chore(deps): update all non-major github action dependencies (#1949) #69
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and push Apache sidecar container | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - ".github/workflows/build_push_apache_container.yml" | |
| - "wordpress/docker/apache/**" | |
| env: | |
| AWS_REGION: ca-central-1 | |
| DOCKER_BUILDKIT: 1 | |
| REPO_NAME: platform/apache | |
| STAGING_ECR_REGISTRY: 729164266357.dkr.ecr.ca-central-1.amazonaws.com | |
| PRODUCTION_ECR_REGISTRY: 472286471787.dkr.ecr.ca-central-1.amazonaws.com | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build-push-staging-container: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
| - name: Configure AWS credentials using OIDC | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| with: | |
| role-to-assume: arn:aws:iam::729164266357:role/gc-articles-apply | |
| role-session-name: ECRPush | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1 | |
| - name: Docker image tag | |
| run: | | |
| VERSION=$(cat wordpress/docker/apache/VERSION | xargs) | |
| echo "IMAGE_TAG=v$VERSION" >> $GITHUB_ENV | |
| - name: Build container | |
| run: | | |
| docker build \ | |
| --build-arg git_sha="$GITHUB_SHA" \ | |
| --build-arg APACHE_KEY="${{ secrets.STAGING_WORDPRESS_APACHE_KEY }}" \ | |
| --build-arg APACHE_CERT="${{ secrets.STAGING_WORDPRESS_APACHE_CERT }}" \ | |
| -t "${{ env.STAGING_ECR_REGISTRY }}/${{ env.REPO_NAME }}:${{ env.IMAGE_TAG }}" \ | |
| -f ./wordpress/docker/apache/Dockerfile . | |
| - name: Push containers to ECR | |
| run: | | |
| docker push ${{ env.STAGING_ECR_REGISTRY }}/${{ env.REPO_NAME }}:${{ env.IMAGE_TAG }} | |
| - name: Logout of ECR | |
| if: always() | |
| run: docker logout ${{ steps.login-ecr.outputs.registry }} | |
| build-push-production-container: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
| - name: Configure AWS credentials using OIDC | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| with: | |
| role-to-assume: arn:aws:iam::472286471787:role/gc-articles-apply | |
| role-session-name: ECRPush | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1 | |
| - name: Docker image tag | |
| run: | | |
| VERSION=$(cat wordpress/docker/apache/VERSION | xargs) | |
| echo "IMAGE_TAG=v$VERSION" >> $GITHUB_ENV | |
| - name: Build container | |
| run: | | |
| docker build \ | |
| --build-arg git_sha="$GITHUB_SHA" \ | |
| --build-arg APACHE_KEY="${{ secrets.PRODUCTION_WORDPRESS_APACHE_KEY }}" \ | |
| --build-arg APACHE_CERT="${{ secrets.PRODUCTION_WORDPRESS_APACHE_CERT }}" \ | |
| -t "${{ env.PRODUCTION_ECR_REGISTRY }}/${{ env.REPO_NAME }}:${{ env.IMAGE_TAG }}" \ | |
| -f ./wordpress/docker/apache/Dockerfile . | |
| - name: Push containers to ECR | |
| run: | | |
| docker push ${{ env.PRODUCTION_ECR_REGISTRY }}/${{ env.REPO_NAME }}:${{ env.IMAGE_TAG }} | |
| - name: Docker generate SBOM | |
| uses: cds-snc/security-tools/.github/actions/generate-sbom@34794baf2af592913bb5b51d8df4f8d0acc49b6f # v3.2.0 | |
| env: | |
| TRIVY_DB_REPOSITORY: ${{ vars.TRIVY_DB_REPOSITORY }} | |
| with: | |
| docker_image: "${{ env.PRODUCTION_ECR_REGISTRY }}/${{ env.REPO_NAME }}:${{ env.IMAGE_TAG }}" | |
| dockerfile_path: "wordpress/docker/apache/Dockerfile" | |
| sbom_name: "apache" | |
| token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Logout of ECR | |
| if: always() | |
| run: docker logout ${{ steps.login-ecr.outputs.registry }} |