Build No Cache #172

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/build-nocache.yml at 0f1f0b9

	name: Build No Cache

	on:
	workflow_dispatch:

	schedule:
	- cron: '0 13 * * 0'

	jobs:
	build:
	runs-on: ubuntu-latest
	env:
	DOCKER_IMAGE: ghcr.io/dfe-digital/publish-teacher-training

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set Environment variable
	run: \|
	GIT_REF=${{github.ref}}
	GIT_BRANCH=${GIT_REF##*/}
	echo "BRANCH_TAG=$GIT_BRANCH" >> $GITHUB_ENV
	echo "DOCKER_IMAGE_TAG=$GITHUB_SHA" >> $GITHUB_ENV
	# tag build to the review env for vars and secrets
	tf_vars_file=terraform/aks/workspace_variables/review_aks.tfvars.json
	echo "KEY_VAULT_NAME=$(jq -r '.key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV
	echo "KEY_VAULT_INFRA_SECRET_NAME=$(jq -r '.key_vault_infra_secret_name' ${tf_vars_file})" >> $GITHUB_ENV

	- uses: azure/login@v2
	with:
	creds: ${{ secrets.AZURE_CREDENTIALS_REVIEW_AKS }}

	- name: Validate Azure Key Vault secrets
	uses: DFE-Digital/github-actions/validate-key-vault-secrets@master
	with:
	KEY_VAULT: ${{ env.KEY_VAULT_NAME }}
	SECRETS: \|
	${{ env.KEY_VAULT_INFRA_SECRET_NAME }}

	- uses: DFE-Digital/keyvault-yaml-secret@v1
	id: get-secret
	with:
	keyvault: ${{ env.KEY_VAULT_NAME }}
	secret: ${{ env.KEY_VAULT_INFRA_SECRET_NAME }}
	key: SNYK_TOKEN

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build Publish-Teacher-Training-Middleman
	uses: docker/build-push-action@v6
	with:
	tags: ${{ env.DOCKER_IMAGE}}-middleman:${{ env.BRANCH_TAG }}
	push: true
	target: middleman
	build-args: BUILDKIT_INLINE_CACHE=1

	- name: Build Publish-Teacher-Training
	uses: docker/build-push-action@v6
	with:
	tags: \|
	${{ env.DOCKER_IMAGE}}:${{ env.BRANCH_TAG }}
	${{ env.DOCKER_IMAGE}}:${{ env.DOCKER_IMAGE_TAG }}
	push: false
	load: true
	build-args: \|
	BUILDKIT_INLINE_CACHE=1
	COMMIT_SHA=${{ env.DOCKER_IMAGE_TAG }}

	- name: Run Snyk to check Docker image for vulnerabilities
	uses: snyk/actions/docker@master
	env:
	SNYK_TOKEN: ${{ steps.get-secret.outputs.snyk_token }}
	with:
	image: ${{ env.DOCKER_IMAGE }}:${{ env.DOCKER_IMAGE_TAG }}
	args: --file=Dockerfile --exclude-app-vulns

	- name: Push ${{ env.DOCKER_IMAGE }} images
	if: ${{ success() }}
	run: docker image push --all-tags ${{ env.DOCKER_IMAGE }}

	- name: 'Notify #twd_findpub_tech on failure'
	if: failure()
	uses: rtCamp/action-slack-notify@master
	env:
	SLACK_CHANNEL: twd_findpub_tech
	SLACK_COLOR: '#ef5343'
	SLACK_ICON_EMOJI: ':github-logo:'
	SLACK_USERNAME: Publish Teacher Training
	SLACK_TITLE: Build failure on weekly rebuild cache workflow
	SLACK_MESSAGE: ':alert: <!channel> Publish Teacher Training Build failure :sadparrot:'
	SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build No Cache #172

Workflow file

Build No Cache #172

Jobs

Run details

Workflow file for this run