Skip to content

build: undo the changes to the lint-security-check workflow #549

build: undo the changes to the lint-security-check workflow

build: undo the changes to the lint-security-check workflow #549

Workflow file for this run

# Dev build workflow: builds and pushes Docker images to the Dev environment
# Note: consider
# - setting explicit minimal permissions (e.g., permissions: { contents: read })
# - adding concurrency to cancel superseded runs (group per branch, cancel-in-progress: true)
# - pinning actions to commit SHAs for supply-chain security
name: Setup, Build and Publish to Dev
# Runs on pushes to the development branch
on:
push:
branches: [development]
# Environment variables used across all jobs
env:
REPOSITORY_NAME: nmrxiv
REPOSITORY_NAMESPACE: nfdi4chem
jobs:
# Lint and Security check
lint-security:
name: Lint & Security
uses: ./.github/workflows/lint-security-check.yml
permissions:
contents: read
security-events: write
with:
run_php: true
run_js: true
run_secrets: true
# Run tests and collect coverage
test-coverage:
name: Tests & Coverage
uses: ./.github/workflows/test-coverage.yml
needs: [lint-security]
secrets: inherit
# Smoke test Docker images before pushing
smoke-test:
name: Smoke test Docker images
uses: ./.github/workflows/docker-smoke-test.yml
needs: [test-coverage]
# Build and publish Docker images for the development environment
build-and-push:
name: Build & push to Docker Hub
runs-on: ubuntu-latest
needs: [test-coverage, smoke-test, lint-security]
strategy:
matrix:
image:
- name: app
file: ./deployment/Dockerfile
tag: app-dev-latest
- name: worker
file: ./deployment/Dockerfile.worker
tag: worker-dev-latest
# Environment provides secrets and protection rules
environment:
name: Dev
steps:
# Checkout code
- name: Checkout
uses: actions/checkout@v4
# Docker Hub login (uses repository secrets)
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
# Set up Docker Buildx
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# Build and push image
- name: Build and push ${{ matrix.image.name }} image
uses: docker/build-push-action@v6
with:
context: .
file: ${{ matrix.image.file }}
push: true
build-args: |
RELEASE_VERSION=${{ matrix.image.tag }}
tags: ${{ env.REPOSITORY_NAMESPACE }}/${{ env.REPOSITORY_NAME }}:${{ matrix.image.tag }}
cache-from: type=gha,scope=${{ matrix.image.name }}
cache-to: type=gha,mode=max,scope=${{ matrix.image.name }}