-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
1a66073
commit 40a08b5
Showing
1 changed file
with
96 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,96 @@ | ||
| name: Build FE | ||
|
|
||
| on: | ||
| schedule: | ||
| - cron: '36 10 * * *' | ||
| push: | ||
| branches: [ "main" ] | ||
| tags: [ 'v*.*.*' ] | ||
| pull_request: | ||
| branches: [ "main" ] | ||
|
|
||
| env: | ||
| # Use docker.io for Docker Hub if empty | ||
| REGISTRY: docker.io | ||
| # GitHub repository as <account>/<repo> | ||
| IMAGE_NAME: ${{ github.repository }} | ||
|
|
||
| jobs: | ||
| sonarcloud: | ||
| name: SonarCloud | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | ||
| - name: SonarCloud Scan | ||
| uses: SonarSource/sonarcloud-github-action@master | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | ||
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| id-token: write | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| # Extract version from package.json | ||
| - name: Extract version from package.json | ||
| id: extract_version | ||
| run: | | ||
| VERSION=$(jq -r '.version' package.json) | ||
| echo "VERSION=$VERSION" >> $GITHUB_ENV | ||
| # Install the cosign tool except on PR | ||
| - name: Install cosign | ||
| if: github.event_name != 'pull_request' | ||
| uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 | ||
| with: | ||
| cosign-release: 'v2.2.4' | ||
|
|
||
| # Set up BuildKit Docker container builder | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 | ||
|
|
||
| # Login against a Docker registry except on PR | ||
| - name: Log into registry ${{ env.REGISTRY }} | ||
| if: github.event_name != 'pull_request' | ||
| uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ secrets.DOCKER_USERNAME }} | ||
| password: ${{ secrets.DOCKER_PASSWORD }} | ||
|
|
||
| # Extract Docker metadata | ||
| - name: Extract Docker metadata | ||
| id: meta | ||
| uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 | ||
| with: | ||
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
|
|
||
| # Build and push Docker image with Buildx | ||
| - name: Build and push Docker image | ||
| id: build-and-push | ||
| uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 | ||
| with: | ||
| context: ./frontend | ||
| push: ${{ github.event_name != 'pull_request' }} | ||
| tags: | | ||
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | ||
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
|
|
||
| # Sign the resulting Docker image digest except on PRs. | ||
| - name: Sign the published Docker image | ||
| if: ${{ github.event_name != 'pull_request' }} | ||
| env: | ||
| TAGS: ${{ steps.meta.outputs.tags }} | ||
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | ||
| run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} |