Skip to content

Merge pull request #277 from acompany-develop/renovate/go-google.gola… #171

Merge pull request #277 from acompany-develop/renovate/go-google.gola…

Merge pull request #277 from acompany-develop/renovate/go-google.gola… #171

name: Push CC, MC, BTS Image
on:
push:
branches:
- main
tags:
- "*"
jobs:
# 安定バージョンのQMPCイメージをpush
build_and_push_cc:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Set current date as env variable
id: date
run: echo "::set-output name=date::$(date +'%Y%m%d')"
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/${{ github.repository_owner }}/quickmpc-cc
- name: Build CC image by branch
if: startsWith(github.ref, 'refs/heads/')
run: |
docker buildx build ../../../ --file Dockerfile --target dep-runner --tag ghcr.io/${{ github.repository_owner }}/quickmpc-cc:${{ steps.date.outputs.date }} --load
working-directory: ./packages/server/computation_container/
- name: Build CC image by tag
if: startsWith(github.ref, 'refs/tags/')
run: |
docker buildx build ../../../ --file Dockerfile --target dep-runner --tag ghcr.io/${{ github.repository_owner }}/quickmpc-cc:${{ steps.meta.outputs.version }} --load
working-directory: ./packages/server/computation_container/
- name: Run Trivy vulnerability scanner for CC with branch
if: startsWith(github.ref, 'refs/heads/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "ghcr.io/${{ github.repository_owner }}/quickmpc-cc:${{ steps.date.outputs.date }}"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
- name: Run Trivy vulnerability scanner for CC with tag
if: startsWith(github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "ghcr.io/${{ github.repository_owner }}/quickmpc-cc:${{ steps.meta.outputs.version }}"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
- name: Log into registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Push image with branch
if: startsWith(github.ref, 'refs/heads/')
run: |
docker push ghcr.io/${{ github.repository_owner }}/quickmpc-cc:${{ steps.date.outputs.date }}
- name: Push image with tag
if: startsWith(github.ref, 'refs/tags/')
run: |
docker push ghcr.io/${{ github.repository_owner }}/quickmpc-cc:${{ steps.meta.outputs.version }}
build_and_push_mc:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Set current date as env variable
id: date
run: echo "::set-output name=date::$(date +'%Y%m%d')"
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/${{ github.repository_owner }}/quickmpc-mc
- name: Build MC image with branch
if: startsWith(github.ref, 'refs/heads/')
run: |
docker buildx build ../../../ --file Dockerfile --target dep-runner --tag ghcr.io/${{ github.repository_owner }}/quickmpc-mc:${{ steps.date.outputs.date }} --load
working-directory: ./packages/server/manage_container/
- name: Build MC image with tag
if: startsWith(github.ref, 'refs/tags/')
run: |
docker buildx build ../../../ --file Dockerfile --target dep-runner --tag ghcr.io/${{ github.repository_owner }}/quickmpc-mc:${{ steps.meta.outputs.version }} --load
working-directory: ./packages/server/manage_container/
- name: Run Trivy vulnerability scanner for MC with branch
if: startsWith(github.ref, 'refs/heads/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "ghcr.io/${{ github.repository_owner }}/quickmpc-mc:${{ steps.date.outputs.date }}"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
- name: Run Trivy vulnerability scanner for MC with tag
if: startsWith(github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "ghcr.io/${{ github.repository_owner }}/quickmpc-mc:${{ steps.meta.outputs.version }}"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
- name: Log into registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Push image with branch
if: startsWith(github.ref, 'refs/heads/')
run: |
docker push ghcr.io/${{ github.repository_owner }}/quickmpc-mc:${{ steps.date.outputs.date }}
- name: Push image with tag
if: startsWith(github.ref, 'refs/tags/')
run: |
docker push ghcr.io/${{ github.repository_owner }}/quickmpc-mc:${{ steps.meta.outputs.version }}
build_and_push_bts:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Set current date as env variable
id: date
run: echo "::set-output name=date::$(date +'%Y%m%d')"
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/${{ github.repository_owner }}/quickmpc-bts
- name: Build BTS image with branch
if: startsWith(github.ref, 'refs/heads/')
run: |
docker buildx build ../../../ --file Dockerfile --target dep-runner --tag ghcr.io/${{ github.repository_owner }}/quickmpc-bts:${{ steps.date.outputs.date }} --load
working-directory: ./packages/server/beaver_triple_service/
- name: Build BTS image with tag
if: startsWith(github.ref, 'refs/tags/')
run: |
docker buildx build ../../../ --file Dockerfile --target dep-runner --tag ghcr.io/${{ github.repository_owner }}/quickmpc-bts:${{ steps.meta.outputs.version }} --load
working-directory: ./packages/server/beaver_triple_service/
- name: Run Trivy vulnerability scanner for BTS with branch
if: startsWith(github.ref, 'refs/heads/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "ghcr.io/${{ github.repository_owner }}/quickmpc-bts:${{ steps.date.outputs.date }}"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
- name: Run Trivy vulnerability scanner for BTS with tag
if: startsWith(github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "ghcr.io/${{ github.repository_owner }}/quickmpc-bts:${{ steps.meta.outputs.version }}"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
- name: Log into registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Push image with branch
if: startsWith(github.ref, 'refs/heads/')
run: |
docker push ghcr.io/${{ github.repository_owner }}/quickmpc-bts:${{ steps.date.outputs.date }}
- name: Push image with tag
if: startsWith(github.ref, 'refs/tags/')
run: |
docker push ghcr.io/${{ github.repository_owner }}/quickmpc-bts:${{ steps.meta.outputs.version }}
build_and_push:
runs-on: ubuntu-latest
needs: [build_and_push_cc, build_and_push_mc, build_and_push_bts]
steps:
- name: Merge All build_and_push
run: echo "ok"