Skip to content

Replace phase notes and markdown documents with methodology report #12

Replace phase notes and markdown documents with methodology report

Replace phase notes and markdown documents with methodology report #12

name: Build & Push Docker Images
on:
push:
branches: [main]
paths:
- 'backend/**'
- 'frontend/**'
- 'pentest/**'
- 'docker-compose*.yml'
- '.github/workflows/docker-publish.yml'
release:
types: [published]
env:
REGISTRY: docker.io
BACKEND_IMAGE: vasco0x4/aida-backend
FRONTEND_IMAGE: vasco0x4/aida-frontend
PENTEST_IMAGE: vasco0x4/aida-pentest
jobs:
# ---------------------------------------------------------------------------
# Determine which images need rebuilding (skip unchanged on push to main)
# ---------------------------------------------------------------------------
changes:
runs-on: ubuntu-latest
if: github.event_name != 'release'
outputs:
backend: ${{ steps.filter.outputs.backend }}
frontend: ${{ steps.filter.outputs.frontend }}
pentest: ${{ steps.filter.outputs.pentest }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
backend:
- 'backend/**'
frontend:
- 'frontend/**'
pentest:
- 'pentest/**'
# ---------------------------------------------------------------------------
# Backend
# ---------------------------------------------------------------------------
backend:
runs-on: ubuntu-latest
needs: [changes]
if: always() && (github.event_name == 'release' || needs.changes.outputs.backend == 'true')
steps:
- uses: actions/checkout@v4
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: docker/metadata-action@v5
id: meta
with:
images: ${{ env.BACKEND_IMAGE }}
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- uses: docker/build-push-action@v6
with:
context: ./backend
file: ./backend/Dockerfile
platforms: linux/amd64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
# ---------------------------------------------------------------------------
# Frontend (Nginx production build)
# ---------------------------------------------------------------------------
frontend:
runs-on: ubuntu-latest
needs: [changes]
if: always() && (github.event_name == 'release' || needs.changes.outputs.frontend == 'true')
steps:
- uses: actions/checkout@v4
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: docker/metadata-action@v5
id: meta
with:
images: ${{ env.FRONTEND_IMAGE }}
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- uses: docker/build-push-action@v6
with:
context: ./frontend
file: ./frontend/Dockerfile.prod
platforms: linux/amd64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
# ---------------------------------------------------------------------------
# Pentest container
# ---------------------------------------------------------------------------
pentest:
runs-on: ubuntu-latest
needs: [changes]
if: always() && (github.event_name == 'release' || needs.changes.outputs.pentest == 'true')
steps:
- uses: actions/checkout@v4
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: docker/metadata-action@v5
id: meta
with:
images: ${{ env.PENTEST_IMAGE }}
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- uses: docker/build-push-action@v6
with:
context: ./pentest
file: ./pentest/Dockerfile
platforms: linux/amd64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max