Skip to content

[Snyk] Security upgrade tomcat from 8.5.82-jre11-temurin to 8.5.99-jre11-temurin #78

[Snyk] Security upgrade tomcat from 8.5.82-jre11-temurin to 8.5.99-jre11-temurin

[Snyk] Security upgrade tomcat from 8.5.82-jre11-temurin to 8.5.99-jre11-temurin #78

#
# Copyright contributors to the Galasa project
#
# SPDX-License-Identifier: EPL-2.0
#
name: Build custom images for automation
on:
pull_request:
branches:
- 'main'
push:
branches:
- 'main'
env:
REGISTRY: ghcr.io
NAMESPACE: galasa-dev
jobs:
build-gpg-image:
name: Build the 'gpg' image
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to the GitHub Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: galasa-team
password: ${{ secrets.GALASA_TEAM_WRITE_PACKAGES_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/gpg
- name: Build 'gpg' Docker image
if: github.event.pull_request.base.ref == 'main'
id: build
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: dockerfiles/common
file: dockerfiles/common/gpg-dockerfile
push: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push 'gpg' Docker image
if: github.ref == 'refs/heads/main'
id: build-push
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: dockerfiles/common
file: dockerfiles/common/gpg-dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-kubectl-image:
name: Build the 'kubectl' image
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to the GitHub Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: galasa-team
password: ${{ secrets.GALASA_TEAM_WRITE_PACKAGES_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/kubectl
- name: Build 'kubectl' Docker image
if: github.event.pull_request.base.ref == 'main'
id: build
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: dockerfiles/common
file: dockerfiles/common/kubectl-dockerfile
push: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push 'kubectl' Docker image
if: github.ref == 'refs/heads/main'
id: build-push
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: dockerfiles/common
file: dockerfiles/common/kubectl-dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-argocdcli-image:
name: Build the 'argocdcli' image
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to the GitHub Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: galasa-team
password: ${{ secrets.GALASA_TEAM_WRITE_PACKAGES_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/argocdcli
- name: Build 'argocdcli' Docker image
if: github.event.pull_request.base.ref == 'main'
id: build
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: dockerfiles/common
file: dockerfiles/common/argocd-dockerfile
push: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push 'argocdcli' Docker image
if: github.ref == 'refs/heads/main'
id: build-push
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: dockerfiles/common
file: dockerfiles/common/argocd-dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-gitcli-image:
name: Build the 'gitcli' image
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to the GitHub Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: galasa-team
password: ${{ secrets.GALASA_TEAM_WRITE_PACKAGES_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/gitcli
- name: Build 'gitcli' Docker image
if: github.event.pull_request.base.ref == 'main'
id: build
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: dockerfiles/common
file: dockerfiles/common/gitcli-dockerfile
push: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push 'gitcli' Docker image
if: github.ref == 'refs/heads/main'
id: build-push
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: dockerfiles/common
file: dockerfiles/common/gitcli-dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-openapi-image:
name: Build the 'openapi' image
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to the GitHub Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: galasa-team
password: ${{ secrets.GALASA_TEAM_WRITE_PACKAGES_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/openapi
- name: Build 'openapi' Docker image
if: github.event.pull_request.base.ref == 'main'
id: build
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: dockerfiles/common
file: dockerfiles/common/openapi-dockerfile
push: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push 'openapi' Docker image
if: github.ref == 'refs/heads/main'
id: build-push
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: dockerfiles/common
file: dockerfiles/common/openapi-dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-swagger-image:
name: Build the 'swagger' image
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to the GitHub Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: galasa-team
password: ${{ secrets.GALASA_TEAM_WRITE_PACKAGES_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/swagger
- name: Build 'swagger' Docker image
if: github.event.pull_request.base.ref == 'main'
id: build
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: dockerfiles/common
file: dockerfiles/common/swagger-dockerfile
push: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push 'swagger' Docker image
if: github.ref == 'refs/heads/main'
id: build-push
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: dockerfiles/common
file: dockerfiles/common/swagger-dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-openjdk17-ibm-gradle-image:
name: Build the 'openjdk17-ibm-gradle' image
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to the GitHub Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: galasa-team
password: ${{ secrets.GALASA_TEAM_WRITE_PACKAGES_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/openjdk17-ibm-gradle
- name: Build 'openjdk17-ibm-gradle' Docker image
if: github.event.pull_request.base.ref == 'main'
id: build
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: dockerfiles/certs
file: dockerfiles/common/openjdk17-ibm-gradle-dockerfile
push: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push 'openjdk17-ibm-gradle' Docker image
if: github.ref == 'refs/heads/main'
id: build-push
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: dockerfiles/certs
file: dockerfiles/common/openjdk17-ibm-gradle-dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
report-failure:
name: Report failure in workflow
runs-on: ubuntu-latest
needs: [build-gpg-image, build-kubectl-image, build-argocdcli-image, build-gitcli-image, build-openapi-image, build-swagger-image, build-openjdk17-ibm-gradle-image]
if: failure()
steps:
- name: Report failure in workflow to Slack
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
run : |
docker run --rm -v ${{ github.workspace }}:/var/workspace ghcr.io/galasa-dev/galasabld-ibm:main slackpost workflows --repo "automation" --workflowName "${{ github.workflow }}" --workflowRunNum "${{ github.run_id }}" --ref "${{ env.BRANCH }}" --hook "${{ env.SLACK_WEBHOOK }}"