chore(deps): lock file maintenance (#1629) #1060

Workflow file for this run

.github/workflows/build_push_container.yml at 8efd354

	name: Build and push container

	on:
	push:
	branches:
	- main
	paths:
	- ".dockerignore"
	- ".github/workflows/build_push_container.yml"
	- "wordpress/**"
	release:
	types:
	- created

	env:
	AWS_REGION: ca-central-1
	DOCKER_BUILDKIT: 1
	REPO_NAME: platform/wordpress
	STAGING_ECR_REGISTRY: 729164266357.dkr.ecr.ca-central-1.amazonaws.com

	permissions:
	id-token: write
	contents: read

	jobs:
	build-push-container:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	- name: Configure AWS credentials using OIDC
	uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
	env:
	ROLE_NAME: ${{ github.ref == 'refs/heads/main' && 'gc-articles-apply' \|\| 'gc-articles-ecr-tag-release' }}
	with:
	role-to-assume: arn:aws:iam::729164266357:role/${{ env.ROLE_NAME }}
	role-session-name: ECRPush
	aws-region: ${{ env.AWS_REGION }}

	- name: Login to ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1

	- name: Docker image tag
	run: \|
	if [[ $GITHUB_EVENT_NAME == "release" ]]; then
	echo "IMAGE_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
	else
	echo "IMAGE_TAG=sha-${GITHUB_SHA}" >> $GITHUB_ENV
	fi

	- name: Add Composer auth credentials
	run: \|
	cd wordpress
	composer config github-oauth.github.com ${{ secrets.COMPOSER_GITHUB_TOKEN }}
	composer config http-basic.my.yoast.com token ${{ secrets.COMPOSER_YOAST_TOKEN }}

	- name: Build container
	run: \|
	docker build \
	--build-arg git_sha="$GITHUB_SHA" \
	--build-arg WPML_USER_ID="${{ secrets.WPML_USER_ID }}" \
	--build-arg WPML_KEY="${{ secrets.WPML_KEY }}" \
	-t "${{ env.STAGING_ECR_REGISTRY }}/${{ env.REPO_NAME }}:${{ env.IMAGE_TAG }}" \
	-f ./wordpress/docker/Dockerfile .

	- name: Push containers to ECR
	run: \|
	docker push ${{ env.STAGING_ECR_REGISTRY }}/${{ env.REPO_NAME }}:${{ env.IMAGE_TAG }}

	- name: Docker generate SBOM
	uses: cds-snc/security-tools/.github/actions/generate-sbom@d6bb182e15f0cad80e7625887ae88e5830728aab # v3.0.0
	with:
	docker_image: "${{ env.STAGING_ECR_REGISTRY }}/${{ env.REPO_NAME }}:${{ env.IMAGE_TAG }}"
	dockerfile_path: "wordpress/docker/Dockerfile"
	sbom_name: "wordpress"
	token: "${{ secrets.GITHUB_TOKEN }}"

	- name: Logout of ECR
	if: always()
	run: docker logout ${{ steps.login-ecr.outputs.registry }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): lock file maintenance (#1629) #1060

Workflow file

chore(deps): lock file maintenance (#1629) #1060

Jobs

Run details

Workflow file for this run