Update dependency webpack to v5.94.0 [SECURITY] #282
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build and publish image | |
on: | |
push: | |
branches: | |
- "main" | |
- "deployment" | |
pull_request: | |
workflow_dispatch: | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Extract branch name | |
shell: bash | |
run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT | |
id: extract_branch | |
- name: Generate tag | |
id: generate_tag | |
shell: bash | |
run: | | |
if [[ "${{ github.event_name == 'push' && startsWith(steps.extract_branch.outputs.branch , 'deployment') }}" == "true" ]]; then | |
echo "tag=deployment-$(echo ${{ github.sha }} | cut -c1-7)-$(date +%s)" >> $GITHUB_OUTPUT | |
exit 0 | |
fi | |
echo "tag=wip-$(echo ${{ github.sha }} | cut -c1-7)-$(date +%s)" >> $GITHUB_OUTPUT | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Cache Docker layers | |
uses: actions/cache@v3 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Determine whether to Publish image | |
id: is_publish | |
run: | | |
if [[ "${{ github.event_name == 'push' && startsWith(steps.extract_branch.outputs.branch , 'deployment') }}" == "true" ]]; then | |
echo "push to deployment branch" | |
echo "is_publish=true" >> $GITHUB_OUTPUT | |
exit 0 | |
else | |
if `gh pr view --json files --jq '[.files.[].path]'|jq -e 'map(. == ".github/workflows/publish-images.yml" or . == "docker-bake.hcl") |any'`; then | |
echo "push to development branch and changed docker-bake.hcl or .github/workflows/publish-images.yml" | |
echo "is_publish=true" >> $GITHUB_OUTPUT | |
exit 0 | |
fi | |
fi | |
echo "push to development branch and not changed docker-bake.hcl or .github/workflows/publish-images.yml" | |
echo "is_publish=false" >> $GITHUB_OUTPUT | |
exit 0 | |
env: | |
GH_TOKEN: ${{ github.token }} | |
- name: Bake images | |
uses: docker/bake-action@v4 | |
env: | |
TAG: ${{ steps.generate_tag.outputs.tag }} | |
with: | |
files: ./docker-bake.hcl | |
push: ${{ steps.is_publish.outputs.is_publish == 'true' }} | |
set: | | |
*.cache-from=type=local,src=/tmp/.buildx-cache | |
*.cache-to=type=local,mode=min,dest=/tmp/.buildx-cache-new | |
provenance: false | |
# https://github.com/docker/build-push-action/issues/252#issuecomment-744400434 | |
- name: Move Cache | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache |