python-hello-world/.github/workflows/docker-build.yaml at main · iExecBlockchainComputing/python-hello-world · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
name: Build and Push OCI Image

on:
  pull_request:
  push:
    branches: [main]
    tags:
      - 'v*.*.*'
  # can only be executed by people with write access on repository
  workflow_dispatch:

jobs:
  prepare:
    name: Determine image tag
    runs-on: ubuntu-latest
    # Prevent execution on forks
    if: github.repository_owner == 'iExecBlockchainComputing'
    outputs:
      image_tag: ${{ steps.determine-tag.outputs.image_tag }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v6
        with:
          fetch-depth: 0

      - name: Determine Docker tag based on Git ref
        id: determine-tag
        run: |
          if [ "${{ github.ref_type }}" = "tag" ] ; then
            # Since this workflow only triggers on tags matching 'v*.*.*' we know we're always dealing with a version tag
            TAG_ON_MAIN=$(git branch -r --contains ${{ github.sha }} 'origin/main')

            if [ -z "$TAG_ON_MAIN" ] ; then
              echo "Error: Tag ${{ github.ref_name }} is not on main branch"
              echo "Tags must be created on main branch to generate X.Y.Z image tags"
              exit 1
            fi

            GITHUB_REF_NAME="${{ github.ref_name }}"
            echo "Processing tag on main branch: ${{ github.ref_name }}"
            echo "image_tag=${GITHUB_REF_NAME#v}" | tee -a $GITHUB_OUTPUT
          else
            if [ "${{ github.event_name }}" = "pull_request" ] ; then
              SHORT_SHA=$(echo ${{ github.event.pull_request.head.sha }} | cut -c1-8)
            else
              SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-8)
            fi

            if [ "${{ github.ref_name }}" = "main" ] ; then
              echo "Processing main branch"
              echo "image_tag=dev-${SHORT_SHA}" | tee -a $GITHUB_OUTPUT
            else
              # This covers other branches
              echo "Processing feat/fix branch ${{ github.head_ref }}"
              echo "image_tag=feature-${SHORT_SHA}" | tee -a $GITHUB_OUTPUT
            fi
          fi

  build-oci-image:
    name: Build OCI image
    needs: prepare
    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-v3.3.0
    with:
      image-name: docker-regis.iex.ec/python-hello-world
      image-tag: ${{ needs.prepare.outputs.image_tag }}
      dockerfile: cloud-computing/Dockerfile
      context: cloud-computing
      registry: docker-regis.iex.ec
      push: true
      security-scan: true
      security-report: "comment"
      hadolint: true
      platform: linux/amd64
    secrets:
      dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
      dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN_PULL_ONLY }}
      username: ${{ secrets.NEXUS_USERNAME }}
      password: ${{ secrets.NEXUS_PASSWORD }}