meet/.github/workflows/docker-hub.yml

name: Docker Hub Workflow
run-name: Docker Hub Workflow

on:
  workflow_dispatch:
  push:
    branches:
      - 'main'
    tags:
      - 'v*'
  pull_request:
    branches:
      - 'main'

env:
  DOCKER_USER: 1001:127
  DOCKER_CONTAINER_REGISTRY_HOSTNAME: docker.io
  DOCKER_CONTAINER_REGISTRY_NAMESPACE: lasuite

jobs:
  build-and-push-backend:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout repository
        uses: actions/checkout@v4
      -
        name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: '${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-backend'
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USER }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
#      -
#        name: Run trivy scan
#        uses: numerique-gouv/action-trivy-cache@main
#        with:
#          docker-build-args: '--target backend-production -f Dockerfile'
#          docker-image-name: '${{ env.DOCKER_CONTAINER_REGISTRY_HOSTNAME }}/${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-backend:${{ github.sha }}'
      -
        name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: .
          target: backend-production
          build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

  build-and-push-frontend-generic:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout repository
        uses: actions/checkout@v4
      -
        name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: '${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-frontend'
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USER }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
      -
        name: Run trivy scan
        uses: numerique-gouv/action-trivy-cache@main
        with:
          docker-build-args: '-f src/frontend/Dockerfile --target frontend-production'
          docker-image-name: '${{ env.DOCKER_CONTAINER_REGISTRY_HOSTNAME }}/${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-frontend:${{ github.sha }}'
      -
        name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./src/frontend/Dockerfile
          target: frontend-production
          build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

  build-and-push-frontend-dinum:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout repository
        uses: actions/checkout@v4
      -
        name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: '${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-frontend-dinum'
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USER }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
      -
        name: Run trivy scan
        uses: numerique-gouv/action-trivy-cache@main
        with:
          docker-build-args: '-f docker/dinum-frontend/Dockerfile --target frontend-production'
          docker-image-name: '${{ env.DOCKER_CONTAINER_REGISTRY_HOSTNAME }}/${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-frontend-dinum:${{ github.sha }}'
      -
        name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./docker/dinum-frontend/Dockerfile
          target: frontend-production
          build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

  build-and-push-summary:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout repository
        uses: actions/checkout@v4
      -
        name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: '${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-summary'
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USER }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
      -
        name: Run trivy scan
        uses: numerique-gouv/action-trivy-cache@main
        continue-on-error: true
        with:
          docker-build-args: '-f src/summary/Dockerfile --target production'
          docker-image-name: '${{ env.DOCKER_CONTAINER_REGISTRY_HOSTNAME }}/${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-summary:${{ github.sha }}'
          docker-context: './src/summary'
      -
        name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: ./src/summary
          file: ./src/summary/Dockerfile
          target: production
          build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

  build-and-push-agents:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout repository
        uses: actions/checkout@v4
      -
        name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: lasuite/meet-agents
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USER }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
      -
        name: Run trivy scan
        uses: numerique-gouv/action-trivy-cache@main
        continue-on-error: true
        with:
          docker-build-args: '-f src/agents/Dockerfile --target production'
          docker-image-name: '${{ env.DOCKER_CONTAINER_REGISTRY_HOSTNAME }}/${{ env.DOCKER_CONTAINER_REGISTRY_NAMESPACE }}/meet-agents:${{ github.sha }}'
          docker-context: './src/agents'
      -
        name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: ./src/agents
          file: ./src/agents/Dockerfile
          target: production
          build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

  notify-argocd:
    needs:
      - build-and-push-frontend-generic
      - build-and-push-frontend-dinum
      - build-and-push-backend
      - build-and-push-summary
      - build-and-push-agents
    runs-on: ubuntu-latest
    if: github.event_name != 'pull_request'
    steps:
      - uses: numerique-gouv/action-argocd-webhook-notification@main
        id: notify
        with:
          deployment_repo_path: "${{ secrets.DEPLOYMENT_REPO_URL }}"
          argocd_webhook_secret: "${{ secrets.ARGOCD_PREPROD_WEBHOOK_SECRET }}"
          argocd_url: "${{ vars.ARGOCD_PREPROD_WEBHOOK_URL }}"