Skip to content

Updated with store-layer-metadata #1045

Updated with store-layer-metadata

Updated with store-layer-metadata #1045

name: Docker image build and publish
on:
push:
branches:
- '**'
tags:
- '[0-9]+.[0-9]+.[0-9]+'
jobs:
docker-build-amd-only:
name: Build Docker amd64 image (quick turnaround)
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Build and potentially push Docker image
uses: docker/build-push-action@v5
with:
context: .
# ensure latest base image is used
pull: true
push: false
tags: adaguc-server
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.24.0
with:
image-ref: 'adaguc-server'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
trivyignores: .trivyignore
# severity: 'CRITICAL,HIGH'
docker-build-and-publish:
name: Build Docker image and potentially push to Docker Hub
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: 'arm64'
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
if: github.repository == 'KNMI/adaguc-server'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: openearth/adaguc-server
- name: Build and potentially push Docker image
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
# ensure latest base image is used
pull: true
push: ${{ github.repository == 'KNMI/adaguc-server' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}