build: create slim variants of container images (#3218)

We want to test slim(med) images, for improved security and container image size. See https://github.com/slimtoolkit/slim for details.
sbb-design-systems · Nov 20, 2024 · 126a4ab · 126a4ab
1 parent b1e75ee
commit 126a4ab
Show file tree

Hide file tree

Showing 3 changed files with 69 additions and 0 deletions.
diff --git a/.github/workflows/continuous-integration-secure.yml b/.github/workflows/continuous-integration-secure.yml
@@ -69,6 +69,17 @@ jobs:
           docker push $IMAGE_REPO_PREVIEW:pr$PR_NUMBER
         env:
           DOCKER_BUILDKIT: 1
+      - name: Build slim image
+        uses: kitabisa/docker-slim-action@v1
+        with:
+          target: '${{ env.IMAGE_REPO_PREVIEW }}:pr${{ env.PR_NUMBER }}'
+          tag: '${{ env.IMAGE_REPO_PREVIEW }}:pr${{ env.PR_NUMBER }}-slim'
+        env:
+          DSLIM_PRESERVE_PATH: /usr/share/nginx/html
+      - name: Push slim image
+        run: |
+          docker push $IMAGE_REPO_PREVIEW:pr$PR_NUMBER-slim
+          docker image list
 
       - name: "Add 'preview-available' label"
         # This label is used for filtering deployments in ArgoCD
@@ -181,6 +192,18 @@ jobs:
           docker push $IMAGE_REPO_VISUAL_REGRESSION:pr$PR_NUMBER
         env:
           DOCKER_BUILDKIT: 1
+      - name: Build slim image
+        uses: kitabisa/docker-slim-action@v1
+        with:
+          target: '${{ env.IMAGE_REPO_VISUAL_REGRESSION }}:pr${{ env.PR_NUMBER }}'
+          tag: '${{ env.IMAGE_REPO_VISUAL_REGRESSION }}:pr${{ env.PR_NUMBER }}-slim'
+        env:
+          DSLIM_PRESERVE_PATH: /usr/share/nginx/html
+      - name: Push slim image
+        run: |
+          docker push $IMAGE_REPO_VISUAL_REGRESSION:pr{{ env.PR_NUMBER }}-slim
+          docker image list
+
       - name: Apply labels
         if: steps.screenshot-check.outputs.result == 'changed' || steps.screenshot-check.outputs.result == 'empty'
         run: |

diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
@@ -159,3 +159,14 @@ jobs:
           docker push $IMAGE_REPO_VISUAL_REGRESSION:baseline
         env:
           DOCKER_BUILDKIT: 1
+      - name: Build slim image
+        uses: kitabisa/docker-slim-action@v1
+        with:
+          target: '${{ env.IMAGE_REPO_VISUAL_REGRESSION }}:baseline'
+          tag: '${{ env.IMAGE_REPO_VISUAL_REGRESSION }}:baseline-slim'
+        env:
+          DSLIM_PRESERVE_PATH: /usr/share/nginx/html
+      - name: Push slim image
+        run: |
+          docker push $IMAGE_REPO_VISUAL_REGRESSION:baseline-slim
+          docker image list
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -94,12 +94,47 @@ jobs:
         env:
           DOCKER_BUILDKIT: 1
           VERSION: ${{ steps.release.outputs.version }}
+      - name: Build slim image with version
+        if: ${{ steps.release.outputs.release_created }}
+        uses: kitabisa/docker-slim-action@v1
+        with:
+          target: '${{ env.IMAGE_REPO_STORYBOOK }}:${{ steps.release.outputs.version }}'
+          tag: '${{ env.IMAGE_REPO_STORYBOOK }}:${{ steps.release.outputs.version }}-slim'
+        env:
+          DSLIM_PRESERVE_PATH: /usr/share/nginx/html
+      - name: Build slim image with latest
+        if: ${{ steps.release.outputs.release_created }}
+        uses: kitabisa/docker-slim-action@v1
+        with:
+          target: '${{ env.IMAGE_REPO_STORYBOOK }}:latest'
+          tag: '${{ env.IMAGE_REPO_STORYBOOK }}:latest-slim'
+        env:
+          DSLIM_PRESERVE_PATH: /usr/share/nginx/html
+      - name: Push slim image
+        if: ${{ steps.release.outputs.release_created }}
+        run: |
+          docker push $IMAGE_REPO_STORYBOOK:$VERSION-slim
+          docker push $IMAGE_REPO_STORYBOOK:latest-slim
+          docker image list
+        env:
+          VERSION: ${{ steps.release.outputs.version }}
       - name: 'Container: Build and publish dev image'
         run: |
           docker build --tag $IMAGE_REPO_STORYBOOK:dev .
           docker push $IMAGE_REPO_STORYBOOK:dev
         env:
           DOCKER_BUILDKIT: 1
+      - name: Build slim image with dev
+        uses: kitabisa/docker-slim-action@v1
+        with:
+          target: '${{ env.IMAGE_REPO_STORYBOOK }}:dev'
+          tag: '${{ env.IMAGE_REPO_STORYBOOK }}:dev-slim'
+        env:
+          DSLIM_PRESERVE_PATH: /usr/share/nginx/html
+      - name: Push slim image
+        run: |
+          docker push $IMAGE_REPO_STORYBOOK:dev-slim
+          docker image list
 
       - name: Cherry-pick CHANGELOG.md into ${{ github.event.repository.default_branch }}
         if: ${{ steps.release.outputs.release_created && github.ref_name != 'main' }}