mirror of
https://github.com/OpenBankProject/OBP-API.git
synced 2026-02-06 11:06:49 +00:00
97 lines
4.0 KiB
YAML
97 lines
4.0 KiB
YAML
name: Build and publish jmx container develop
|
|
|
|
# read-write repo token
|
|
# access to secrets
|
|
on: workflow_dispatch
|
|
|
|
env:
|
|
## Sets environment variable
|
|
DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }}
|
|
DOCKER_HUB_REPOSITORY: obp-api
|
|
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: 'Download artifact'
|
|
uses: actions/github-script@v3.1.0
|
|
with:
|
|
script: |
|
|
var matchRun = workflowRuns.data.workflow_runs.filter((run) => {
|
|
return run.head_sha == context.sha
|
|
var workflowRuns = await github.actions.listWorkflowRunsForRepo({
|
|
})[0];
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
});
|
|
var artifacts = await github.actions.listWorkflowRunArtifacts({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
var matchRun = workflowRuns.data.workflow_runs.filter((run) => {
|
|
return run.head_sha == context.sha
|
|
})[0];
|
|
run_id: matchRun.id,
|
|
});
|
|
if (!matchRun) {
|
|
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
|
|
console.log('No matching workflow run found for this commit');
|
|
return;
|
|
}
|
|
return artifact.name == "push"
|
|
})[0];
|
|
var artifacts = await github.actions.listWorkflowRunArtifacts({
|
|
var download = await github.actions.downloadArtifact({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
run_id: matchRun.id,
|
|
artifact_id: matchArtifact.id,
|
|
});
|
|
archive_format: 'zip',
|
|
});
|
|
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
|
|
var fs = require('fs');
|
|
return artifact.name == "push"
|
|
})[0];
|
|
if (!matchArtifact) {
|
|
fs.writeFileSync('${{github.workspace}}/push.zip', Buffer.from(download.data));
|
|
- run: unzip push.zip
|
|
|
|
- name: prepare the artifact
|
|
run: |
|
|
mkdir -p obp-api/target/
|
|
cp push/obp-api-1.*.war obp-api/target/obp-api-1.10.1.war
|
|
|
|
- name: Build the Docker image
|
|
run: |
|
|
echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io
|
|
docker build . --file .github/Dockerfile_PreBuild --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:develop
|
|
docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags
|
|
echo docker done
|
|
|
|
- uses: sigstore/cosign-installer@main
|
|
|
|
- name: Write signing key to disk (only needed for `cosign sign --key`)
|
|
run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key
|
|
|
|
- name: Sign container image
|
|
run: |
|
|
cosign sign -y --key cosign.key \
|
|
docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:develop
|
|
cosign sign -y --key cosign.key \
|
|
docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest
|
|
cosign sign -y --key cosign.key \
|
|
docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA
|
|
cosign sign -y --key cosign.key \
|
|
docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:develop-OC
|
|
cosign sign -y --key cosign.key \
|
|
docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest-OC
|
|
env:
|
|
COSIGN_PASSWORD: "${{secrets.COSIGN_PASSWORD}}"
|
|
|
|
|
|
|