1- # inspired by https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
2- name : Build & Push SwaggerUI multi platform Docker image
1+ name : Build & Push SwaggerUI Docker image
32
43on :
5- workflow_dispatch :
6- inputs :
7- git_ref :
8- description : Git branch, tag or SHA to checkout.
9- type : string
10- required : true
11- docker_tag :
12- description : Docker tag associated with the `git_ref`
13- type : string
14- required : true
15-
16- repository_dispatch :
17- type : [docker_build_push]
18-
19- env :
20- REGISTRY_IMAGE : swaggerapi/swagger-ui
4+ workflow_run :
5+ workflows : ["Release SwaggerUI"]
6+ types :
7+ - completed
8+ branches : [master]
219
2210jobs :
23- inputs :
24- name : Normalize inputs
11+
12+ build-push :
13+ if : github.event.workflow_run.conclusion == 'success'
14+ name : Build & Push SwaggerUI Docker image
2515 runs-on : ubuntu-latest
26- outputs :
27- git_ref : ${{ steps.workflow_dispatch.outputs.git_ref || steps.repository_dispatch.outputs.git_ref }}
28- docker_tag : ${{ steps.workflow_dispatch.outputs.docker_tag || steps.repository_dispatch.outputs.docker_tag }}
2916
3017 steps :
31- - name : Normalize inputs of `workflow_dispatch` event
32- id : workflow_dispatch
33- if : ${{ github.event_name == 'workflow_dispatch' }}
34- run : |
35- echo "git_ref=${{ inputs.git_ref }}" >> "$GITHUB_OUTPUT"
36- echo "docker_tag=${{ inputs.docker_tag }}" >> "$GITHUB_OUTPUT"
37-
38- name : Normalize inputs of `repository_dispatch` event
39- id : repository_dispatch
40- if : ${{ github.event_name == 'repository_dispatch' }}
41- run : |
42- echo "git_ref=${{ github.event.client_payload.git_ref }}" >> "$GITHUB_OUTPUT"
43- echo "docker_tag=${{ github.event.client_payload.docker_tag }}" >> "$GITHUB_OUTPUT"
18+ - uses : actions/checkout@v4
4419
20+ - name : Use Node.js 22
21+ uses : actions/setup-node@v4
22+ with :
23+ node-version : 22
24+ cache : npm
25+ cache-dependency-path : package-lock.json
4526
27+ - name : Install dependencies
28+ run : npm ci
4629
47- build :
48- name : Build & Push SwaggerUI platform specific Docker images
49- runs-on : ubuntu-latest
50- strategy :
51- fail-fast : false
52- matrix :
53- platform :
54- # linux/amd64 is already built by Jenkins
55- - linux/arm/v6
56- - linux/arm64
57- - linux/386
58- - linux/ppc64le
59- needs :
60- - inputs
30+ - name : Build SwaggerUI
31+ run : npm run build
6132
62- steps :
63- - uses : actions/checkout@v4
33+ - name : Determine released version
34+ uses : actions/github-script@v7
6435 with :
65- ref : ${{ needs.inputs.outputs.git_ref }}
36+ script : |
37+ const allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
38+ owner: context.repo.owner,
39+ repo: context.repo.repo,
40+ run_id: context.payload.workflow_run.id,
41+ });
42+ const matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
43+ return artifact.name == "released-version"
44+ })[0];
45+ const download = await github.rest.actions.downloadArtifact({
46+ owner: context.repo.owner,
47+ repo: context.repo.repo,
48+ artifact_id: matchArtifact.id,
49+ archive_format: 'zip',
50+ });
51+ const fs = require('fs');
52+ fs.writeFileSync('${{github.workspace}}/released-version.zip', Buffer.from(download.data));
53+ run : |
54+ unzip released-version.zip
55+ RELEASED_VERSION=$(cat released-version.txt)
56+ echo "RELEASED_VERSION=$RELEASED_VERSION" >> $GITHUB_ENV
6657
6758name : Set up QEMU
6859 uses : docker/setup-qemu-action@v3
@@ -76,68 +67,11 @@ jobs:
7667 username : ${{ secrets.DOCKERHUB_SB_USERNAME }}
7768 password : ${{ secrets.DOCKERHUB_SB_PASSWORD }}
7869
79- - name : Build and push by digest
80- id : build
70+ - name : Build docker image and push
8171 uses : docker/build-push-action@v6
8272 with :
8373 context : .
84- platforms : ${{ matrix.platform }}
74+ push : true
75+ platforms : linux/amd64,linux/arm/v6,linux/arm64,linux/386,linux/ppc64le
8576 provenance : false
86- outputs : type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
87-
88- - name : Export digest
89- run : |
90- mkdir -p /tmp/digests
91- digest="${{ steps.build.outputs.digest }}"
92- touch "/tmp/digests/${digest#sha256:}"
93-
94- name : Sanitize platform variable
95- id : sanitize_platform
96- run : |
97- SANITIZED_PLATFORM="${{ matrix.platform }}" # Assuming direct usage for simplicity
98- SANITIZED_PLATFORM="${SANITIZED_PLATFORM//[^a-zA-Z0-9_-]/}" # Remove special chars
99- echo "SANITIZED_PLATFORM=${SANITIZED_PLATFORM}" # Echo for debug
100- echo "::set-output name=sanitized_platform::${SANITIZED_PLATFORM}"
101-
102- name : Upload digest
103- uses : actions/upload-artifact@v4
104- with :
105- name : digest-${{ steps.sanitize_platform.outputs.sanitized_platform }}
106- path : /tmp/digests/*
107- if-no-files-found : error
108- retention-days : 1
109-
110- merge :
111- name : Merge platform specific Docker image into multi platform image
112- runs-on : ubuntu-latest
113- needs :
114- - inputs
115- - build
116-
117- steps :
118- - name : Download digests
119- uses : actions/download-artifact@v4
120- with :
121- pattern : digest-*
122- path : /tmp/digests
123- merge-multiple : true
124-
125- - name : Set up Docker Buildx
126- uses : docker/setup-buildx-action@v3
127-
128- - name : Login to Docker Hub
129- uses : docker/login-action@v3
130- with :
131- username : ${{ secrets.DOCKERHUB_SB_USERNAME }}
132- password : ${{ secrets.DOCKERHUB_SB_PASSWORD }}
133-
134- - name : Create manifest list and push
135- working-directory : /tmp/digests
136- run : |
137- docker buildx imagetools create -t ${{ env.REGISTRY_IMAGE }}:${{ needs.inputs.outputs.docker_tag }} \
138- ${{ env.REGISTRY_IMAGE }}:${{ needs.inputs.outputs.docker_tag }} \
139- $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
140-
141- name : Inspect image
142- run : |
143- docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ needs.inputs.outputs.docker_tag }}
77+ tags : swaggerapi/swagger-ui:latest,swaggerapi/swagger-ui:v${{ env.RELEASED_VERSION }}
0 commit comments