Skip to content
BuildContainerForProduction

BuildContainerForProduction #662

Sign in to view logs

BuildContainerForProduction

BuildContainerForProduction #662

Workflow file for this run

.github/workflows/production.yml at c80fc6b
name: BuildContainerForProduction
on:
workflow_dispatch:
push:
branches:
- master
schedule:
- cron: 00 4 * * *
jobs:
build:
runs-on: ubuntu-latest
name: Build Docker image
strategy:
matrix:
php:
- php7
- php8
steps:
- name: GitHub Environment Variables Action
uses: FranzDiebold/github-env-vars-action@v2
- name: Shallow clone code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Login to Container Registry ghcr.io
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ env.CI_REPOSITORY_OWNER_SLUG }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build the container image
run: docker build . --tag php-docker-base:trivytemp --file Dockerfile.${{ matrix.php }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: php-docker-base:trivytemp
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
- name: Retag new image with latest tag so we can push the scanned version
run: docker image tag php-docker-base:trivytemp ghcr.io/${{ env.CI_REPOSITORY_OWNER_SLUG }}/${{ env.CI_REPOSITORY_NAME }}:${{ matrix.php }}
- name: Push with commit ${{ matrix.php }} tag
run: docker push ghcr.io/${{ env.CI_REPOSITORY_OWNER_SLUG }}/${{ env.CI_REPOSITORY_NAME }}:${{ matrix.php }}
cleanup:
needs: [build]
runs-on: ubuntu-latest
steps:
- name: GitHub Environment Variables Action
uses: FranzDiebold/github-env-vars-action@v2
- name: Login to Container Registry ghcr.io
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ env.CI_REPOSITORY_OWNER_SLUG }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Delete old versions of the package, keeping a few of the newest
uses: actions/delete-package-versions@v5
with:
package-name: ${{ env.CI_REPOSITORY_NAME }}
package-type: container
min-versions-to-keep: 8