fix: fixed security issues #128
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################################################################################# | |
# Copyright (c) 2022,2023 T-Systems International GmbH | |
# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation | |
# | |
# See the NOTICE file(s) distributed with this work for additional | |
# information regarding copyright ownership. | |
# | |
# This program and the accompanying materials are made available under the | |
# terms of the Apache License, Version 2.0 which is available at | |
# https://www.apache.org/licenses/LICENSE-2.0. | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | |
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | |
# License for the specific language governing permissions and limitations | |
# under the License. | |
# | |
# SPDX-License-Identifier: Apache-2.0 | |
################################################################################ | |
name: build | |
# Controls when the workflow will run | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- './**' | |
tags: | |
- 'v*.*.*' | |
- 'v*.*.*-*' | |
pull_request: | |
branches: | |
- main | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
env: | |
IMAGE_NAMESPACE: "tractusx" | |
IMAGE_NAME: "managed-service-orchestrator" | |
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
jobs: | |
# This workflow contains a single job called "build" | |
build: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
# Create SemVer or ref tags dependent of trigger event | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: | | |
${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} | |
# Automatically prepare image tags; See action docs for more examples. | |
# semver patter will generate tags like these for example :1 :1.2 :1.2.3 | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}} | |
type=semver,pattern={{major}}.{{minor}} | |
flavor: | | |
latest=true | |
- name: DockerHub login | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v2 | |
with: | |
# Use existing DockerHub credentials present as secrets | |
username: ${{ secrets.DOCKER_HUB_USER }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Build and push | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
# Build image for verification purposes on every trigger event. Only push if event is not a PR | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
# https://github.com/peter-evans/dockerhub-description | |
# Important step to push image description to DockerHub | |
- name: Update Docker Hub description | |
if: github.event_name != 'pull_request' | |
uses: peter-evans/dockerhub-description@v3 | |
with: | |
# readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images' | |
# readme-filepath: path/to/dedicated/notice-for-docker-image.md | |
username: ${{ secrets.DOCKER_HUB_USER }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} |