[autofix.ci] apply automated fixes #593

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/push-image.yml at c0f7cc6

	name: Docker CI

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	on:
	push:
	paths:
	- "app/**"
	- "public/**"
	- "bun.lockb"
	- "package.json"
	- "yarn.lock"
	- "config."
	pull_request_target:
	paths:
	- "app/**"
	- "public/**"
	- "bun.lockb"
	- "package.json"
	- "yarn.lock"
	- "config."
	workflow_dispatch:
	inputs:
	push:
	description: 'whether to push image'
	required: true
	default: false
	type: boolean

	env:
	REPOSITORY_OWNER: openup-labtakizawa
	REPOSITORY: marukome0743/homepage
	GHCR_REGISTRY: ghcr.io
	GHCR_REPOSITORY: openup-labtakizawa/homepage
	AWS_REGION: ap-northeast-1
	ECR_REPOSITORY: homepage
	LAMBDA_FUNCTION_NAME: homepage
	IS_PUSH: ${{ inputs.push \|\| github.event_name == 'push' && github.repository_owner == 'openup-labtakizawa' && github.ref_name == 'main' }}

	jobs:
	build:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to Docker Hub
	if: github.repository_owner == env.REPOSITORY_OWNER
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_USER }}
	password: ${{ secrets.DOCKER_PAT }}

	- name: Login to GitHub Container Registry
	if: fromJSON(env.IS_PUSH)
	uses: docker/login-action@v3
	with:
	registry: ${{ env.GHCR_REGISTRY }}
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Configure AWS credentials
	if: fromJSON(env.IS_PUSH)
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: ${{ env.AWS_REGION }}

	- name: Login to Amazon ECR
	if: fromJSON(env.IS_PUSH)
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v2

	- name: Docker Meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	${{ env.REPOSITORY }}
	${{ env.GHCR_REGISTRY }}/${{ env.GHCR_REPOSITORY }}
	tags: \|
	type=ref,event=tag
	type=ref,event=pr,prefix=pr-
	type=raw,value=canary,enable=${{ github.event_name != 'pull_request_target' }}
	env:
	DOCKER_METADATA_ANNOTATIONS_LEVELS: ${{ fromJSON(env.IS_PUSH) && 'manifest,index' \|\| 'manifest' }}

	- name: Build and Push
	uses: docker/build-push-action@v5
	with:
	context: .
	platforms: ${{ fromJSON(env.IS_PUSH) && 'linux/amd64,linux/arm64' \|\| 'linux/amd64' }}
	push: ${{ fromJSON(env.IS_PUSH) }}
	load: ${{ !fromJSON(env.IS_PUSH) }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	annotations: ${{ steps.meta.outputs.annotations }}
	cache-from: type=gha
	cache-to: type=gha,mode=max
	provenance: false

	- name: Build and Push Image to Amazon ECR
	if: fromJSON(env.IS_PUSH)
	env:
	ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	IMAGE_TAG: ${{ github.sha }}
	run: \|
	docker build --platform linux/arm64 -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
	docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
	aws lambda update-function-code --function-name $LAMBDA_FUNCTION_NAME \
	--architectures arm64 --image-uri $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

	- name: Docker Scout
	if: github.repository_owner == env.REPOSITORY_OWNER && github.event_name == 'pull_request_target'
	uses: docker/scout-action@v1
	with:
	command: compare
	image: ${{ env.REPOSITORY }}:${{ steps.meta.outputs.version }}
	to: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_REPOSITORY }}:canary
	only-severities: critical,high

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[autofix.ci] apply automated fixes #593

Workflow file

[autofix.ci] apply automated fixes #593

Jobs

Run details

Workflow file for this run