Merge pull request #53 from tawoe/NEMO-develop #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build and publish container | |
on: | |
push: | |
branches: | |
- develop | |
env: | |
DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }} | |
DOCKER_HUB_REPOSITORY: api-explorer-ii | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Extract branch name | |
shell: bash | |
run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >>$GITHUB_OUTPUT | |
id: extract_branch | |
- uses: actions/checkout@v2 | |
- name: Build the Docker image with latest tag | |
run: | | |
echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io | |
docker build . --file Dockerfiles/Dockerfile_backend --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest | |
docker build . --file Dockerfiles/Dockerfile_frontend --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}-nginx:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}-nginx:${{ steps.extract_branch.outputs.branch }} --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}-nginx:latest | |
docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags | |
docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}-nginx --all-tags | |
echo docker api-explorer-ii with latest tag done | |
- uses: sigstore/cosign-installer@main | |
- name: Write signing key to disk (only needed for `cosign sign --key`) | |
run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key | |
- name: Sign container image with annotations from our environment | |
env: | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
run: | | |
cosign sign -y --key cosign.key \ | |
-a "repo=${{ github.repository }}" \ | |
-a "workflow=${{ github.workflow }}" \ | |
-a "ref=${{ github.sha }}" \ | |
docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} | |