Build artifacts #189
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| release: | |
| types: [ created ] | |
| name: Build artifacts | |
| permissions: | |
| id-token: write | |
| pull-requests: write | |
| packages: write | |
| contents: write | |
| jobs: | |
| upload-release: | |
| if: ${{ github.event_name == 'release' }} | |
| name: Upload nginx configuration artifacts | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: RDXWorks-actions/checkout@main | |
| - name: Generate artifacts | |
| run: | | |
| bash generate_artifact.sh | |
| - name: Upload Full Node Release Asset | |
| uses: RDXWorks-actions/action-gh-release@master | |
| with: | |
| files: | | |
| babylon-nginx-fullnode-conf.zip | |
| build-push-container-private: | |
| if: github.event_name == 'pull_request' | |
| name: Private | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main | |
| with: | |
| # image information | |
| image_registry: "docker.io" | |
| image_organization: "radixdlt" | |
| image_name: "private-babylon-nginx" | |
| tags: | | |
| ${{ github.head_ref }} | |
| development-latest | |
| # build information | |
| restore_artifact: "false" | |
| context: "." | |
| dockerfile: "./Dockerfile.alpine" | |
| platforms: "linux/amd64,linux/arm64" | |
| # optimizations | |
| cache_tag_suffix: "pr" | |
| scan_image: true | |
| snyk_target_ref: ${{ github.ref_name }} | |
| build-push-container-docker: | |
| name: Dockerhub | |
| if: github.event_name == 'release' | |
| uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main | |
| with: | |
| # image information | |
| image_registry: "docker.io" | |
| image_organization: "radixdlt" | |
| image_name: "babylon-nginx" | |
| tags: | | |
| ${{ github.event.release.tag_name }} | |
| development-latest | |
| # build information | |
| restore_artifact: "false" | |
| context: "." | |
| dockerfile: "./Dockerfile.alpine" | |
| platforms: "linux/amd64,linux/arm64" | |
| # optimizations | |
| cache_tag_suffix: "release" | |
| enable_dockerhub: "true" | |
| scan_image: true | |
| snyk_target_ref: ${{ github.ref_name }} | |
| secrets: | |
| role_to_assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }} | |
| snyk-monitor-devops: | |
| if: always() | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-push-container-docker | |
| - build-push-container-private | |
| permissions: | |
| id-token: write | |
| pull-requests: read | |
| contents: read | |
| deployments: write | |
| steps: | |
| - if: github.event_name == 'pull_request' | |
| uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main | |
| with: | |
| role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} | |
| app_name: 'babylon-nginx' | |
| dockerhub_secret_name: ${{ secrets.AWS_SECRET_NAME_DOCKERHUB }} | |
| snyk_secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} | |
| snyk_org_id: ${{ secrets.SNYK_DEVOPS_ORG_ID }} | |
| image: docker.io/radixdlt/private-babylon-nginx:${{ needs.build-push-container-private.outputs.default_tag }} | |
| target_ref: ${{ github.ref_name }} | |
| - if: github.event_name == 'release' | |
| uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main | |
| with: | |
| role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} | |
| app_name: 'babylon-nginx' | |
| dockerhub_secret_name: ${{ secrets.AWS_SECRET_NAME_DOCKERHUB }} | |
| snyk_secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} | |
| snyk_org_id: ${{ secrets.SNYK_DEVOPS_ORG_ID }} | |
| image: docker.io/radixdlt/private-babylon-nginx:${{ needs.build-push-container-docker.outputs.default_tag }} | |
| target_ref: ${{ github.ref_name }} | |
| snyk-monitor-network: | |
| if: always() | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-push-container-docker | |
| - build-push-container-private | |
| permissions: | |
| id-token: write | |
| pull-requests: read | |
| contents: read | |
| deployments: write | |
| steps: | |
| - if: github.event_name == 'pull_request' | |
| uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main | |
| with: | |
| role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} | |
| app_name: 'babylon-nginx' | |
| dockerhub_secret_name: ${{ secrets.AWS_SECRET_NAME_DOCKERHUB }} | |
| snyk_secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} | |
| snyk_org_id: ${{ secrets.SNYK_NETWORK_ORG_ID }} | |
| image: docker.io/radixdlt/private-babylon-nginx:${{ needs.build-push-container-private.outputs.default_tag }} | |
| target_ref: ${{ github.ref_name }} | |
| - if: github.event_name == 'release' | |
| uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main | |
| with: | |
| role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }} | |
| app_name: 'babylon-nginx' | |
| dockerhub_secret_name: ${{ secrets.AWS_SECRET_NAME_DOCKERHUB }} | |
| snyk_secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }} | |
| snyk_org_id: ${{ secrets.SNYK_NETWORK_ORG_ID }} | |
| image: docker.io/radixdlt/private-babylon-nginx:${{ needs.build-push-container-docker.outputs.default_tag }} | |
| target_ref: ${{ github.ref_name }} |