Create image_security_scan.yml #570
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: EDC Docker Images | |
| on: | |
| push: | |
| branches: [ main ] | |
| release: | |
| types: [ published ] | |
| pull_request: | |
| branches: [ main ] | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME_BASE: ${{ github.repository_owner }} | |
| IMAGE_NAME: edc | |
| jobs: | |
| build-and-push-image: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| imageVariants: [ | |
| { | |
| "imageName": "edc-dev", | |
| "title": "sovity Dev EDC Connector", | |
| "description": "Extended EDC Connector built by sovity. This dev version contains no persistence or auth and can be used to quickly start a locally running EDC + EDC UI.", | |
| "buildArgs": "-Pdmgmt-api-key" | |
| }, | |
| { | |
| "imageName": "edc-ce", | |
| "title": "sovity Community Edition EDC Connector", | |
| "description": "EDC Connector built by sovity. Contains sovity's Community Edition EDC extensions and requires dataspace credentials to join an existing dataspace.", | |
| "buildArgs": "-Pfs-vault -Pdmgmt-api-key -Ppostgres-flyway -Poauth2" | |
| }, | |
| { | |
| "imageName": "edc-ce-mds", | |
| "title": "MDS Community Edition EDC Connector", | |
| "description": "EDC Connector built by sovity and configured for compatibility with the Mobility Data Space (MDS). This EDC requires dataspace credentials, an IDS broker and an IDS Clearing House.", | |
| "buildArgs": "-Pfs-vault -Pdmgmt-api-key -Ppostgres-flyway -Poauth2 -Pmds" | |
| } | |
| ] | |
| timeout-minutes: 30 | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Store last commit info and build date | |
| id: last-commit-information | |
| run: | | |
| echo "Saving local commit details." | |
| echo "LAST_COMMIT_INFO<<EOF" >> $GITHUB_ENV | |
| export LAST_COMMIT_INFO=$(git log -1) | |
| echo "$LAST_COMMIT_INFO" >> $GITHUB_ENV | |
| echo "EOF" >> $GITHUB_ENV | |
| echo "BUILD_DATE=$(date --utc +%FT%TZ)" >> $GITHUB_ENV | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_BASE }}/${{ matrix.imageVariants.imageName }} | |
| labels: | | |
| org.opencontainers.image.title=${{ matrix.imageVariants.title }} | |
| org.opencontainers.image.description=${{ matrix.imageVariants.description }} | |
| tags: | | |
| type=schedule | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=raw,value=release,enable=${{ startsWith(github.ref, 'refs/tags/') }} | |
| - name: Build and push EDC image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| file: connector/Dockerfile | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: | | |
| BUILD_ARGS=${{ matrix.imageVariants.buildArgs }} | |
| EDC_LAST_COMMIT_INFO_ARG="${{ env.LAST_COMMIT_INFO }}" | |
| EDC_BUILD_DATE_ARG="${{ env.BUILD_DATE }}" |