Skip to content

Create SECURITY.md #136

Create SECURITY.md

Create SECURITY.md #136

Workflow file for this run

name: Docker
# This will run when:
# - when new code is pushed to master to push the tags latest.
# - when a pull request is created and updated to make sure the
# Dockerfile is still valid.
# To be able to push to dockerhub, this expects the following
# secrets to be set in the project:
# - DOCKERHUB_USERNAME : username that can push to the org
# - DOCKERHUB_PASSWORD : password asscoaited with the username
# To be able to push to github, this expects the following
# secrets to be set in the project:
# - GHCR_USERNAME : username that can push to the org
# - GHCR_PASSWORD : password asscoaited with the username
on:
push:
branches:
- master
pull_request:
# Certain actions will only run when this is the master repo.
env:
MASTER_REPO: EDModel/ED2
DOCKERHUB_ORG: pecan
jobs:
docker:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
# calculate some variables that are used later
- name: github branch
run: |
BRANCH=${GITHUB_REF##*/}
if [ "$BRANCH" == "master" ]; then
TAGS="latest"
else
TAGS="$BRANCH"
fi
echo "TAGS=${TAGS}" >> $GITHUB_ENV
echo "GITHUB_BRANCH=${BRANCH}" >> $GITHUB_ENV
# build the docker image, this will always run to make sure
# the Dockerfile still works.
- name: Build image
uses: elgohr/[email protected]
env:
BRANCH: ${{ env.GITHUB_BRANCH }}
BUILDNUMBER: ${{ github.run_number }}
GITSHA1: ${{ github.sha }}
with:
registry: docker.pkg.github.com
name: ${{ github.repository_owner }}/${{ github.event.repository.name }}/ed
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
tags: "${{ env.TAGS }}"
buildargs: BRANCH,BUILDNUMBER,GITSHA1
no_push: true
# this will publish to github container registry
- name: Publish to GitHub
if: github.event_name == 'push' && github.repository == env.MASTER_REPO
uses: elgohr/[email protected]
env:
BRANCH: ${{ env.GITHUB_BRANCH }}
BUILDNUMBER: ${{ github.run_number }}
GITSHA1: ${{ github.sha }}
with:
registry: ghcr.io
name: ${{ github.repository_owner }}/ed
username: ${{ secrets.GHCR_USERNAME }}
password: ${{ secrets.GHCR_PASSWORD }}
tags: "${{ env.TAGS }}"
buildargs: BRANCH,BUILDNUMBER,GITSHA1
# this will publish to the pecan dockerhub repo
- name: Publish to Docker Hub
if: github.event_name == 'push' && github.repository == env.MASTER_REPO
uses: elgohr/[email protected]
env:
BRANCH: ${{ env.GITHUB_BRANCH }}
BUILDNUMBER: ${{ github.run_number }}
GITSHA1: ${{ github.sha }}
with:
name: ${{ env.DOCKERHUB_ORG }}/ed
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
tags: "${{ env.TAGS }}"
buildargs: BRANCH,BUILDNUMBER,GITSHA1