Skip to content

Docker Build

Docker Build #42

Workflow file for this run

# -----------------------------------------------------------------------------
# Copyright Helio Chissini de Castro 2022.
# Copyright Cariad SE 2024
# Part of the SW360 Project.
#
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# -----------------------------------------------------------------------------
name: Docker Build
on:
schedule:
- cron: "0 0 * * *" # Midnight
workflow_dispatch:
inputs:
invalidate-cache:
description: "Build all images disregarding exists same version"
required: false
debug:
description: "Debug docker build"
required: false
push:
tags:
- "sw360-*"
paths-ignore:
- "**.md"
env:
REGISTRY: ghcr.io
permissions:
contents: read
jobs:
sw360_version:
name: SW360 Version
runs-on: ubuntu-24.04
outputs:
sw360_version: ${{ steps.pom_version.outputs.SW360_VERSION }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout main repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up JDK 17
uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
with:
java-version: "17"
cache: "maven"
distribution: "temurin"
- name: Get revision from pom.xml
id: pom_version
run: |
echo "SW360_VERSION=$(mvn help:evaluate -Dexpression=revision -q -DforceStdout)" >> "$GITHUB_OUTPUT"
thrift_image:
name: Build SW360 Thrift image
runs-on: ubuntu-24.04
permissions:
packages: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout main repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set environment variables
run: |
cat .versions >> $GITHUB_ENV
- name: Build thrift image
uses: heliocastro/docker-build-control@944a0451eadb63cf4f45a8ca66dba07118740faf # v5.1
with:
name: thrift
target: localthrift
token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ env.THRIFT_VERSION }}
invalidate-cache: ${{ inputs.invalidate-cache }}
debug: ${{ inputs.debug }}
build-args: |
THRIFT_VERSION=${{ env.THRIFT_VERSION }}
binary_image:
name: SW360 Binary
needs: [sw360_version, thrift_image]
runs-on: ubuntu-24.04
permissions:
packages: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout main repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set environment variables
run: |
cat .versions >> $GITHUB_ENV
- name: Build binary image
uses: heliocastro/docker-build-control@944a0451eadb63cf4f45a8ca66dba07118740faf # v5.1
with:
name: binaries
version: ${{ env.SW360_VERSION }}
token: ${{ secrets.GITHUB_TOKEN }}
invalidate-cache: ${{ inputs.invalidate-cache }}
debug: ${{ inputs.debug }}
build-args: |
THRIFT_VERSION=${{ env.THRIFT_VERSION }}
SW360_VERSION=${{ env.SHORT_SHA }}
secret-files: |
"couchdb=./config/couchdb/default_secrets"
build-contexts: |
localthrift=docker-image://${{ env.REGISTRY }}/${{ github.repository }}/thrift:${{ env.THRIFT_VERSION }}
runtime_image:
name: SW360 Runtime image
needs: [sw360_version, binary_image]
runs-on: ubuntu-24.04
permissions:
packages: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout main repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set environment variables
run: |
cat .versions >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract components metadata (tags, labels) runtime image
id: meta_runtime
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
with:
images: |
${{ env.REGISTRY }}/${{ github.repository }}
tags: |
type=schedule,pattern={{date 'YYYYMMDD'}}
type=schedule,pattern=nightly
type=raw,value=${{ env.SW360_VERSION }}
type=sha,enable=true,prefix=sha-,format=short
type=ref,event=tag
- name: Build image
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with:
context: .
target: sw360
push: true
tags: ${{ steps.meta_runtime.outputs.tags }}
labels: ${{ steps.meta_runtime.outputs.labels }}
provenance: mode=max
sbom: true
build-contexts: |
binaries=docker-image://${{ env.REGISTRY }}/${{ github.repository }}/binaries:${{ env.SW360_VERSION }}