Skip to content

chore: updates for 1.4.17 (#1417) #451

chore: updates for 1.4.17 (#1417)

chore: updates for 1.4.17 (#1417) #451

Workflow file for this run

name: Publish Docker images
env:
DOCKERHUB_REPOSITORY: nuwcdivnpt/stig-manager
on:
workflow_dispatch:
push:
branches:
- main
paths:
- 'api/source/**'
- 'client/src/**'
- 'docs/**'
- 'Dockerfile'
- '.github/workflows/build-client.yml'
- '.github/workflows/build-docs.yml'
- '.github/workflows/pub-docker.yml'
tags:
- 1.**
jobs:
build-client:
uses: nuwcdivnpt/stig-manager/.github/workflows/build-client.yml@main
build-docs:
uses: nuwcdivnpt/stig-manager/.github/workflows/build-docs.yml@main
build-push-alpine:
name: Build and push from Alpine base
needs:
- build-client
- build-docs
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v4
with:
ref: main
fetch-depth: 0
- name: Download client distribution
uses: actions/download-artifact@v4
with:
name: client-dist
path: ./client/dist
- name: Download documentation
uses: actions/download-artifact@v4
with:
name: docs-build
path: ./docs/_build/html
- name: Get repository metadata
id: repo
uses: actions/github-script@v7
with:
script: |
const repo = await github.rest.repos.get(context.repo)
return repo.data
- name: Prepare variables
id: prep
run: |
DOCKER_IMAGE=${{ env.DOCKERHUB_REPOSITORY }}
BRANCH=$(git symbolic-ref --short HEAD)
SHA=$(git rev-parse --short=10 HEAD)
DESCRIBE=$(git describe --tags)
TAG=$(git describe --tags --abbrev=0)
TAGS=${DOCKER_IMAGE}:latest
[[ ${{ github.ref_type }} == "tag" ]] && TAGS="$TAGS,${DOCKER_IMAGE}:${{ github.ref_name }}"
echo "version=${TAG}" >> $GITHUB_OUTPUT
echo "sha=${SHA}" >> $GITHUB_OUTPUT
echo "tab=${TAG}" >> $GITHUB_OUTPUT
echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
echo "describe=${DESCRIBE}" >> $GITHUB_OUTPUT
echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # pin@v2
- name: Login to DockerHub
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # pin@v2
with:
username: ${{ secrets.DOCKERHUB_ORG_OWNER_USERNAME }}
password: ${{ secrets.DOCKERHUB_ORG_OWNER_PW }}
- name: Build and push
id: docker_build
uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # pin@v3
with:
context: .
file: ./Dockerfile
push: true
build-args: |
COMMIT_BRANCH=${{ steps.prep.outputs.branch }}
COMMIT_SHA=${{ steps.prep.outputs.sha }}
COMMIT_TAG=${{ steps.prep.outputs.tag }}
COMMIT_DESCRIBE=${{ steps.prep.outputs.describe }}
tags: ${{ steps.prep.outputs.tags }}
labels: |
stig-manager.last-migration.mysql=1.2.1
org.opencontainers.image.title=${{ fromJson(steps.repo.outputs.result).name }}
org.opencontainers.image.description=${{ fromJson(steps.repo.outputs.result).description }}
org.opencontainers.image.url=${{ fromJson(steps.repo.outputs.result).html_url }}
org.opencontainers.image.source=${{ fromJson(steps.repo.outputs.result).clone_url }}
org.opencontainers.image.version=${{ steps.prep.outputs.version }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ steps.prep.outputs.describe }}
org.opencontainers.image.licenses=${{ fromJson(steps.repo.outputs.result).license.spdx_id }}
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
- name: Update Docker Hub Description
uses: peter-evans/dockerhub-description@202973a37c8a723405c0c5f0a71b6d99db470dae # pin@v3
with:
username: ${{ secrets.DOCKERHUB_ORG_OWNER_USERNAME }}
password: ${{ secrets.DOCKERHUB_ORG_OWNER_PW }}
repository: ${{ env.DOCKERHUB_REPOSITORY }}
short-description: An API and Web client for managing STIG assessments.
readme-filepath: ./docs/the-project/DockerHub_Readme.md
build-push-ironbank:
name: Build and push from Iron Bank base
needs:
- build-client
- build-docs
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v4
with:
ref: main
fetch-depth: 0
- name: Download client distribution
uses: actions/download-artifact@v4
with:
name: client-dist
path: ./client/dist
- name: Download documentation
uses: actions/download-artifact@v4
with:
name: docs-build
path: ./docs/_build/html
- name: Get repository metadata
id: repo
uses: actions/github-script@v7
with:
script: |
const repo = await github.rest.repos.get(context.repo)
return repo.data
- name: Prepare variables
id: prep
run: |
DOCKER_IMAGE=${{ env.DOCKERHUB_REPOSITORY }}
BRANCH=$(git symbolic-ref --short HEAD)
SHA=$(git rev-parse --short=10 HEAD)
DESCRIBE=$(git describe --tags)
TAG=$(git describe --tags --abbrev=0)
TAGS="${DOCKER_IMAGE}:latest-ironbank"
[[ ${{ github.ref_type }} == "tag" ]] && TAGS="$TAGS,${DOCKER_IMAGE}:${{ github.ref_name }}-ironbank"
echo "version=${TAG}" >> $GITHUB_OUTPUT
echo "sha=${SHA}" >> $GITHUB_OUTPUT
echo "tab=${TAG}" >> $GITHUB_OUTPUT
echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
echo "describe=${DESCRIBE}" >> $GITHUB_OUTPUT
echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # pin@v2
- name: Login to DockerHub
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # pin@v2
with:
username: ${{ secrets.DOCKERHUB_ORG_OWNER_USERNAME }}
password: ${{ secrets.DOCKERHUB_ORG_OWNER_PW }}
- name: Login to Iron Bank
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # pin@v2
with:
registry: registry1.dso.mil
username: ${{ secrets.IRONBANK_USERNAME }}
password: ${{ secrets.IRONBANK_CLI_TOKEN }}
- name: Build and push
id: docker_build
uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # pin@v3
with:
context: .
file: ./Dockerfile
push: true
build-args: |
BASE_IMAGE=registry1.dso.mil/ironbank/opensource/nodejs/nodejs18:18.18
COMMIT_BRANCH=${{ steps.prep.outputs.branch }}
COMMIT_SHA=${{ steps.prep.outputs.sha }}
COMMIT_TAG=${{ steps.prep.outputs.tag }}
COMMIT_DESCRIBE=${{ steps.prep.outputs.describe }}
tags: ${{ steps.prep.outputs.tags }}
labels: |
stig-manager.last-migration.mysql=1.2.1
org.opencontainers.image.title=${{ fromJson(steps.repo.outputs.result).name }}
org.opencontainers.image.description=${{ fromJson(steps.repo.outputs.result).description }}
org.opencontainers.image.url=${{ fromJson(steps.repo.outputs.result).html_url }}
org.opencontainers.image.source=${{ fromJson(steps.repo.outputs.result).clone_url }}
org.opencontainers.image.version=${{ steps.prep.outputs.version }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ steps.prep.outputs.describe }}
org.opencontainers.image.licenses=${{ fromJson(steps.repo.outputs.result).license.spdx_id }}
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}