feat: use python 3.13 for container #14

Workflow file for this run

	name: Build and Push Docker Images

	on:
	push:
	branches:
	- 'main'
	- 'develop'
	tags:
	- '*'

	env:
	IMAGE_NAME: development-idp
	DOCKERFILE_PATH: ./Dockerfile

	jobs:
	build-and-push:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v2

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v1
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	ghcr.io/centrefordigitalhumanities/development-idp/${{ env.IMAGE_NAME }}
	tags: \|
	type=ref,event=branch
	type=ref,event=pr
	type=pep440,pattern={{version}}
	type=pep440,pattern={{major}}.{{minor}}

	- name: Build and push main image
	uses: docker/build-push-action@v4
	with:
	context: .
	platforms: linux/amd64,linux/arm/v7
	file: ${{ env.DOCKERFILE_PATH }}
	push: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}


	grype-scan:
	needs: build-and-push
	runs-on: ubuntu-latest
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
	steps:

	- name: Checkout code
	uses: actions/checkout@v4

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	ghcr.io/centrefordigitalhumanities/development-idp/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
	tags: \|
	type=ref,event=branch
	type=ref,event=pr
	type=pep440,pattern={{version}}

	- name: Run the Anchore Grype scan action
	uses: anchore/scan-action@v5
	id: scan
	with:
	image: ghcr.io/centrefordigitalhumanities/development-idp/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
	fail-build: false
	severity-cutoff: critical

	- name: Upload vulnerability report
	uses: github/codeql-action/upload-sarif@v3
	with:
	category: 'Grype'
	sarif_file: ${{ steps.scan.outputs.sarif }}

	CodeQL:
	name: "CodeQL: Analyze Python code"
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	packages: read
	actions: read
	contents: read

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: python
	build-mode: none

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3
	with:
	category: "CodeQL"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: use python 3.13 for container #14

Workflow file

feat: use python 3.13 for container #14

Jobs

Run details

Workflow file for this run