name: Docker Hub Workflow run-name: Docker Hub Workflow on: workflow_dispatch: push: branches: - 'main' tags: - 'v*' pull_request: branches: - 'main' env: DOCKER_USER: 1001:127 DOCKER_CONTAINER_REGISTRY_HOSTNAME: docker.io DOCKER_CONTAINER_REGISTRY_NAMESPACE: lasuite jobs: build-and-push-backend: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: '${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-backend' - name: Login to DockerHub if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} # - # name: Run trivy scan # uses: numerique-gouv/action-trivy-cache@main # with: # docker-build-args: '--target backend-production -f Dockerfile' # docker-image-name: '${{ env.DOCKER_CONTAINER_REGISTRY_HOSTNAME }}/${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-backend:${{ github.sha }}' - name: Build and push uses: docker/build-push-action@v6 with: context: . target: backend-production platforms: linux/amd64,linux/arm64 build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-and-push-frontend-generic: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: '${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-frontend' - name: Login to DockerHub if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} # - # name: Run trivy scan # uses: numerique-gouv/action-trivy-cache@main # with: # docker-build-args: '-f src/frontend/Dockerfile --target frontend-production' # docker-image-name: '${{ env.DOCKER_CONTAINER_REGISTRY_HOSTNAME }}/${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-frontend:${{ github.sha }}' - name: Build and push uses: docker/build-push-action@v6 with: context: . file: ./src/frontend/Dockerfile target: frontend-production platforms: linux/amd64,linux/arm64 build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-and-push-frontend-dinum: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: '${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-frontend-dinum' - name: Login to DockerHub if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} # - # name: Run trivy scan # uses: numerique-gouv/action-trivy-cache@main # with: # docker-build-args: '-f docker/dinum-frontend/Dockerfile --target frontend-production' # docker-image-name: '${{ env.DOCKER_CONTAINER_REGISTRY_HOSTNAME }}/${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-frontend-dinum:${{ github.sha }}' - name: Build and push uses: docker/build-push-action@v6 with: context: . file: ./docker/dinum-frontend/Dockerfile target: frontend-production platforms: linux/amd64,linux/arm64 build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-and-push-summary: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: '${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-summary' - name: Login to DockerHub if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} # - # name: Run trivy scan # uses: numerique-gouv/action-trivy-cache@main # continue-on-error: true # with: # docker-build-args: '-f src/summary/Dockerfile --target production' # docker-image-name: '${{ env.DOCKER_CONTAINER_REGISTRY_HOSTNAME }}/${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-summary:${{ github.sha }}' docker-context: './src/summary' - name: Build and push uses: docker/build-push-action@v6 with: context: ./src/summary file: ./src/summary/Dockerfile target: production platforms: linux/amd64,linux/arm64 build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-and-push-agents: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: lasuite/meet-agents - name: Login to DockerHub if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} # - # name: Run trivy scan # uses: numerique-gouv/action-trivy-cache@main # continue-on-error: true # with: # docker-build-args: '-f src/agents/Dockerfile --target production' # docker-image-name: '${{ env.DOCKER_CONTAINER_REGISTRY_HOSTNAME }}/${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-agents:${{ github.sha }}' # docker-context: './src/agents' - name: Build and push uses: docker/build-push-action@v6 with: context: ./src/agents file: ./src/agents/Dockerfile target: production platforms: linux/amd64,linux/arm64 build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} notify-argocd: needs: - build-and-push-frontend-generic - build-and-push-frontend-dinum - build-and-push-backend - build-and-push-summary - build-and-push-agents runs-on: ubuntu-latest if: github.event_name != 'pull_request' steps: - uses: numerique-gouv/action-argocd-webhook-notification@main id: notify with: deployment_repo_path: "${{ secrets.DEPLOYMENT_REPO_URL }}" argocd_webhook_secret: "${{ secrets.ARGOCD_PREPROD_WEBHOOK_SECRET }}" argocd_url: "${{ vars.ARGOCD_PREPROD_WEBHOOK_URL }}"