Make docker compose a bit more robust with health check, add redactio… #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker Build & Publish API and Frontend | |
on: | |
push: | |
branches: [ "main" ] | |
pull_request: | |
branches: [ "main" ] | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
# This is used to complete the identity challenge | |
# with sigstore/fulcio when running outside of PRs. | |
id-token: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
fetch-tags: true | |
- name: Install cosign | |
if: github.event_name != 'pull_request' | |
uses: sigstore/cosign-installer@v3.3.0 | |
with: | |
cosign-release: 'v2.2.2' | |
- name: Setup Docker buildx | |
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf | |
- name: Log into registry ${{ env.REGISTRY }} | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract Docker Gohunt metadata | |
id: meta-api | |
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
- name: Build and push API Docker image | |
id: build-and-push-api | |
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a | |
with: | |
context: . | |
file: Dockerfile | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta-api.outputs.tags }} | |
labels: ${{ steps.meta-api.outputs.labels }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Sign the published API Docker image | |
if: ${{ github.event_name != 'pull_request' }} | |
env: | |
TAGS: ${{ steps.meta-api.outputs.tags }} | |
DIGEST: ${{ steps.build-and-push-api.outputs.digest }} | |
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} |