Add setup and publish to docker steps for shared docker workflow #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Shared Pipeline to build and publish images to Docker | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| release_type: | ||
| description: The type of version number to return. Must be one of [Snapshot, Patch, Minor or Major] | ||
| required: true | ||
| type: string | ||
| publish_vulnerabilities: | ||
| description: If true, will attempt to publish any vulnerabilities to GitHub. Defaults to true. Set to false for private repos. | ||
| type: string | ||
| default: 'true' | ||
| version_number_input: | ||
| description: The version number to publish for the docker repo | ||
| type: string | ||
| default: '' | ||
| force_release: | ||
| description: If 'yes', will force the creation a release, if 'no' will not create a release. 'branch' will use release_type and the branch to determine if a release should be created. | ||
| type: string | ||
| default: 'branch' | ||
| # outputs: | ||
| # version_number_output: | ||
| # description: The complete version number | ||
| # value: ${{ jobs.buildImage.outputs.jar_version }} | ||
| # image_tag: | ||
| # description: The tag used to describe the image in docker | ||
| # value: ${{ jobs.buildImage.outputs.image_tag }} | ||
| env: | ||
| REGISTRY: ghcr.io | ||
| IMAGE_NAME: ${{ github.repository }} | ||
| jobs: | ||
| buildImage: | ||
| name: Build Image | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write | ||
| security-events: write | ||
| packages: write | ||
| pull-requests: write | ||
| outputs: | ||
| jar_version: ${{ inputs.version_number_input }} | ||
| image_tag: ${{ steps.updatePom.outputs.image_tag }} | ||
| steps: | ||
| - name: Setup | ||
| id: setup | ||
| uses: IABTechLab/uid2-shared-actions/actions/shared_publish_setup@kcc-UID2-2674-implement-shared-publish-to-docker-versioned | ||
| with: | ||
| release_type: ${{ inputs.release_type }} | ||
| - name: Publish to Docker | ||
| id: publishToDocker | ||
| uses:IABTechLab/uid2-shared-actions/actions/shared_publish_to_docker@kcc-UID2-2674-implement-shared-publish-to-docker-versioned | ||
| with: | ||
| version_number_input: ${{ inputs.version_number_input }} | ||
| image_tag: ${{ inputs.version_number_input }} | ||
| not_snapshot: ${{ steps.setup.outputs.not_snapshot }} | ||
| # - name: Generate Trivy vulnerability scan report | ||
| # uses: aquasecurity/[email protected] | ||
| # if: inputs.publish_vulnerabilities == 'true' | ||
| # with: | ||
| # image-ref: ${{ steps.extractImageTag.outputs.firstTag }} | ||
| # format: 'sarif' | ||
| # exit-code: '0' | ||
| # ignore-unfixed: true | ||
| # severity: 'CRITICAL,HIGH' | ||
| # output: 'trivy-results.sarif' | ||
| # hide-progress: true | ||
| # - name: Upload Trivy scan report to GitHub Security tab | ||
| # uses: github/codeql-action/upload-sarif@v2 | ||
| # if: inputs.publish_vulnerabilities == 'true' | ||
| # with: | ||
| # sarif_file: 'trivy-results.sarif' | ||
| # - name: Test with Trivy vulnerability scanner | ||
| # uses: aquasecurity/[email protected] | ||
| # with: | ||
| # image-ref: ${{ steps.extractImageTag.outputs.firstTag }} | ||
| # format: 'table' | ||
| # exit-code: '1' | ||
| # ignore-unfixed: true | ||
| # severity: 'CRITICAL' | ||
| # hide-progress: true | ||
| # - name: Push to Docker | ||
| # uses: docker/build-push-action@v5 | ||
| # with: | ||
| # context: . | ||
| # push: true | ||
| # tags: ${{ steps.meta.outputs.tags }} | ||
| # labels: ${{ steps.meta.outputs.labels }} | ||
| # build-args: | | ||
| # JAR_VERSION=${{ inputs.version_number_input }} | ||
| # IMAGE_VERSION=${{ inputs.version_number_input }} | ||
| # - name: Build Changelog | ||
| # id: github_release | ||
| # if: ${{ steps.setup.outputs.is_release == 'true' }} | ||
| # uses: mikepenz/release-changelog-builder-action@v3 | ||
| # with: | ||
| # toTag: v${{ inputs.version_number_input }} | ||
| # configurationJson: | | ||
| # { | ||
| # "template": "#{{CHANGELOG}}\n## Installation\n```\ndocker pull ${{ steps.meta.outputs.tags }}\n```\n\n## Image reference to deploy: \n```\n${{ steps.updatePom.outputs.image_tag }}\n```\n\n## Changelog\n#{{UNCATEGORIZED}}", | ||
| # "pr_template": " - #{{TITLE}} - ( PR: ##{{NUMBER}} )" | ||
| # } | ||
| # env: | ||
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| # - name: Create Release | ||
| # if: ${{ steps.setup.outputs.is_release == 'true' }} | ||
| # uses: softprops/action-gh-release@v1 | ||
| # with: | ||
| # name: ${{ inputs.version_number_input }} | ||
| # body: ${{ steps.github_release.outputs.changelog }} | ||
| # draft: true | ||
