Merge pull request #33 from dockersamples/add-upc-revert-to-patch #112
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pipeline using Docker cloud services | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - '*' | |
| pull_request: | |
| workflow_dispatch: | |
| jobs: | |
| prettier: | |
| name: "Validate code formatting" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Load Environment Variables | |
| uses: ./.github/workflows/load-env | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: lts/* | |
| cache: npm | |
| - name: Install dependencies | |
| run: npm install --omit=optional | |
| - name: Run Prettier | |
| run: npm run prettier-check | |
| unit-test: | |
| name: "Run tests" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Load Environment Variables | |
| uses: ./.github/workflows/load-env | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: lts/* | |
| cache: npm | |
| - name: Install dependencies | |
| run: npm install --omit=optional | |
| - name: Run unit tests | |
| run: npm run unit-test | |
| integration-test: | |
| name: "Run integration tests" | |
| needs: [ prettier, unit-test ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Load Environment Variables | |
| uses: ./.github/workflows/load-env | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: lts/* | |
| cache: npm | |
| - name: Install dependencies | |
| run: npm install --omit=optional | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Setup Testcontainers Cloud Client | |
| uses: atomicjar/testcontainers-cloud-setup-action@v1 | |
| with: | |
| token: ${{ secrets.TC_CLOUD_TOKEN }} | |
| - name: Run integration tests | |
| run: npm run integration-test | |
| build: | |
| name: Build and push image | |
| needs: [unit-test, integration-test] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| outputs: | |
| IMAGE_TAGS: ${{ toJSON( fromJSON(steps.meta.outputs.json).tags ) }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Load Environment Variables | |
| uses: ./.github/workflows/load-env | |
| - name: Set up containerd | |
| uses: docker/setup-docker-action@v4 | |
| with: | |
| set-host: true | |
| daemon-config: | | |
| { | |
| "features": { | |
| "containerd-snapshotter": true | |
| } | |
| } | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Determine image tags and labels | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.DOCKERHUB_NAMESPACE }}/${{ env.IMAGE_PREFIX }}${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,enable=true,event=branch,suffix=--{{sha}} | |
| type=ref,enable=true,event=branch,suffix=--latest | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver: cloud | |
| endpoint: ${{ env.DBC_BUILDER_NAME }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: ${{ github.event_name == 'pull_request' && 'linux/amd64' || 'linux/amd64,linux/arm64' }} | |
| provenance: mode=max | |
| sbom: true | |
| push: ${{ github.event_name != 'pull_request' }} | |
| load: ${{ github.event_name == 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| - name: Analyze and compare image against production | |
| uses: docker/scout-action@v1 | |
| if: ${{ github.event_name == 'pull_request' }} | |
| with: | |
| command: quickview,compare | |
| image: ${{ steps.meta.outputs.tags }} | |
| to-env: production | |
| write-comment: true | |
| organization: ${{ env.DOCKERHUB_NAMESPACE }} | |
| # TODO Update this to include policy once DBC image loading includes attestations | |
| exit-on: vulnerability | |
| stage-deploy: | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| name: Deploy to stage environment | |
| needs: [build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Load Environment Variables | |
| uses: ./.github/workflows/load-env | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Do the deploy | |
| run: | | |
| echo "Do the staging deployment here. Would deploy image ${IMAGE_TAG}" | |
| env: | |
| IMAGE_TAG: ${{ fromJSON( needs.build.outputs.IMAGE_TAGS )[0] }} | |
| - name: Update Scout environment | |
| id: docker-scout-environment | |
| uses: docker/scout-action@v1 | |
| with: | |
| command: environment | |
| image: ${{ fromJSON( needs.build.outputs.IMAGE_TAGS )[0] }} | |
| environment: stage | |
| organization: ${{ env.DOCKERHUB_NAMESPACE }} | |
| prod-deploy: | |
| if: github.ref_type == 'tag' | |
| name: Deploy to production environment | |
| needs: [build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Load Environment Variables | |
| uses: ./.github/workflows/load-env | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Do the deploy | |
| run: | | |
| echo "Do the production deployment here. Would deploy image ${IMAGE_TAG}" | |
| env: | |
| IMAGE_TAG: ${{ fromJSON( needs.build.outputs.IMAGE_TAGS )[0] }} | |
| - name: Update Scout environment | |
| id: docker-scout-environment | |
| uses: docker/scout-action@v1 | |
| with: | |
| command: environment | |
| image: ${{ fromJSON( needs.build.outputs.IMAGE_TAGS )[0] }} | |
| environment: production | |
| organization: ${{ env.DOCKERHUB_NAMESPACE }} |