[Snyk] Fix for 2 vulnerabilities #315

Workflow file for this run

.github/workflows/docker-build.yaml at 884266b

	name: Docker Build

	on:
	pull_request:
	branches:
	- main
	paths:
	- app/**
	- assets/**
	- content/**
	- public/**
	- server/**
	- Dockerfile
	- nuxt.config.ts
	- nuxt.schema.ts
	- package.json
	- pnpm-lock.yaml
	- tailwind.config.ts
	- tsconfig.json
	push:
	branches:
	- main
	paths:
	- app/**
	- assets/**
	- content/**
	- public/**
	- server/**
	- Dockerfile
	- nuxt.config.ts
	- nuxt.schema.ts
	- package.json
	- pnpm-lock.yaml
	- tailwind.config.ts
	- tsconfig.json

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	docker-build:
	runs-on: ubuntu-latest
	steps:
	- name: checkout
	uses: actions/checkout@v4

	- name: qemu setup
	uses: docker/setup-qemu-action@v3

	- name: buildx setup
	uses: docker/setup-buildx-action@v3

	- name: set image tag
	if: ${{ github.event_name != 'pull_request' }}
	run: echo "IMAGE_TAG=${GITHUB_REF_NAME}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV

	- name: set image tag (pr)
	if: ${{ github.event_name == 'pull_request' }}
	run: echo "IMAGE_TAG=pr${{ github.event.number }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV

	- name: set environment
	run: \|
	echo "REPOSITORY=${GITHUB_REPOSITORY}" >> $GITHUB_ENV
	echo "OWNER=${GITHUB_REPOSITORY%/*}" >> $GITHUB_ENV
	echo "IMAGE=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
	echo "LABEL_URL=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}" >> $GITHUB_ENV
	echo "LABEL_REVISION=${GITHUB_SHA}" >> $GITHUB_ENV
	echo "BUILD_DATETIME=$(date +"%Y-%m-%dT%H:%M:%SZ")" >> $GITHUB_ENV

	- name: docker login
	uses: docker/login-action@v3
	with:
	registry: ${{ secrets.STJUDECLOUD_REGISTRY_URL }}
	username: ${{ secrets.STJUDECLOUD_REGISTRY_USERNAME }}
	password: ${{ secrets.STJUDECLOUD_REGISTRY_PASSWORD }}

	- name: docker build
	uses: docker/build-push-action@v5
	with:
	platforms: linux/amd64
	tags: ${{ secrets.STJUDECLOUD_REGISTRY_URL }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }}
	cache-from: type=gha
	cache-to: type=gha,mode=max
	pull: true
	push: true
	build-args: \|
	NUXT_UI_PRO_LICENSE=${{ secrets.NUXT_UI_PRO_LICENSE }}
	labels: \|
	org.opencontainers.image.title=${{ env.REPOSITORY }}
	org.opencontainers.image.url=${{ env.LABEL_URL }}
	org.opencontainers.image.source=${{ env.LABEL_URL }}
	org.opencontainers.image.version=${{ env.IMAGE_TAG }}
	org.opencontainers.image.revision=${{ env.LABEL_REVISION }}
	org.opencontainers.image.created=${{ env.BUILD_DATETIME }}

	- name: tag latest
	if: ${{ github.event_name != 'pull_request' }}
	run: \|
	docker pull ${{ secrets.STJUDECLOUD_REGISTRY_URL }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }}
	docker tag ${{ secrets.STJUDECLOUD_REGISTRY_URL }}/${{ env.REPOSITORY }}:${{ env.IMAGE_TAG }} ${{ secrets.STJUDECLOUD_REGISTRY_URL }}/${{ env.REPOSITORY }}:latest
	docker push ${{ secrets.STJUDECLOUD_REGISTRY_URL }}/${{ env.REPOSITORY }}:latest

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 2 vulnerabilities #315

Workflow file

[Snyk] Fix for 2 vulnerabilities #315

Uh oh!

Workflow file for this run