chore: add individual review cards for 5 Vuetify 3 dashboard templates #666
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Push Heimdall Server to Docker Hub on every merge to master and tag as latest | |
| on: | |
| push: | |
| branches: [master] | |
| workflow_dispatch: | |
| inputs: | |
| use_build_cloud: | |
| description: 'Use Docker Build Cloud (fast, uses minutes)' | |
| required: false | |
| type: boolean | |
| default: false | |
| permissions: | |
| contents: read | |
| jobs: | |
| docker: | |
| name: Build and Push to Docker Hub | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout the Heimdall Repository | |
| uses: actions/checkout@v5 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ vars.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_PAT }} | |
| - name: Set up QEMU (for emulated builds) | |
| if: github.event.inputs.use_build_cloud != 'true' | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx (Local) | |
| if: github.event.inputs.use_build_cloud != 'true' | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Set up Docker Buildx (Docker Build Cloud) | |
| if: github.event.inputs.use_build_cloud == 'true' | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver: cloud | |
| endpoint: "mitre/mitre-builder" | |
| - name: Build and push multi-platform server image | |
| uses: docker/bake-action@v5 | |
| env: | |
| TAG_SUFFIXES: "${{ github.sha }},latest" | |
| with: | |
| files: docker-bake.hcl | |
| targets: server | |
| push: true | |
| - name: Get Docker SHA since the Iron Bank release requires us to specify the exact resources we need them to pull into the environment | |
| shell: bash | |
| id: get-docker-sha | |
| run: | | |
| MAX_RETRIES=5 | |
| RETRY_DELAY=0.5 # in seconds | |
| RETRY_COUNT=0 | |
| SUCCESS=false | |
| while [ "$RETRY_COUNT" -lt "$MAX_RETRIES" ]; do | |
| if docker pull mitre/heimdall2:${{ github.sha }}; then | |
| SUCCESS=true | |
| break | |
| else | |
| RETRY_COUNT="$((RETRY_COUNT + 1))" | |
| echo "Retry $RETRY_COUNT/$MAX_RETRIES: Docker pull failed. Retrying in $RETRY_DELAY seconds..." | |
| sleep "$RETRY_DELAY" | |
| fi | |
| done | |
| if [ "$SUCCESS" = true ]; then | |
| echo "DOCKER_SHA=$(docker inspect --format='{{index .RepoDigests 0}}' mitre/heimdall2:${{ github.sha }} | cut -d '@' -f 2)" >> $GITHUB_ENV | |
| else | |
| echo "Docker pull failed after $MAX_RETRIES attempts." | |
| exit 1 | |
| fi | |
| - name: Upgrade Iron Bank | |
| uses: mitre/ironbank_release_action@v1 | |
| with: | |
| name: Heimdall | |
| version: ${{ github.sha }} | |
| ironbank_pat: ${{ secrets.SAF_IRONBANK_REPO1_PAT }} | |
| ironbank_username: ${{ secrets.SAF_IRONBANK_REPO1_USERNAME }} | |
| ironbank_project_id: 17076 | |
| ironbank_project_clone_url: repo1.dso.mil/dsop/mitre/security-automation-framework/heimdall2-mainline.git | |
| git_commit_author_name: "Automated Heimdall Release" | |
| git_commit_author_email: "saf@mitre.org" | |
| update_commands: | | |
| yq e -i '.args.HEIMDALL_VERSION=\"${{ github.sha }}\" | .tags[0]=\"${{ github.sha }}\" | .labels.\"org.opencontainers.image.version\"=\"${{ github.sha }}\" | .resources[1].tag=\"mitre/heimdall2:${{ github.sha }}\" | .resources[1].url=\"docker://docker.io/mitre/heimdall2@${{ env.DOCKER_SHA }}\"' hardening_manifest.yaml | |
| sed -i s/HEIMDALL_VERSION=\.\*/HEIMDALL_VERSION=${{ github.sha }}/ Dockerfile |