chore(deps): bump the minor-security group across 2 directories with … #397
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Image Build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| image_base: ghcr.io/${{ github.repository }} | |
| jobs: | |
| build-image: | |
| # Builds each image in a separate job in parallel. | |
| strategy: | |
| matrix: | |
| # The docker/build-push-action uses the git repo as the docker build context instead of | |
| # cloning the repo to the action runner disk and using the disk context. For the API image | |
| # we need to set the context to just the api/ directory which the '{{defaultContext}}:api' | |
| # syntax does: https://github.com/docker/build-push-action?tab=readme-ov-file#git-context. | |
| include: | |
| - container: api | |
| docker_context: "{{defaultContext}}:api" | |
| dockerfile: Dockerfile | |
| platforms: linux/amd64 | |
| - container: dbseed | |
| docker_context: "{{defaultContext}}:api" | |
| dockerfile: Dockerfile.dbseed | |
| platforms: linux/amd64 | |
| - container: dbinit | |
| docker_context: "{{defaultContext}}:api/dbinit" | |
| dockerfile: Dockerfile | |
| platforms: linux/amd64 | |
| - container: partners | |
| docker_context: "{{defaultContext}}" | |
| dockerfile: Dockerfile.sites.partners | |
| platforms: linux/amd64 | |
| - container: public | |
| docker_context: "{{defaultContext}}" | |
| dockerfile: Dockerfile.sites.public | |
| platforms: linux/amd64 | |
| - container: infra | |
| docker_context: "{{defaultContext}}:infra" | |
| dockerfile: Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| - container: infra-dev | |
| docker_context: "{{defaultContext}}:infra" | |
| dockerfile: Dockerfile.dev | |
| platforms: linux/amd64,linux/arm64 | |
| - container: aws-otel-collector | |
| docker_context: "{{defaultContext}}:infra/aws-otel-collector" | |
| dockerfile: Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3.6.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Required to build multi-arch images. | |
| - name: Setup Docker QEMU | |
| uses: docker/setup-qemu-action@v3.7.0 | |
| # Required to use image layer cache. | |
| - name: Setup Docker Buildx | |
| uses: docker/setup-buildx-action@v3.11.1 | |
| - name: "Build and push image" | |
| uses: docker/build-push-action@v6.18.0 | |
| with: | |
| push: true | |
| cache-to: type=registry,mode=max,ref=${{ env.image_base }}/${{ matrix.container }}/container-layer-cache:latest | |
| cache-from: type=registry,ref=${{ env.image_base }}/${{ matrix.container }}/container-layer-cache:latest | |
| context: ${{ matrix.docker_context }} | |
| file: ${{ matrix.dockerfile }} | |
| platforms: ${{ matrix.platforms }} | |
| # the 'tags' and 'labels' fields are 'newline-delimited string': https://github.com/docker/build-push-action#inputs. | |
| tags: | | |
| ${{ env.image_base }}/${{ matrix.container }}:gitsha-${{ github.sha }} | |
| ${{ env.image_base }}/${{ matrix.container }}:latest | |
| # The org.opencontainers.image.source label Connects the image to the repository: | |
| # https://docs.github.com/en/packages/learn-github-packages/connecting-a-repository-to-a-package. | |
| labels: | | |
| org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
| bloom.git.built-from-branch=${{ github.ref_name }} | |
| bloom.git.built-from-sha=${{ github.sha }} |