Merge pull request #1 from stackhpc/sd109-sync #7

Workflow file for this run

.github/workflows/docker-build-push-web-container-on-tag.yml at 336c41b

	name: Build and Push Web Image on Tag

	on:
	push:
	tags:
	- '*'

	env:
	REGISTRY_IMAGE: ghcr.io/stackhpc/danswer/danswer-web-server

	jobs:
	build:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	platform:
	- linux/amd64
	# - linux/arm64

	steps:
	- name: Prepare
	run: \|
	platform=${{ matrix.platform }}
	echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV

	- name: Checkout
	uses: actions/checkout@v4

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY_IMAGE }}
	tags: \|
	type=raw,value=${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }}
	type=raw,value=${{ env.REGISTRY_IMAGE }}:latest

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and push by digest
	id: build
	uses: docker/build-push-action@v5
	with:
	context: ./web
	file: ./web/Dockerfile
	platforms: ${{ matrix.platform }}
	push: true
	build-args: \|
	DANSWER_VERSION=${{ github.ref_name }}
	# needed due to weird interactions with the builds for different platforms
	no-cache: true
	labels: ${{ steps.meta.outputs.labels }}
	outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true

	- name: Export digest
	run: \|
	mkdir -p /tmp/digests
	digest="${{ steps.build.outputs.digest }}"
	touch "/tmp/digests/${digest#sha256:}"

	- name: Upload digest
	uses: actions/upload-artifact@v4
	with:
	name: digests-${{ env.PLATFORM_PAIR }}
	path: /tmp/digests/*
	if-no-files-found: error
	retention-days: 1

	merge:
	runs-on: ubuntu-latest
	needs:
	- build
	steps:
	- name: Download digests
	uses: actions/download-artifact@v4
	with:
	path: /tmp/digests
	pattern: digests-*
	merge-multiple: true

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY_IMAGE }}

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Create manifest list and push
	working-directory: /tmp/digests
	run: \|
	docker buildx imagetools create $(jq -cr '.tags \| map("-t " + .) \| join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
	$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)

	- name: Inspect image
	run: \|
	docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: ${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }}
	severity: 'CRITICAL,HIGH'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #1 from stackhpc/sd109-sync #7

Workflow file

Merge pull request #1 from stackhpc/sd109-sync #7

Jobs

Run details

Workflow file for this run