Skip to content

Release v2.21.0

Release v2.21.0 #94

Workflow file for this run

name: Publish
on:
push:
branches:
- develop
- dev-[0-9]+.[0-9]+.[0-9]+
tags:
- v*
pull_request:
types:
# publish images for PRs labeled "publish" whenever changed/labeled
[ opened, reopened, synchronize, labeled ]
workflow_dispatch:
env:
REGISTRY: ghcr.io
jobs:
publish:
# for PRs, should only publish if it has "publish" label
if: ${{ (github.event_name != 'pull_request') || contains(github.event.pull_request.labels.*.name, 'publish') }}
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: npm
- name: Install Dev Dependencies and Build
run: |
npm install
npm run build
- name: Install Production Dependencies
run: |
rm -rf node_modules
npm install --only=production
- name: Login to the Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Extract Metadata (tags and labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ github.repository }}
- name: Build Docker Image
uses: docker/build-push-action@v5
with:
context: .
load: true
tags: ${{ env.REGISTRY }}/nasa-ammos/aerie-gateway:${{ github.sha }}
- name: Scan Docker image
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/nasa-ammos/aerie-gateway:${{ github.sha }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL'
- name: Push Docker Image
uses: docker/build-push-action@v5
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}