Skip to content

[Snyk] Security upgrade node from 20.13-bullseye-slim to 20.18-bullseye-slim #12

[Snyk] Security upgrade node from 20.13-bullseye-slim to 20.18-bullseye-slim

[Snyk] Security upgrade node from 20.13-bullseye-slim to 20.18-bullseye-slim #12

name: Build Docker Image
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches:
- 'main'
- 'next'
paths:
- 'packages/**'
- 'Dockerfile'
- '.github/workflows/build-docker-image.yml'
pull_request:
branches:
- '**'
paths:
- 'packages/**'
- 'docker/nocobase/**'
- 'Dockerfile'
- '.github/workflows/build-docker-image.yml'
jobs:
build-and-push:
if: github.event.pull_request.head.repo.fork != true
runs-on: ubuntu-latest
services:
verdaccio:
image: verdaccio/verdaccio:5
ports:
- 4873:4873
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ssh-key: ${{ secrets.SUBMODULE_SSH_KEY }}
submodules: true
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
driver-opts: network=host
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: |
nocobase/nocobase
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Login to Aliyun Container Registry
uses: docker/login-action@v2
with:
registry: ${{ secrets.ALI_DOCKER_REGISTRY }}
username: ${{ secrets.ALI_DOCKER_USERNAME }}
password: ${{ secrets.ALI_DOCKER_PASSWORD }}
- name: Login to Aliyun Container Registry (Public)
uses: docker/login-action@v2
with:
registry: ${{ secrets.ALI_DOCKER_PUBLIC_REGISTRY }}
username: ${{ secrets.ALI_DOCKER_USERNAME }}
password: ${{ secrets.ALI_DOCKER_PASSWORD }}
- name: Login to Docker Hub
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/next'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set tags
id: set-tags
run: |
if [[ "${{ github.ref }}" == "refs/heads/main" ]] || [[ "${{ github.ref }}" == "refs/heads/next" ]]; then
echo "::set-output name=tags::${{ steps.meta.outputs.tags }},${{ secrets.ALI_DOCKER_REGISTRY }}/${{ steps.meta.outputs.tags }},${{ secrets.ALI_DOCKER_PUBLIC_REGISTRY }}/${{ steps.meta.outputs.tags }}"
else
echo "::set-output name=tags::${{ secrets.ALI_DOCKER_REGISTRY }}/${{ steps.meta.outputs.tags }}"
fi
- name: Build and push
uses: docker/build-push-action@v3
with:
context: .
file: Dockerfile
build-args: |
VERDACCIO_URL=http://localhost:4873/
COMMIT_HASH=${GITHUB_SHA}
push: true
tags: ${{ steps.set-tags.outputs.tags }}
- name: Deploy NocoBase
env:
IMAGE_TAG: ${{ steps.meta.outputs.tags }}
run: |
echo $IMAGE_TAG
export APP_NAME=$(echo $IMAGE_TAG | cut -d ":" -f 2)
echo $APP_NAME
curl --retry 2 --location --request POST "${{secrets.NOCOBASE_DEPLOY_HOST}}$APP_NAME" \
--header 'Content-Type: application/json' \
-d "{
\"tag\": \"$APP_NAME\",
\"dialect\": \"postgres\"
}"