Build and push ckan-docker image from PR Merge

Update DOCKERFILE_PATH in GitHub workflows #37

Workflow file for this run

.github/workflows/docker-build.yml at 80d0e8c

	name: Build and push ckan-docker image from PR Merge

	on:
	pull_request:
	types:
	- closed
	branches:
	- master
	- 'ckan-..*'
	- '!ckan-main'
	- '!dev/ckan-..*'
	- '!feature/*'
	- '!fix/*'

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: mjanez/ckan-base-spatial
	TAG: ghcr.io/mjanez/ckan-base-spatial:${{ github.head_ref }}
	CONTEXT: .
	BRANCH: ${{ github.head_ref }}
	DOCKERFILE_PATH: /ckan
	DOCKERFILE: Dockerfile

	jobs:
	docker:
	name: runner/build-docker-push:${{ github.head_ref }}
	runs-on: ubuntu-latest
	if: github.event.pull_request.merged == true

	steps:
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Check out code
	uses: actions/checkout@v4

	- name: Set DOCKERFILE_PATH
	run: \|
	BRANCH_TRIMMED=$(echo ${{ env.BRANCH }} \| sed 's/^ckan-//' \| sed 's/$[0-9]$\.[0-9]*-dev$/\1-dev/' \| sed 's/-dev$//')
	if [[ "${{ env.BRANCH }}" == "master" ]]; then
	echo "DOCKERFILE_PATH=/ckan-master/base" >> $GITHUB_ENV
	elif [[ "${{ env.BRANCH }}" == *"-dev" ]]; then
	echo "DOCKERFILE_PATH=/ckan-${BRANCH_TRIMMED}/dev" >> $GITHUB_ENV
	else
	echo "DOCKERFILE_PATH=/ckan-${BRANCH_TRIMMED}/base" >> $GITHUB_ENV
	fi

	- name: Login to registry
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Extract Docker metadata
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	labels: \|
	org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/blob/${{ env.BRANCH }}/README.md
	org.opencontainers.image.version=${{ env.BRANCH }}

	- name: Build and push
	uses: docker/build-push-action@v5
	with:
	push: true
	tags: ${{ env.TAG }}
	labels: ${{ steps.meta.outputs.labels }}
	context: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}
	file: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}

	- name: Linting Dockerfile with hadolint in GH Actions
	uses: hadolint/hadolint-action@v3.1.0
	with:
	dockerfile: ${{ env.CONTEXT }}${{ env.DOCKERFILE_PATH }}/${{ env.DOCKERFILE }}
	no-fail: true

	- name: Run Trivy container image vulnerability scanner
	uses: aquasecurity/trivy-action@0.18.0
	with:
	image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH }}
	format: sarif
	output: trivy-results.sarif

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	if: always()
	with:
	sarif_file: trivy-results.sarif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update DOCKERFILE_PATH in GitHub workflows #37

Workflow file

Update DOCKERFILE_PATH in GitHub workflows #37

Jobs

Run details

Workflow file for this run