Move ufw to tna-run #179
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, test and publish | |
permissions: | |
contents: read | |
packages: write | |
security-events: write | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: "0 3 * * 3" # Build the preview image every Wednesday at 03:00 | |
release: | |
types: | |
- published | |
push: | |
branches: | |
- main | |
- feature/** | |
paths: | |
- .github/** | |
- docker/** | |
concurrency: | |
group: ${{ github.ref }}-publish | |
cancel-in-progress: true | |
jobs: | |
python: | |
name: Python | |
runs-on: ubuntu-latest | |
env: | |
IMAGE_NAME: tna-python | |
DOCKERFILE_LOCATION: docker/tna-python | |
BASE_IMAGE: ghcr.io/nationalarchives/tna-python | |
USER_IMAGE: app | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Lint | |
uses: ./.github/actions/lint | |
with: | |
dockerfile-location: ${{ env.DOCKERFILE_LOCATION }} | |
ignore-linting-rules: DL3002,DL3006 | |
- name: Build | |
id: build | |
uses: ./.github/actions/build | |
with: | |
image-name: ${{ env.IMAGE_NAME }} | |
base-image: ${{ env.BASE_IMAGE }} | |
dockerfile-location: ${{ env.DOCKERFILE_LOCATION }} | |
user-image: ${{ env.USER_IMAGE }} | |
- name: Test Flask | |
uses: ./.github/actions/test | |
with: | |
application-repository: nationalarchives/flask-application-template | |
service: app | |
image: ${{ env.IMAGE_NAME }} | |
image-tag: ${{ steps.build.outputs.tag }} | |
expected-user: app | |
- name: Test FastAPI | |
uses: ./.github/actions/test | |
with: | |
application-repository: nationalarchives/fastapi-application-template | |
service: app | |
image: ${{ env.IMAGE_NAME }} | |
image-tag: ${{ steps.build.outputs.tag }} | |
expected-user: app | |
- name: Push | |
uses: ./.github/actions/push | |
with: | |
image-id: ${{ steps.build.outputs.image-id }} | |
image-tag: ${{ steps.build.outputs.tag }} | |
major-version: ${{ steps.build.outputs.major-version }} | |
minor-version: ${{ steps.build.outputs.minor-version }} | |
base-image: ${{ env.BASE_IMAGE }} | |
dockerfile-location: ${{ env.DOCKERFILE_LOCATION }} | |
user-image: ${{ env.USER_IMAGE }} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Scan | |
uses: ./.github/actions/scan | |
with: | |
image-id: ${{ steps.build.outputs.image-id }} | |
image-tag: ${{ steps.build.outputs.tag }} | |
python-root: | |
name: Python (root) | |
runs-on: ubuntu-latest | |
env: | |
IMAGE_NAME: tna-python-root | |
DOCKERFILE_LOCATION: docker/tna-python | |
BASE_IMAGE: ghcr.io/nationalarchives/tna-python | |
USER_IMAGE: root | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Lint | |
uses: ./.github/actions/lint | |
with: | |
dockerfile-location: ${{ env.DOCKERFILE_LOCATION }} | |
ignore-linting-rules: DL3002,DL3006 | |
- name: Build | |
id: build | |
uses: ./.github/actions/build | |
with: | |
image-name: ${{ env.IMAGE_NAME }} | |
base-image: ${{ env.BASE_IMAGE }} | |
dockerfile-location: ${{ env.DOCKERFILE_LOCATION }} | |
user-image: ${{ env.USER_IMAGE }} | |
- name: Test Flask | |
uses: ./.github/actions/test | |
with: | |
application-repository: nationalarchives/flask-application-template | |
service: app | |
image: ${{ env.IMAGE_NAME }} | |
image-tag: ${{ steps.build.outputs.tag }} | |
expected-user: root | |
- name: Test FastAPI | |
uses: ./.github/actions/test | |
with: | |
application-repository: nationalarchives/fastapi-application-template | |
service: app | |
image: ${{ env.IMAGE_NAME }} | |
image-tag: ${{ steps.build.outputs.tag }} | |
expected-user: root | |
- name: Push | |
uses: ./.github/actions/push | |
with: | |
image-id: ${{ steps.build.outputs.image-id }} | |
image-tag: ${{ steps.build.outputs.tag }} | |
major-version: ${{ steps.build.outputs.major-version }} | |
minor-version: ${{ steps.build.outputs.minor-version }} | |
base-image: ${{ env.BASE_IMAGE }} | |
dockerfile-location: ${{ env.DOCKERFILE_LOCATION }} | |
user-image: ${{ env.USER_IMAGE }} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Scan | |
uses: ./.github/actions/scan | |
with: | |
image-id: ${{ steps.build.outputs.image-id }} | |
image-tag: ${{ steps.build.outputs.tag }} | |
python-django: | |
name: Python Django | |
needs: python | |
runs-on: ubuntu-latest | |
env: | |
IMAGE_NAME: tna-python-django | |
DOCKERFILE_LOCATION: docker/tna-python-django | |
BASE_IMAGE: ghcr.io/nationalarchives/tna-python | |
USER_IMAGE: root | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Lint | |
uses: ./.github/actions/lint | |
with: | |
dockerfile-location: ${{ env.DOCKERFILE_LOCATION }} | |
- name: Build | |
id: build | |
uses: ./.github/actions/build | |
with: | |
image-name: ${{ env.IMAGE_NAME }} | |
base-image: ${{ env.BASE_IMAGE }} | |
dockerfile-location: ${{ env.DOCKERFILE_LOCATION }} | |
user-image: ${{ env.USER_IMAGE }} | |
- name: Test Django | |
uses: ./.github/actions/test | |
with: | |
application-repository: nationalarchives/django-application-template | |
service: app | |
image: ${{ env.IMAGE_NAME }} | |
image-tag: ${{ steps.build.outputs.tag }} | |
expected-user: app | |
- name: Push | |
uses: ./.github/actions/push | |
with: | |
image-id: ${{ steps.build.outputs.image-id }} | |
image-tag: ${{ steps.build.outputs.tag }} | |
major-version: ${{ steps.build.outputs.major-version }} | |
minor-version: ${{ steps.build.outputs.minor-version }} | |
base-image: ${{ env.BASE_IMAGE }} | |
dockerfile-location: ${{ env.DOCKERFILE_LOCATION }} | |
user-image: ${{ env.USER_IMAGE }} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Scan | |
uses: ./.github/actions/scan | |
with: | |
image-id: ${{ steps.build.outputs.image-id }} | |
image-tag: ${{ steps.build.outputs.tag }} | |
python-django-root: | |
name: Python Django (root) | |
needs: python-root | |
runs-on: ubuntu-latest | |
env: | |
IMAGE_NAME: tna-python-django-root | |
DOCKERFILE_LOCATION: docker/tna-python-django | |
BASE_IMAGE: ghcr.io/nationalarchives/tna-python-root | |
USER_IMAGE: root | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Lint | |
uses: ./.github/actions/lint | |
with: | |
dockerfile-location: ${{ env.DOCKERFILE_LOCATION }} | |
ignore-linting-rules: DL3002 | |
- name: Build | |
id: build | |
uses: ./.github/actions/build | |
with: | |
image-name: ${{ env.IMAGE_NAME }} | |
base-image: ${{ env.BASE_IMAGE }} | |
dockerfile-location: ${{ env.DOCKERFILE_LOCATION }} | |
user-image: ${{ env.USER_IMAGE }} | |
- name: Test Django | |
uses: ./.github/actions/test | |
with: | |
application-repository: nationalarchives/django-application-template | |
service: app | |
image: ${{ env.IMAGE_NAME }} | |
image-tag: ${{ steps.build.outputs.tag }} | |
expected-user: root | |
- name: Push | |
uses: ./.github/actions/push | |
with: | |
image-id: ${{ steps.build.outputs.image-id }} | |
image-tag: ${{ steps.build.outputs.tag }} | |
major-version: ${{ steps.build.outputs.major-version }} | |
minor-version: ${{ steps.build.outputs.minor-version }} | |
base-image: ${{ env.BASE_IMAGE }} | |
dockerfile-location: ${{ env.DOCKERFILE_LOCATION }} | |
user-image: ${{ env.USER_IMAGE }} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Scan | |
uses: ./.github/actions/scan | |
with: | |
image-id: ${{ steps.build.outputs.image-id }} | |
image-tag: ${{ steps.build.outputs.tag }} | |
python-dev: | |
name: Python Dev | |
needs: python-root | |
runs-on: ubuntu-latest | |
env: | |
IMAGE_NAME: tna-python-dev | |
DOCKERFILE_LOCATION: docker/tna-python-dev | |
BASE_IMAGE: ghcr.io/nationalarchives/tna-python-root | |
USER_IMAGE: root | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Lint | |
uses: ./.github/actions/lint | |
with: | |
dockerfile-location: ${{ env.DOCKERFILE_LOCATION }} | |
ignore-linting-rules: DL3002,DL3006 | |
- name: Build | |
id: build | |
uses: ./.github/actions/build | |
with: | |
image-name: ${{ env.IMAGE_NAME }} | |
base-image: ${{ env.BASE_IMAGE }} | |
dockerfile-location: ${{ env.DOCKERFILE_LOCATION }} | |
user-image: ${{ env.USER_IMAGE }} | |
- name: Push | |
uses: ./.github/actions/push | |
with: | |
image-id: ${{ steps.build.outputs.image-id }} | |
image-tag: ${{ steps.build.outputs.tag }} | |
major-version: ${{ steps.build.outputs.major-version }} | |
minor-version: ${{ steps.build.outputs.minor-version }} | |
base-image: ${{ env.BASE_IMAGE }} | |
dockerfile-location: ${{ env.DOCKERFILE_LOCATION }} | |
user-image: ${{ env.USER_IMAGE }} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Scan | |
uses: ./.github/actions/scan | |
with: | |
image-id: ${{ steps.build.outputs.image-id }} | |
image-tag: ${{ steps.build.outputs.tag }} |