Skip to content

Commit

Permalink
Merge pull request #17 from bcgov/chore/security
Browse files Browse the repository at this point in the history
Update Python base image to 3.12-alpine
  • Loading branch information
kyle1morel authored Mar 22, 2024
2 parents 302f43a + 500a356 commit 3ff2c95
Show file tree
Hide file tree
Showing 7 changed files with 160 additions and 18 deletions.
4 changes: 4 additions & 0 deletions .github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# These users will be the default owners for everything in the repo.
# Unless a later match takes precedence, the following users will be
# requested for review when someone opens a pull request.
@kyle1morel @TimCsaky @wilwong89 @jatindersingh93 @norrisng-bc
87 changes: 87 additions & 0 deletions .github/actions/build-push-container/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
name: Build & Push Container
description: Builds a container from a Dockerfile and pushes to registry

inputs:
context:
description: Effective Working Directory
required: true
default: "./"
image_name:
description: Image Name
required: true
github_username:
description: Github Container Registry Username
required: true
github_token:
description: Github Container Registry Authorization Token
required: true
dockerhub_username:
description: Dockerhub Container Registry Username
required: false
dockerhub_organization:
description: Dockerhub Container Registry Organization
required: false
default: bcgovimages
dockerhub_token:
description: Dockerhub Container Registry Authorization Token
required: false

runs:
using: composite
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Parse Input Values
shell: bash
run: |
echo "GH_USERNAME=$(tr '[:upper:]' '[:lower:]' <<< '${{ inputs.github_username }}')" >> $GITHUB_ENV
echo "HAS_DOCKERHUB=${{ fromJson(inputs.dockerhub_username != '' && inputs.dockerhub_token != '') }}" >> $GITHUB_ENV
- name: Login to Github Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ env.GH_USERNAME }}
password: ${{ inputs.github_token }}

- name: Login to Dockerhub Container Registry
if: env.HAS_DOCKERHUB == 'true'
uses: docker/login-action@v3
with:
registry: docker.io
username: ${{ inputs.dockerhub_username }}
password: ${{ inputs.dockerhub_token }}

- name: Prepare Container Metadata tags
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ env.GH_USERNAME }}/${{ inputs.image_name }}
docker.io/${{ inputs.dockerhub_organization }}/${{ inputs.image_name }},enable=${{ env.HAS_DOCKERHUB }}
# Always updates the 'latest' tag
flavor: |
latest=true
# Creates tags based off of branch names and semver tags
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
- name: Build and Push to Container Registry
id: builder
uses: docker/build-push-action@v5
with:
context: ${{ inputs.context }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

- name: Inspect Docker Image
shell: bash
run: |
docker image inspect ghcr.io/${{ env.GH_USERNAME }}/${{ inputs.image_name }}:latest
16 changes: 0 additions & 16 deletions .github/workflows/docker-image.yaml

This file was deleted.

34 changes: 34 additions & 0 deletions .github/workflows/on-pr-opened.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: Pull Request Opened

env:
APP_NAME: clamav-mirror

on:
pull_request:
branches:
- master
types:
- opened
- reopened
- synchronize

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true

jobs:
build:
name: Build & Push
if: "! github.event.pull_request.head.repo.fork"
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build & Push
uses: ./.github/actions/build-push-container
with:
context: ./docker
image_name: ${{ env.APP_NAME }}
github_username: ${{ github.repository_owner }}
github_token: ${{ secrets.GITHUB_TOKEN }}
33 changes: 33 additions & 0 deletions .github/workflows/on-push.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: Push

env:
APP_NAME: clamav-mirror

on:
push:
branches:
- master
tags:
- v*.*.*

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true

jobs:
build:
name: Build & Push
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build & Push
uses: ./.github/actions/build-push-container
with:
context: ./docker
image_name: ${{ env.APP_NAME }}
github_username: ${{ github.repository_owner }}
github_token: ${{ secrets.GITHUB_TOKEN }}
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }}
2 changes: 1 addition & 1 deletion docker/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM docker.io/python:3.9-alpine
FROM docker.io/python:3.12-alpine
ENV PYTHONUNBUFFERED 1
WORKDIR /opt/app-root/src

Expand Down
2 changes: 1 addition & 1 deletion openshift/app.bc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ parameters:
description: Base Image to build from
displayName: Base Image
required: true
value: docker.io/python:3.9-alpine
value: docker.io/python:3.11-alpine
- name: REPO_NAME
description: Application repository name
displayName: Repository Name
Expand Down

0 comments on commit 3ff2c95

Please sign in to comment.