studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

️(CI) optimize Docker Hub workflow

Browse Source 
We use the Docker Hub Workflow to build and push
our images to Docker Hub, but to check if we
have vulnerabilities in our images as well.
When we are just checking for vulnerabilities,
we don't need to do all the builing steps.
This commit optimizes the workflow by only doing the
necessary steps when we are just checking for
vulnerabilities, so during pull requests
without label "preview" we skip the build steps,
and we do not activate QEMU.
This commit is contained in:
Anthony LC
2026-02-25 14:40:38 +01:00
parent a8212753aa
commit 21217be587
2 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
.github/workflows/docker-hub.yml vendored
View File

@@ -11,10 +11,10 @@ on:
pull_request: pull_request:
branches: branches:
- "main" - "main"
- "ci/trivy-fails"
env: env:
DOCKER_USER: 1001:127 DOCKER_USER: 1001:127
SHOULD_PUSH: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') }}
permissions: permissions:
contents: read contents: read
@@ -26,8 +26,10 @@ jobs:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Set up QEMU - name: Set up QEMU
if: env.SHOULD_PUSH == 'true'
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx - name: Set up Docker Buildx
if: env.SHOULD_PUSH == 'true'
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Docker meta - name: Docker meta
id: meta id: meta
@@ -35,7 +37,7 @@ jobs:
with: with:
images: lasuite/impress-backend images: lasuite/impress-backend
- name: Login to DockerHub - name: Login to DockerHub
if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') if: env.SHOULD_PUSH == 'true'
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_HUB_USER }} username: ${{ secrets.DOCKER_HUB_USER }}
@@ -47,13 +49,14 @@ jobs:
docker-image-name: "docker.io/lasuite/impress-backend:${{ github.sha }}" docker-image-name: "docker.io/lasuite/impress-backend:${{ github.sha }}"
trivyignores: ./.github/.trivyignore trivyignores: ./.github/.trivyignore
- name: Build and push - name: Build and push
if: env.SHOULD_PUSH == 'true'
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
context: . context: .
target: backend-production target: backend-production
platforms: linux/amd64,linux/arm64 platforms: linux/amd64,linux/arm64
build-args: DOCKER_USER=${{ env.DOCKER_USER }} build-args: DOCKER_USER=${{ env.DOCKER_USER }}
push: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') }} push: true
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
- name: Cleanup Docker after build - name: Cleanup Docker after build
@@ -68,8 +71,10 @@ jobs:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Set up QEMU - name: Set up QEMU
if: env.SHOULD_PUSH == 'true'
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx - name: Set up Docker Buildx
if: env.SHOULD_PUSH == 'true'
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Docker meta - name: Docker meta
id: meta id: meta
@@ -77,7 +82,7 @@ jobs:
with: with:
images: lasuite/impress-frontend images: lasuite/impress-frontend
- name: Login to DockerHub - name: Login to DockerHub
if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') if: env.SHOULD_PUSH == 'true'
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_HUB_USER }} username: ${{ secrets.DOCKER_HUB_USER }}
@@ -89,6 +94,7 @@ jobs:
docker-image-name: "docker.io/lasuite/impress-frontend:${{ github.sha }}" docker-image-name: "docker.io/lasuite/impress-frontend:${{ github.sha }}"
trivyignores: ./.github/.trivyignore trivyignores: ./.github/.trivyignore
- name: Build and push - name: Build and push
if: env.SHOULD_PUSH == 'true'
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
context: . context: .
@@ -98,7 +104,7 @@ jobs:
build-args: | build-args: |
DOCKER_USER=${{ env.DOCKER_USER }} DOCKER_USER=${{ env.DOCKER_USER }}
PUBLISH_AS_MIT=false PUBLISH_AS_MIT=false
push: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') }} push: true
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
- name: Cleanup Docker after build - name: Cleanup Docker after build
@@ -113,8 +119,10 @@ jobs:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Set up QEMU - name: Set up QEMU
if: env.SHOULD_PUSH == 'true'
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx - name: Set up Docker Buildx
if: env.SHOULD_PUSH == 'true'
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Docker meta - name: Docker meta
id: meta id: meta
@@ -122,7 +130,7 @@ jobs:
with: with:
images: lasuite/impress-y-provider images: lasuite/impress-y-provider
- name: Login to DockerHub - name: Login to DockerHub
if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') if: env.SHOULD_PUSH == 'true'
run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin
- name: Run trivy scan - name: Run trivy scan
uses: numerique-gouv/action-trivy-cache@main uses: numerique-gouv/action-trivy-cache@main
@@ -131,6 +139,7 @@ jobs:
docker-image-name: "docker.io/lasuite/impress-y-provider:${{ github.sha }}" docker-image-name: "docker.io/lasuite/impress-y-provider:${{ github.sha }}"
trivyignores: ./.github/.trivyignore trivyignores: ./.github/.trivyignore
- name: Build and push - name: Build and push
if: env.SHOULD_PUSH == 'true'
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
context: . context: .
@@ -138,7 +147,7 @@ jobs:
target: y-provider target: y-provider
platforms: linux/amd64,linux/arm64 platforms: linux/amd64,linux/arm64
build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000 build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000
push: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') }} push: true
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
- name: Cleanup Docker after build - name: Cleanup Docker after build

1
CHANGELOG.md
View File

@@ -25,6 +25,7 @@ and this project adheres to
- 💄(frontend) align colors and logo with ui-kit v2 #1869 - 💄(frontend) align colors and logo with ui-kit v2 #1869
- 🚸(backend) sort user search results by proximity with the active user #1802 - 🚸(backend) sort user search results by proximity with the active user #1802
- 🚸(oidc) ignore case when fallback on email #1880 - 🚸(oidc) ignore case when fallback on email #1880
- ⚡️(CI) optimize Docker Hub workflow #1919
### Fixed ### Fixed