Skip to content

push-dockerhub-nightly #944

push-dockerhub-nightly

push-dockerhub-nightly #944

# Copyright (c) 2021 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Eclipse Public License 2.0 which is available at
# http://www.eclipse.org/legal/epl-2.0
#
# SPDX-License-Identifier: EPL-2.0
name: push-dockerhub-nightly
on:
schedule:
- cron: '0 1 * * *' # run at 1 AM UTC
workflow_dispatch:
jobs:
build:
if: github.repository == 'eclipse-ditto/ditto'
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2 # setup buildx in order to do build and push multi-architecture images
-
name: Inspect buildx builder
run: |
echo "Name: ${{ steps.buildx.outputs.name }}"
echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}"
echo "Status: ${{ steps.buildx.outputs.status }}"
echo "Flags: ${{ steps.buildx.outputs.flags }}"
echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
-
name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: eclipsedittobot
password: ${{ secrets.DOCKER_HUB_TOKEN }}
-
name: Branch name
id: branch_name
run: |
echo "IMAGE_TAG=nightly" >> $GITHUB_ENV
-
name: Building + pushing Docker images for tag
run: |
echo $IMAGE_TAG
-
name: Build and push ditto-policies
uses: docker/build-push-action@v3
with:
context: .
file: dockerfile-release
platforms: linux/amd64,linux/arm64
build-args: |
SERVICE_STARTER=ditto-policies-service
SERVICE_VERSION=0-SNAPSHOT
MAIN_CLASS=org.eclipse.ditto.policies.service.starter.PoliciesService
pull: true
push: true
tags: |
eclipse/ditto-policies:${{ env.IMAGE_TAG }}
-
name: Build and push ditto-things
uses: docker/build-push-action@v3
with:
context: .
file: dockerfile-release
platforms: linux/amd64,linux/arm64
build-args: |
SERVICE_STARTER=ditto-things-service
SERVICE_VERSION=0-SNAPSHOT
MAIN_CLASS=org.eclipse.ditto.things.service.starter.ThingsService
pull: true
push: true
tags: |
eclipse/ditto-things:${{ env.IMAGE_TAG }}
-
name: Build and push ditto-gateway
uses: docker/build-push-action@v3
with:
context: .
file: dockerfile-release
platforms: linux/amd64,linux/arm64
build-args: |
SERVICE_STARTER=ditto-gateway-service
SERVICE_VERSION=0-SNAPSHOT
MAIN_CLASS=org.eclipse.ditto.gateway.service.starter.GatewayService
pull: true
push: true
tags: |
eclipse/ditto-gateway:${{ env.IMAGE_TAG }}
-
name: Build and push ditto-thingsearch
uses: docker/build-push-action@v3
with:
context: .
file: dockerfile-release
platforms: linux/amd64,linux/arm64
build-args: |
SERVICE_STARTER=ditto-thingsearch-service
SERVICE_VERSION=0-SNAPSHOT
MAIN_CLASS=org.eclipse.ditto.thingsearch.service.starter.SearchService
pull: true
push: true
tags: |
eclipse/ditto-things-search:${{ env.IMAGE_TAG }}
-
name: Build and push ditto-connectivity
uses: docker/build-push-action@v3
with:
context: .
file: dockerfile-release
platforms: linux/amd64,linux/arm64
build-args: |
SERVICE_STARTER=ditto-connectivity-service
SERVICE_VERSION=0-SNAPSHOT
MAIN_CLASS=org.eclipse.ditto.connectivity.service.ConnectivityService
JVM_CMD_ARGS=--add-opens java.base/java.nio=ALL-UNNAMED --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/sun.security.util=ALL-UNNAMED
pull: true
push: true
tags: |
eclipse/ditto-connectivity:${{ env.IMAGE_TAG }}
-
name: Use Node.js 18.x
uses: actions/setup-node@v3
with:
node-version: 18
-
name: Install npm dependencies
run: npm install
working-directory: ./ui
-
name: Build UI with node
run: npm run build
working-directory: ./ui
-
name: Build and push ditto-ui image
uses: docker/build-push-action@v3
with:
context: ./ui
file: ui/Dockerfile
platforms: linux/amd64,linux/arm64
pull: true
push: true
tags: |
eclipse/ditto-ui:${{ env.IMAGE_TAG }}
-
name: Run Trivy vulnerability scanner for ditto-policies
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/eclipse/ditto-policies:${{ env.IMAGE_TAG }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'
-
name: Run Trivy vulnerability scanner for ditto-things
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/eclipse/ditto-things:${{ env.IMAGE_TAG }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'
-
name: Run Trivy vulnerability scanner for ditto-gateway
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/eclipse/ditto-gateway:${{ env.IMAGE_TAG }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'
-
name: Run Trivy vulnerability scanner for ditto-things-search
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/eclipse/ditto-things-search:${{ env.IMAGE_TAG }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'
-
name: Run Trivy vulnerability scanner for ditto-connectivity
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/eclipse/ditto-connectivity:${{ env.IMAGE_TAG }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'
-
name: Run Trivy vulnerability scanner for ditto-ui
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/eclipse/ditto-ui:${{ env.IMAGE_TAG }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'