Skip to content
.github/workflows/stage-3-build-images-devtest.yaml

fix: sonarqube issues fix #16

Sign in to view logs

fix: sonarqube issues fix

fix: sonarqube issues fix #16

Workflow file for this run

.github/workflows/stage-3-build-images-devtest.yaml at 1594397
name: 'Docker Image CI - devtest'

Check failure on line 1 in .github/workflows/stage-3-build-images-devtest.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/stage-3-build-images-devtest.yaml

Invalid workflow file 

(Line: 109, Col: 15): Expected format {org}/{repo}[/path]@ref. Actual 'azure/login@v2@bbcc074a232a35d7283353c18aabf0de1d557775'
on:
workflow_call:
inputs:
environment_tag:
description: Environment of the deployment
required: true
type: string
default: development
docker_compose_file:
description: The path of the compose.yaml file needed to build docker images
required: true
type: string
function_app_source_code_path:
description: The source path of the function app source code for the docker builds
required: true
type: string
project_name:
description: The name of the project
required: true
type: string
excluded_containers_csv_list:
description: Excluded containers in a comma separated list
required: true
type: string
build_all_images:
description: Build all images (true) or only changed ones (false)
required: false
type: boolean
default: false
secrets:
client_id:
description: 'The Azure Client ID.'
required: true
tenant_id:
description: 'The Azure Tenant ID.'
required: true
subscription_id:
description: 'The Azure Subscription ID.'
required: true
acr_name:
description: 'The name of the Azure Container Registry.'
required: true
jobs:
get-functions:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
id-token: write
outputs:
FUNC_NAMES: ${{ steps.get-function-names.outputs.FUNC_NAMES }}
DOCKER_COMPOSE_DIR: ${{ steps.get-function-names.outputs.DOCKER_COMPOSE_DIR }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
token: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout dtos-devops-templates repository
uses: actions/checkout@v4
with:
repository: NHSDigital/dtos-devops-templates
path: templates
ref: main
- name: Determine which Docker container(s) to build
id: get-function-names
env:
COMPOSE_FILES_CSV: ${{ inputs.docker_compose_file }}
EXCLUDED_CONTAINERS_CSV: ${{ inputs.excluded_containers_csv_list }}
SOURCE_CODE_PATH: ${{ inputs.function_app_source_code_path }}
MANUAL_BUILD_ALL: ${{ inputs.build_all_images || false }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: bash scripts/deployment/get-docker-names.sh
build-and-push:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
pull-requests: read
needs: get-functions
strategy:
matrix:
function: ${{ fromJSON(needs.get-functions.outputs.FUNC_NAMES) }}
if: needs.get-functions.outputs.FUNC_NAMES != '[]'
outputs:
short_commit_hash: ${{ env.COMMIT_HASH_TAG }}
devtest_pr_num_tag: ${{ env.DEVTEST_PR_NUM_TAG }}
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 1
submodules: 'true'
- name: Checkout dtos-devops-templates repository
uses: actions/checkout@v4
with:
repository: NHSDigital/dtos-devops-templates
path: templates
ref: main
- name: Az CLI login
uses: azure/login@v2@bbcc074a232a35d7283353c18aabf0de1d557775
with:
client-id: ${{ secrets.client_id }}
tenant-id: ${{ secrets.tenant_id }}
subscription-id: ${{ secrets.subscription_id }}
- name: Azure Container Registry login
env:
ACR_NAME: ${{ secrets.acr_name }}
run: az acr login --name ${ACR_NAME}
- name: Create Tags
env:
GH_TOKEN: ${{ github.token }}
ENVIRONMENT_TAG: ${{ inputs.environment_tag }}
continue-on-error: false
run: |
echo "The branch is: ${GITHUB_REF}"
PR_NUM=$(gh api repos/${{ github.repository }}/commits/${{ github.sha }}/pulls --jq '.[0].number')
PR_NUM_TAG="pr${PR_NUM}"
DEVTEST_PR_NUM_TAG="devtest_${PR_NUM_TAG}"
echo "DEVTEST_PR_NUM_TAG=${DEVTEST_PR_NUM_TAG}" >> ${GITHUB_ENV}
SHORT_COMMIT_HASH=$(git rev-parse --short ${GITHUB_SHA})
echo "COMMIT_HASH_TAG=${SHORT_COMMIT_HASH}" >> ${GITHUB_ENV}
echo "ENVIRONMENT_TAG=${ENVIRONMENT_TAG}" >> ${GITHUB_ENV}
- name: Build and Push Image
working-directory: ${{ steps.get-function-names.outputs.DOCKER_COMPOSE_DIR }}
continue-on-error: false
env:
COMPOSE_FILE: ${{ inputs.docker_compose_file }}
PROJECT_NAME: ${{ inputs.project_name }}
ACR_NAME: ${{ secrets.acr_name }}
run: |
function=${{ matrix.function }}
echo PROJECT_NAME: ${PROJECT_NAME}
if [ -z "${function}" ]; then
echo "Function variable is empty. Skipping Docker build."
exit 0
fi
# Build the image
docker compose -f ${COMPOSE_FILE//,/ -f } -p ${PROJECT_NAME} --profile "*" build --no-cache --pull ${function}
repo_name="${ACR_NAME}.azurecr.io/${PROJECT_NAME}-${function}"
echo $(repo_name)
# Tag the image
echo "Tag the image:"
docker tag ${PROJECT_NAME}-${function}:latest "$repo_name:${DEVTEST_PR_NUM_TAG}"
# If this variable is set, the create-sbom-report.sh script will scan this docker image instead.
export CHECK_DOCKER_IMAGE=${PROJECT_NAME}-${function}:latest
export FORCE_USE_DOCKER=true
# Push the image to the repository
docker push "${repo_name}:${DEVTEST_PR_NUM_TAG}"
- name: Cleanup the docker images
env:
PROJECT_NAME: ${{ inputs.project_name }}
ACR_NAME: ${{ secrets.acr_name }}
run: |
function=${{ matrix.function }}
repo_name="${ACR_NAME}.azurecr.io/${PROJECT_NAME}-${function}"
# Remove the images
docker rmi "${repo_name}:${DEVTEST_PR_NUM_TAG}"
docker rmi ${PROJECT_NAME}-${function}:latest