name: Docker Hub Workflow run-name: Docker Hub Workflow on: workflow_dispatch: push: branches: - 'main' tags: - 'v*' pull_request: branches: - 'main' env: DOCKER_USER: 1001:127 jobs: trivy-scan: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: | lasuite/people-backend lasuite/people-frontend - name: Run trivy scan (backend) uses: numerique-gouv/action-trivy-cache@main with: docker-build-args: '--target backend-production -f Dockerfile' docker-image-name: 'docker.io/lasuite/people-backend:${{ github.sha }}' - name: Run trivy scan (frontend) uses: numerique-gouv/action-trivy-cache@main with: docker-build-args: '--target frontend-production -f src/frontend/Dockerfile' docker-image-name: 'docker.io/lasuite/people-frontend:${{ github.sha }}' build-and-push-backend: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: lasuite/people-backend - name: Login to DockerHub if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} - name: create-version-json id: create-version-json uses: jsdaniell/create-json@v1.2.3 with: name: "version.json" json: '{"source":"${{github.repository}}", "version":"${{github.ref_name}}", "commit":"${{github.sha}}", "build": "NA"}' dir: 'src/backend' - name: Build and push uses: docker/build-push-action@v6 with: context: . target: backend-production build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-and-push-frontend: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: lasuite/people-frontend - name: create-version-json id: create-version-json uses: jsdaniell/create-json@v1.2.3 with: name: "version.json" json: '{"source":"${{github.repository}}", "version":"${{github.ref_name}}", "commit":"${{github.sha}}", "build": "NA"}' dir: 'src/frontend/apps/desk' - name: Login to DockerHub if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} - name: Build and push uses: docker/build-push-action@v6 with: context: . file: ./src/frontend/Dockerfile target: frontend-production build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} notify-argocd: needs: - build-and-push-frontend - build-and-push-backend runs-on: ubuntu-latest if: github.event_name != 'pull_request' steps: - uses: numerique-gouv/action-argocd-webhook-notification@main id: notify with: deployment_repo_path: "${{ secrets.DEPLOYMENT_REPO_URL }}" argocd_webhook_secret: "${{ secrets.ARGOCD_PREPROD_WEBHOOK_SECRET }}" argocd_url: "${{ vars.ARGOCD_PREPROD_WEBHOOK_URL }}"