Build ompzowe/base-node #88
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build ompzowe/base-node | |
on: | |
# push: | |
# pull_request: | |
workflow_dispatch: | |
inputs: | |
release: | |
description: 'Set to "true" if we want to release the base images' | |
required: false | |
default: '' | |
RANDOM_DISPATCH_EVENT_ID: | |
description: 'random dispatch event id' | |
required: false | |
type: string | |
env: | |
IMAGE_BASE_DIR: containers/base-node | |
jobs: | |
display-dispatch-event-id: | |
if: github.event.inputs.RANDOM_DISPATCH_EVENT_ID != '' | |
runs-on: ubuntu-latest | |
steps: | |
- name: RANDOM_DISPATCH_EVENT_ID is ${{ github.event.inputs.RANDOM_DISPATCH_EVENT_ID }} | |
run: echo "prints random dispatch event id sent from workflow dispatch event" | |
build-ubuntu-amd64: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: zowe-actions/shared-actions/prepare-workflow@main | |
- uses: zowe-actions/shared-actions/docker-prepare@main | |
with: | |
registry-user: ${{ secrets.ARTIFACTORY_X_USERNAME }} | |
registry-password: ${{ secrets.ARTIFACTORY_X_PASSWORD }} | |
release: ${{ github.event.inputs.release }} | |
base-directory: ${{ env.IMAGE_BASE_DIR }} | |
linux-distro: ubuntu | |
cpu-arch: amd64 | |
- uses: zowe-actions/shared-actions/docker-build-local@main | |
with: | |
build-arg-list: ZOWE_BASE_IMAGE=latest-ubuntu | |
timeout-minutes: 5 | |
- name: Run Snyk to check Docker image for vulnerabilities | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
continue-on-error: true | |
uses: snyk/actions/docker@master | |
with: | |
image: ${{ env.IMAGE_NAME_FULL_REMOTE }} | |
args: --file=${{ env.IMAGE_DIRECTORY }}/Dockerfile | |
command: test | |
- name: Upload result to GitHub Code Scanning | |
uses: github/codeql-action/upload-sarif@v1 | |
if: hashFiles('snyk.sarif') != '' | |
with: | |
sarif_file: snyk.sarif | |
build-ubuntu-s390x: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: zowe-actions/shared-actions/prepare-workflow@main | |
- uses: zowe-actions/shared-actions/docker-prepare@main | |
with: | |
registry-user: ${{ secrets.ARTIFACTORY_X_USERNAME }} | |
registry-password: ${{ secrets.ARTIFACTORY_X_PASSWORD }} | |
release: ${{ github.event.inputs.release }} | |
base-directory: ${{ env.IMAGE_BASE_DIR }} | |
linux-distro: ubuntu | |
cpu-arch: s390x | |
- uses: zowe-actions/shared-actions/docker-build-zlinux@main | |
with: | |
zlinux-host: ${{ secrets.ZLINUX_HOST }} | |
zlinux-ssh-user: ${{ secrets.ZLINUX_SSH_USER }} | |
zlinux-ssh-key: ${{ secrets.ZLINUX_SSH_KEY }} | |
zlinux-ssh-passphrase: ${{ secrets.ZLINUX_SSH_PASSPHRASE }} | |
build-arg-list: ZOWE_BASE_IMAGE=latest-ubuntu | |
timeout-minutes: 10 | |
- name: Run Snyk to check Docker image for vulnerabilities | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
continue-on-error: true | |
uses: snyk/actions/docker@master | |
with: | |
image: ${{ env.IMAGE_NAME_FULL_REMOTE }} | |
args: --file=${{ env.IMAGE_DIRECTORY }}/Dockerfile | |
command: test | |
- name: Upload result to GitHub Code Scanning | |
uses: github/codeql-action/upload-sarif@v1 | |
if: hashFiles('snyk.sarif') != '' | |
with: | |
sarif_file: snyk.sarif | |
define-ubuntu-manifest: | |
needs: | |
- build-ubuntu-amd64 | |
- build-ubuntu-s390x | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: zowe-actions/shared-actions/prepare-workflow@main | |
- uses: zowe-actions/shared-actions/docker-prepare@main | |
with: | |
registry-user: ${{ secrets.ARTIFACTORY_X_USERNAME }} | |
registry-password: ${{ secrets.ARTIFACTORY_X_PASSWORD }} | |
release: ${{ github.event.inputs.release }} | |
base-directory: ${{ env.IMAGE_BASE_DIR }} | |
linux-distro: ubuntu | |
- uses: zowe-actions/shared-actions/docker-manifest@main | |
with: | |
linux-distro: ubuntu | |
cpu-arch-list: "amd64 s390x" | |
timeout-minutes: 2 | |
build-ubi-amd64: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: zowe-actions/shared-actions/prepare-workflow@main | |
- uses: zowe-actions/shared-actions/docker-prepare@main | |
with: | |
registry-user: ${{ secrets.ARTIFACTORY_X_USERNAME }} | |
registry-password: ${{ secrets.ARTIFACTORY_X_PASSWORD }} | |
release: ${{ github.event.inputs.release }} | |
base-directory: ${{ env.IMAGE_BASE_DIR }} | |
linux-distro: ubi | |
cpu-arch: amd64 | |
redhat-registry: ${{ env.DEFAULT_REDHAT_DOCKER_REGISTRY }} | |
redhat-registry-user: ${{ secrets.REDHAT_DEVELOPER_USER }} | |
redhat-registry-password: ${{ secrets.REDHAT_DEVELOPER_PASSWORD }} | |
- uses: zowe-actions/shared-actions/docker-build-local@main | |
with: | |
build-arg-list: ZOWE_BASE_IMAGE=latest-ubi | |
timeout-minutes: 5 | |
- name: Run Snyk to check Docker image for vulnerabilities | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
continue-on-error: true | |
uses: snyk/actions/docker@master | |
with: | |
image: ${{ env.IMAGE_NAME_FULL_REMOTE }} | |
args: --file=${{ env.IMAGE_DIRECTORY }}/Dockerfile | |
command: test | |
- name: Upload result to GitHub Code Scanning | |
uses: github/codeql-action/upload-sarif@v1 | |
if: hashFiles('snyk.sarif') != '' | |
with: | |
sarif_file: snyk.sarif | |
build-ubi-s390x: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: zowe-actions/shared-actions/prepare-workflow@main | |
- uses: zowe-actions/shared-actions/docker-prepare@main | |
with: | |
registry-user: ${{ secrets.ARTIFACTORY_X_USERNAME }} | |
registry-password: ${{ secrets.ARTIFACTORY_X_PASSWORD }} | |
release: ${{ github.event.inputs.release }} | |
base-directory: ${{ env.IMAGE_BASE_DIR }} | |
linux-distro: ubi | |
cpu-arch: s390x | |
- uses: zowe-actions/shared-actions/docker-build-zlinux@main | |
with: | |
zlinux-host: ${{ secrets.ZLINUX_HOST }} | |
zlinux-ssh-user: ${{ secrets.ZLINUX_SSH_USER }} | |
zlinux-ssh-key: ${{ secrets.ZLINUX_SSH_KEY }} | |
zlinux-ssh-passphrase: ${{ secrets.ZLINUX_SSH_PASSPHRASE }} | |
redhat-registry: ${{ env.DEFAULT_REDHAT_DOCKER_REGISTRY }} | |
redhat-registry-user: ${{ secrets.REDHAT_DEVELOPER_USER }} | |
redhat-registry-password: ${{ secrets.REDHAT_DEVELOPER_PASSWORD }} | |
build-arg-list: ZOWE_BASE_IMAGE=latest-ubi | |
timeout-minutes: 10 | |
- name: Run Snyk to check Docker image for vulnerabilities | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
continue-on-error: true | |
uses: snyk/actions/docker@master | |
with: | |
image: ${{ env.IMAGE_NAME_FULL_REMOTE }} | |
args: --file=${{ env.IMAGE_DIRECTORY }}/Dockerfile | |
command: test | |
- name: Upload result to GitHub Code Scanning | |
uses: github/codeql-action/upload-sarif@v1 | |
if: hashFiles('snyk.sarif') != '' | |
with: | |
sarif_file: snyk.sarif | |
define-ubi-manifest: | |
needs: | |
- build-ubi-amd64 | |
- build-ubi-s390x | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: zowe-actions/shared-actions/prepare-workflow@main | |
- uses: zowe-actions/shared-actions/docker-prepare@main | |
with: | |
registry-user: ${{ secrets.ARTIFACTORY_X_USERNAME }} | |
registry-password: ${{ secrets.ARTIFACTORY_X_PASSWORD }} | |
release: ${{ github.event.inputs.release }} | |
base-directory: ${{ env.IMAGE_BASE_DIR }} | |
linux-distro: ubi | |
- uses: zowe-actions/shared-actions/docker-manifest@main | |
with: | |
linux-distro: ubi | |
cpu-arch-list: "amd64 s390x" | |
timeout-minutes: 2 |