Bump the pip group across 1 directory with 3 updates #30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push Docker Image | |
| on: | |
| push: | |
| branches: | |
| - staging | |
| - dev | |
| - test-* | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| dockerfile: | |
| description: 'Which Dockerfile to build' | |
| required: true | |
| default: 'Dockerfile.gateway-api-service' | |
| type: choice | |
| options: | |
| - Dockerfile.dashboard-service | |
| - Dockerfile.gateway-api-service | |
| - Dockerfile.model-service | |
| - Dockerfile.model-service-distilbert | |
| - Dockerfile.worker-scraper-service | |
| image_name: | |
| description: 'Docker image name' | |
| required: true | |
| default: 'gateway-api-service' | |
| type: choice | |
| options: | |
| - dashboard-service | |
| - gateway-api-service | |
| - model-service | |
| - model-service-distilbert | |
| - worker-scraper-service | |
| tag: | |
| description: 'Custom tag for the image' | |
| required: false | |
| default: 'latest' | |
| local_test: | |
| description: 'Local testing mode (skip push)' | |
| required: false | |
| default: 'false' | |
| permissions: | |
| contents: read | |
| security-events: write | |
| actions: read | |
| env: | |
| REGISTRY: docker.io | |
| IMAGE_ORG: ohsonoresearch | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Determine Dockerfile | |
| id: dockerfile_info | |
| run: | | |
| # For manual dispatch, use the selected dockerfile | |
| if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then | |
| DOCKERFILE="${{ github.event.inputs.dockerfile }}" | |
| else | |
| # For automatic triggers, default to dashboard | |
| # DOCKERFILE="Dockerfile.gateway-api-service" | |
| DOCKERFILE="Dockerfile.dashboard-service" | |
| fi | |
| echo "dockerfile=${DOCKERFILE}" >> $GITHUB_OUTPUT | |
| echo "Using Dockerfile: ${DOCKERFILE}" | |
| # Check if file exists | |
| if [ -f "${DOCKERFILE}" ]; then | |
| echo "dockerfile_exists=true" >> $GITHUB_OUTPUT | |
| echo "✅ Found ${DOCKERFILE}" | |
| else | |
| echo "dockerfile_exists=false" >> $GITHUB_OUTPUT | |
| echo "❌ ${DOCKERFILE} not found" | |
| echo "Available Dockerfiles:" | |
| ls -la Dockerfile* | |
| fi | |
| - name: Validate DockerHub Secrets | |
| if: | | |
| steps.dockerfile_info.outputs.dockerfile_exists == 'true' && | |
| github.event_name != 'pull_request' && | |
| github.event.inputs.local_test != 'true' | |
| run: | | |
| echo "Checking DockerHub secrets..." | |
| if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ]; then | |
| echo "❌ DOCKERHUB_USERNAME secret is missing or empty" | |
| exit 1 | |
| else | |
| echo "✅ DOCKERHUB_USERNAME secret is set" | |
| fi | |
| if [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then | |
| echo "❌ DOCKERHUB_TOKEN secret is missing or empty" | |
| exit 1 | |
| else | |
| echo "✅ DOCKERHUB_TOKEN secret is set" | |
| fi | |
| - name: Log in to DockerHub | |
| if: | | |
| steps.dockerfile_info.outputs.dockerfile_exists == 'true' && | |
| github.event_name != 'pull_request' && | |
| github.event.inputs.local_test != 'true' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| env: | |
| # Add environment variables for debugging | |
| DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Extract metadata | |
| if: steps.dockerfile_info.outputs.dockerfile_exists == 'true' | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/${{ github.event.inputs.image_name || 'dashboard-service' }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=raw,value=${{ github.event.inputs.tag }},enable=${{ github.event_name == 'workflow_dispatch' }} | |
| type=sha,prefix=sha- | |
| labels: | | |
| org.opencontainers.image.title=${{ github.event.inputs.image_name || 'dashboard-service' }} | |
| org.opencontainers.image.description=Docker image for ${{ github.repository }} | |
| org.opencontainers.image.vendor=ohsonoresearch | |
| - name: Build Docker image (local test mode) | |
| if: | | |
| steps.dockerfile_info.outputs.dockerfile_exists == 'true' && | |
| github.event.inputs.local_test == 'true' | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./${{ steps.dockerfile_info.outputs.dockerfile }} | |
| platforms: linux/amd64 | |
| push: false | |
| load: true | |
| tags: ${{ github.event.inputs.image_name || 'dashboard-service' }}:local-test | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Build and push Docker image (production) | |
| if: | | |
| steps.dockerfile_info.outputs.dockerfile_exists == 'true' && | |
| github.event.inputs.local_test != 'true' | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./${{ steps.dockerfile_info.outputs.dockerfile }} | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Test local image | |
| if: | | |
| steps.dockerfile_info.outputs.dockerfile_exists == 'true' && | |
| github.event.inputs.local_test == 'true' | |
| run: | | |
| echo "✅ Docker image built successfully!" | |
| echo "Image: ${{ github.event.inputs.image_name || 'dashboard-service' }}:local-test" | |
| echo "Dockerfile used: ${{ steps.dockerfile_info.outputs.dockerfile }}" | |
| docker images | head -10 | |
| # disabled this step | |
| # security-scan: | |
| # runs-on: ubuntu-latest | |
| # needs: build-and-push | |
| # if: github.event_name != 'pull_request' && github.event.inputs.local_test != 'true' | |
| # steps: | |
| # - name: Run Trivy vulnerability scanner | |
| # uses: aquasecurity/[email protected] | |
| # with: | |
| # image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/${{ github.event.inputs.image_name || 'dashboard-service' }}:latest | |
| # format: 'sarif' | |
| # output: 'trivy-results.sarif' | |
| # - name: Upload Trivy scan results to GitHub Security tab | |
| # uses: github/codeql-action/[email protected] | |
| # if: always() | |
| # with: | |
| # sarif_file: 'trivy-results.sarif' |