target development -f docker/Dockerfile .

	- name: Push image
	run: docker push ghcr.io/${{ github.repository_owner }}/wiredoor:build-${{ github.sha }}

	lint:
	name: Lint Dev Image
	runs-on: ubuntu-latest
	needs: build-dev

	steps:
	- name: Log in to GHCR
	run: echo "${{ secrets.WIREDOOR_GHCR_TOKEN }}" \| docker login ghcr.io -u ${{ github.actor }} --password-stdin

	- name: Run Lint
	run: \|
	docker run --rm ghcr.io/${{ github.repository_owner }}/wiredoor:build-${{ github.sha }} npm run lint

	test:
	name: Run Tests in Dev Image
	runs-on: ubuntu-latest
	needs: build-dev

	steps:
	- name: Log in to GHCR
	run: echo "${{ secrets.WIREDOOR_GHCR_TOKEN }}" \| docker login ghcr.io -u ${{ github.actor }} --password-stdin

	- name: Run Tests
	run: \|
	docker run --rm ghcr.io/${{ github.repository_owner }}/wiredoor:build-${{ github.sha }} npm run test

	cleanup-dev-image:
	name: Cleanup dev image
	runs-on: ubuntu-latest
	needs: [test, lint]

	steps:
	- name: Install GitHub CLI
	run: \|
	sudo apt-get update
	sudo apt-get install -y gh jq ca-certificates
	- name: Delete build-${{ github.sha }} image
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	OWNER: ${{ github.repository_owner }}
	TAG: build-${{ github.sha }}
	run: \|
	echo "Looking for package version with tag $TAG..."

	IMAGE_ID=$(gh api -H "Accept: application/vnd.github+json" /orgs/$OWNER/packages/container/wiredoor/versions \
	\| jq -r ".[] \| select(.metadata.container.tags[]? == \"$TAG\") \| .id")

	echo "Image ID: ${IMAGE_ID}"

	gh api -X DELETE -H "Accept: application/vnd.github+json" /orgs/$OWNER/packages/container/wiredoor/versions/$IMAGE_ID \
	\|\| echo "No matching version found or failed to delete."

	build-prod:
	name: Build Prod Image
	runs-on: ubuntu-latest
	needs: [test, lint]

	# if: github.ref == 'refs/heads/main' \|\| github.ref == 'refs/heads/development' \|\| startsWith(github.ref, 'refs/tags/')

	steps:
	- name: Checkout repo
	uses: actions/checkout@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Log in to GHCR
	run: echo "${{ secrets.WIREDOOR_GHCR_TOKEN }}" \| docker login ghcr.io -u ${{ github.actor }} --password-stdin

	- name: Log in to Docker Hub
	run: echo "${{ secrets.WIREDOOR_DOCKER_HUB_TOKEN }}" \| docker login docker.io -u ${{ secrets.WIREDOOR_DOCKER_HUB_USERNAME }} --password-stdin

	- name: Determine tags
	id: tags
	run: \|
	echo "SHORT_SHA=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
	if [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
	echo "TAGS=latest" >> $GITHUB_OUTPUT
	elif [[ "${GITHUB_REF}" == refs/tags/* ]]; then
	TAG_NAME="${GITHUB_REF#refs/tags/}"
	echo "TAGS=${TAG_NAME}" >> $GITHUB_OUTPUT
	else
	echo "TAGS=dev,dev-${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
	fi

	- name: Build and Push Image with All Tags
	run: \|
	IFS=',' read -ra TAGS <<< "${{ steps.tags.outputs.TAGS }}"
	TAG_ARGS=""

	for tag in "${TAGS[@]}"; do
	TAG_ARGS="$TAG_ARGS -t ghcr.io/${{ github.repository_owner }}/wiredoor:$tag"

	if [[ "${GITHUB_REF}" == "refs/heads/main" \|\| "${GITHUB_REF}" == refs/tags/* ]]; then
	TAG_ARGS="$TAG_ARGS -t wiredoor/wiredoor:$tag"
	fi
	done

	echo $TAG_ARGS

	docker buildx build \
	--platform linux/amd64,linux/arm64 \
	--target=production \
	--provenance=mode=max \
	--sbom=true \
	-f docker/Dockerfile \
	$TAG_ARGS \
	--push \
	.

	scan-image:
	name: Scan Prod Image with Trivy
	runs-on: ubuntu-latest
	needs: build-prod

	# if: github.ref == 'refs/heads/main' \|\| github.ref == 'refs/heads/development' \|\| startsWith(github.ref, 'refs/tags/')

	steps:
	- name: Log in to GHCR
	run: echo "${{ secrets.WIREDOOR_GHCR_TOKEN }}" \| docker login ghcr.io -u ${{ github.actor }} --password-stdin

	- name: Determine tag
	id: tag
	run: \|
	if [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
	echo "TAG=latest" >> $GITHUB_OUTPUT
	elif [[ "${GITHUB_REF}" == refs/tags/* ]]; then
	TAG_NAME="${GITHUB_REF#refs/tags/}"
	echo "TAG=${TAG_NAME}" >> $GITHUB_OUTPUT
	else
	echo "TAG=dev-${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
	fi

	- name: Install Trivy
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: ghcr.io/${{ github.repository_owner }}/wiredoor:${{ steps.tag.outputs.TAG }}
	format: table
	exit-code: 0
	ignore-unfixed: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

fix: move TARGETARCH argument to python-base stage in Dockerfile #411

Workflow file

fix: move TARGETARCH argument to python-base stage in Dockerfile #411

Uh oh!

Workflow file for this run