build: undo the changes to the lint-security-check workflow #549
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Dev build workflow: builds and pushes Docker images to the Dev environment | |
| # Note: consider | |
| # - setting explicit minimal permissions (e.g., permissions: { contents: read }) | |
| # - adding concurrency to cancel superseded runs (group per branch, cancel-in-progress: true) | |
| # - pinning actions to commit SHAs for supply-chain security | |
| name: Setup, Build and Publish to Dev | |
| # Runs on pushes to the development branch | |
| on: | |
| push: | |
| branches: [development] | |
| # Environment variables used across all jobs | |
| env: | |
| REPOSITORY_NAME: nmrxiv | |
| REPOSITORY_NAMESPACE: nfdi4chem | |
| jobs: | |
| # Lint and Security check | |
| lint-security: | |
| name: Lint & Security | |
| uses: ./.github/workflows/lint-security-check.yml | |
| permissions: | |
| contents: read | |
| security-events: write | |
| with: | |
| run_php: true | |
| run_js: true | |
| run_secrets: true | |
| # Run tests and collect coverage | |
| test-coverage: | |
| name: Tests & Coverage | |
| uses: ./.github/workflows/test-coverage.yml | |
| needs: [lint-security] | |
| secrets: inherit | |
| # Smoke test Docker images before pushing | |
| smoke-test: | |
| name: Smoke test Docker images | |
| uses: ./.github/workflows/docker-smoke-test.yml | |
| needs: [test-coverage] | |
| # Build and publish Docker images for the development environment | |
| build-and-push: | |
| name: Build & push to Docker Hub | |
| runs-on: ubuntu-latest | |
| needs: [test-coverage, smoke-test, lint-security] | |
| strategy: | |
| matrix: | |
| image: | |
| - name: app | |
| file: ./deployment/Dockerfile | |
| tag: app-dev-latest | |
| - name: worker | |
| file: ./deployment/Dockerfile.worker | |
| tag: worker-dev-latest | |
| # Environment provides secrets and protection rules | |
| environment: | |
| name: Dev | |
| steps: | |
| # Checkout code | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # Docker Hub login (uses repository secrets) | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| password: ${{ secrets.DOCKER_HUB_PASSWORD }} | |
| # Set up Docker Buildx | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # Build and push image | |
| - name: Build and push ${{ matrix.image.name }} image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ${{ matrix.image.file }} | |
| push: true | |
| build-args: | | |
| RELEASE_VERSION=${{ matrix.image.tag }} | |
| tags: ${{ env.REPOSITORY_NAMESPACE }}/${{ env.REPOSITORY_NAME }}:${{ matrix.image.tag }} | |
| cache-from: type=gha,scope=${{ matrix.image.name }} | |
| cache-to: type=gha,mode=max,scope=${{ matrix.image.name }} |