chore(deps): lock file maintenance (#1275) #885

Workflow file for this run

.github/workflows/build_push_container.yml at e2ed376

	name: Build and push container

	on:
	push:
	branches:
	- main
	paths:
	- ".dockerignore"
	- ".github/workflows/build_push_container.yml"
	- "wordpress/**"
	release:
	types:
	- created

	env:
	DOCKER_BUILDKIT: 1
	REPO_NAME: platform/wordpress
	STAGING_ECR_REGISTRY: 729164266357.dkr.ecr.ca-central-1.amazonaws.com

	jobs:
	build-push-container:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3

	- name: Configure AWS credentials
	id: aws-creds
	uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
	with:
	aws-access-key-id: ${{ secrets.STAGING_AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }}
	aws-region: ca-central-1

	- name: Login to ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@fc3959cb4cf5a821ab7a5a636ea4f1e855b05180 # v1.6.2

	- name: Docker image tag
	run: \|
	if [[ $GITHUB_EVENT_NAME == "release" ]]; then
	echo "IMAGE_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
	else
	echo "IMAGE_TAG=sha-${GITHUB_SHA}" >> $GITHUB_ENV
	fi

	- name: Add Composer auth credentials
	run: \|
	cd wordpress
	composer config github-oauth.github.com ${{ secrets.COMPOSER_GITHUB_TOKEN }}
	composer config http-basic.my.yoast.com token ${{ secrets.COMPOSER_YOAST_TOKEN }}

	- name: Build container
	run: \|
	docker build \
	--build-arg git_sha="$GITHUB_SHA" \
	--build-arg WPML_USER_ID="${{ secrets.WPML_USER_ID }}" \
	--build-arg WPML_KEY="${{ secrets.WPML_KEY }}" \
	-t "${{ env.STAGING_ECR_REGISTRY }}/${{ env.REPO_NAME }}:${{ env.IMAGE_TAG }}" \
	-f ./wordpress/docker/Dockerfile .

	- name: Push containers to ECR
	run: \|
	docker push ${{ env.STAGING_ECR_REGISTRY }}/${{ env.REPO_NAME }}:${{ env.IMAGE_TAG }}

	- name: Docker generate SBOM
	uses: cds-snc/security-tools/.github/actions/generate-sbom@cfec0943e40dbb78cee115bbbe89dc17f07b7a0f # v2.1.3
	with:
	docker_image: "${{ env.STAGING_ECR_REGISTRY }}/${{ env.REPO_NAME }}:${{ env.IMAGE_TAG }}"
	dockerfile_path: "wordpress/docker/Dockerfile"
	sbom_name: "wordpress"
	token: "${{ secrets.GITHUB_TOKEN }}"

	- name: Logout of ECR
	if: always()
	run: docker logout ${{ steps.login-ecr.outputs.registry }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): lock file maintenance (#1275) #885

Workflow file

chore(deps): lock file maintenance (#1275) #885

Jobs

Run details

Workflow file for this run