Skip to content

IP-242 - Add .snyk file. #2

IP-242 - Add .snyk file.

IP-242 - Add .snyk file. #2

# This workflow will run when changes are detected in the `main` branch, which
# must include an update to the `docker/service_version.txt` file. The workflow
# can also be manually triggered by a repository maintainer. This workflow will
# first trigger the reusable workflow in `.github/workflows/run_tests.yml`,
# which runs the `unittest` suite. If that workflow is successful, the latest
# version of the service Docker image is pushed to ghcr.io, a tag is added to
# the latest git commit, and a GitHub release is created with the release notes
# from the latest version of the Harmony Regridding Service.
name: Publish Harmony Regridding Service Docker image
on:
push:
branches: [ main ]
paths: docker/service_version.txt
workflow_dispatch:
env:
IMAGE_NAME: ${{ github.repository }}
REGISTRY: ghcr.io
jobs:
run_tests:
uses: ./.github/workflows/run_tests.yml
build_and_publish_image:
needs: run_tests
runs-on: ubuntu-latest
environment: release
permissions:
# write permission is required to create a GitHub release
contents: write
id-token: write
packages: write
strategy:
fail-fast: false
steps:
- name: Checkout harmony-regridding-service repository
uses: actions/checkout@v3
with:
lfs: true
- name: Extract semantic version number
run: echo "semantic_version=$(cat docker/service_version.txt)" >> $GITHUB_ENV
- name: Extract release version notes
run: |
version_release_notes=$(./bin/extract-release-notes.sh)
echo "RELEASE_NOTES<<EOF" >> $GITHUB_ENV
echo "${version_release_notes}" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- name: Log-in to ghcr.io registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Add tags to the Docker image
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{version}},value=${{ env.semantic_version }}
- name: Push Docker image
uses: docker/build-push-action@v3
with:
context: .
file: docker/service.Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Publish GitHub release
uses: ncipollo/release-action@v1
with:
body: ${{ env.RELEASE_NOTES }}
commit: main
name: Version ${{ env.semantic_version }}
tag: ${{ env.semantic_version }}