fix: requirements.txt to reduce vulnerabilities #123
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker | |
| on: | |
| push: | |
| branches: ["*"] | |
| tags: ["*"] | |
| env: | |
| REGISTRY: ghcr.io | |
| REPO: ${{ github.repository }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v3 | |
| - name: Generate version.py before building image | |
| run: | | |
| echo -e "__git_commit__ = \"${{ github.sha }}\"\n__time__ = \"$(date)\"" > ./app/version.py | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Log in to container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Keep Docker happy | |
| run: | | |
| echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} | |
| # This is only here because docker freaks out if the repo/tag that you're pushing to is not all lowercase | |
| - name: Extract metadata from Git | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.REPO }} | |
| - name: Build and push API image | |
| id: build-admin-image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| platforms: linux/amd64 | |
| context: . | |
| file: ./docker/Dockerfile | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| push: false | |
| # TODO: add a git tag and associated docker tag for it on merge |