chore(deployment): enable readOnlyRootFilesystem #387
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################################################################################# | |
# Copyright (c) 2022,2024 T-Systems International GmbH | |
# Copyright (c) 2022,2024 Contributors to the Eclipse Foundation | |
# | |
# See the NOTICE file(s) distributed with this work for additional | |
# information regarding copyright ownership. | |
# | |
# This program and the accompanying materials are made available under the | |
# terms of the Apache License, Version 2.0 which is available at | |
# https://www.apache.org/licenses/LICENSE-2.0. | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | |
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | |
# License for the specific language governing permissions and limitations | |
# under the License. | |
# | |
# SPDX-License-Identifier: Apache-2.0 | |
################################################################################ | |
name: SDfactorypipeline | |
# Controls when the workflow will run | |
on: | |
# Triggers the workflow on push or pull request events but only for the main branch | |
push: | |
branches: | |
- main | |
paths: | |
- 'sdfactory/**' | |
tags: | |
- 'v*.*.*' | |
- 'v*.*.*-*' | |
pull_request: | |
branches: | |
- main | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
env: | |
IMAGE_NAMESPACE: "tractusx" | |
IMAGE_NAME: "sdfactory" | |
jobs: | |
docker: | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
# Create SemVer or ref tags dependent of trigger event | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} | |
# Automatically prepare image tags; See action docs for more examples. | |
# semver patter will generate tags like these for example :1 :1.2 :1.2.3 | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}} | |
type=semver,pattern={{major}}.{{minor}} | |
- name: DockerHub login | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
# Use existing DockerHub credentials present as secrets | |
username: ${{ secrets.DOCKER_HUB_USER }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Build and push | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
# Build image for verification purposes on every trigger event. Only push if event is not a PR | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
# https://github.com/peter-evans/dockerhub-description | |
# Important step to push image description to DockerHub | |
- name: Update Docker Hub description | |
if: github.event_name != 'pull_request' | |
uses: peter-evans/dockerhub-description@v4 | |
with: | |
# readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images' | |
readme-filepath: ./DOCKER_NOTICE.md | |
username: ${{ secrets.DOCKER_HUB_USER }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} |