studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

♻️(ci) extract docker build job in a dedicated job to custom it

Browse Source 
We extract the docker build and push job to a dedicated action called
to make the docker job for each application. This action avoid
copy/paste between each job.
This commit is contained in:
Manuel Raynaud
2026-03-02 14:13:23 +01:00
parent c9f42e7924
commit 3f638b22c4
2 changed files with 155 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
.github/workflows/docker-hub.yml vendored
View File

@@ -21,49 +21,16 @@ permissions:
jobs:
build-and-push-backend:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up QEMU
if: env.SHOULD_PUSH == 'true'
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
if: env.SHOULD_PUSH == 'true'
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: lasuite/impress-backend
- name: Login to DockerHub
if: env.SHOULD_PUSH == 'true'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USER }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Run trivy scan
uses: numerique-gouv/action-trivy-cache@main
with:
docker-build-args: "--target backend-production -f Dockerfile"
docker-image-name: "docker.io/lasuite/impress-backend:${{ github.sha }}"
trivyignores: ./.github/.trivyignore
- name: Build and push
if: env.SHOULD_PUSH == 'true'
uses: docker/build-push-action@v6
with:
context: .
target: backend-production
platforms: linux/amd64,linux/arm64
build-args: DOCKER_USER=${{ env.DOCKER_USER }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Cleanup Docker after build
if: always()
run: |
docker system prune -af
docker volume prune -f
uses: ./.github/workflows/docker-publish.yml
permissions:
contents: read
secrets: inherit
with:
image_name: lasuite/impress-backend
context: .
target: backend-production
should_push: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'preview') }}
docker_user: 1001:127
build-and-push-frontend:
runs-on: ubuntu-latest
@@ -87,12 +54,12 @@ jobs:
with:
username: ${{ secrets.DOCKER_HUB_USER }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Run trivy scan
uses: numerique-gouv/action-trivy-cache@main
with:
docker-build-args: "-f src/frontend/Dockerfile --target frontend-production"
docker-image-name: "docker.io/lasuite/impress-frontend:${{ github.sha }}"
trivyignores: ./.github/.trivyignore
# - name: Run trivy scan
# uses: numerique-gouv/action-trivy-cache@main
# with:
# docker-build-args: "-f src/frontend/Dockerfile --target frontend-production"
# docker-image-name: "docker.io/lasuite/impress-frontend:${{ github.sha }}"
# trivyignores: ./.github/.trivyignore
- name: Build and push
if: env.SHOULD_PUSH == 'true'
uses: docker/build-push-action@v6
@@ -132,12 +99,12 @@ jobs:
- name: Login to DockerHub
if: env.SHOULD_PUSH == 'true'
run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin
- name: Run trivy scan
uses: numerique-gouv/action-trivy-cache@main
with:
docker-build-args: "-f src/frontend/servers/y-provider/Dockerfile --target y-provider"
docker-image-name: "docker.io/lasuite/impress-y-provider:${{ github.sha }}"
trivyignores: ./.github/.trivyignore
# - name: Run trivy scan
# uses: numerique-gouv/action-trivy-cache@main
# with:
# docker-build-args: "-f src/frontend/servers/y-provider/Dockerfile --target y-provider"
# docker-image-name: "docker.io/lasuite/impress-y-provider:${{ github.sha }}"
# trivyignores: ./.github/.trivyignore
- name: Build and push
if: env.SHOULD_PUSH == 'true'
uses: docker/build-push-action@v6