Add back code

Author: puehringer

.github/workflows/build-docker-artifacts.yml

@@ -97,8 +97,7 @@ jobs:
 
             const buildTime = new Date().toISOString().replace(/:/g, '').replace(/\..+/, 'Z');
             const imageTagBranchName = "${{ github.ref }}".replace('refs/heads/', '').replace('refs/tags/', '').replace(/[^a-zA-Z0-9._-]/g, '-');
-            // const imageTag = `tagged-${imageTagBranchName}-${buildTime}`;
-            const imageTag = "v32.1.1"; // TODO: Revert to dynamic tag
+            const imageTag = `tagged-${imageTagBranchName}-${buildTime}`;
 
             const builds = process.env.BUILDS ? process.env.BUILDS.split(',') : Object.keys(config.build);
             const push_to = process.env.PUSH_TO ? process.env.PUSH_TO.split(',') : Object.keys(config.push || {});
@@ -197,98 +196,98 @@ jobs:
           fi
 
       # Required for build secrets to work: https://docs.docker.com/build/ci/github-actions/secrets/#secret-mounts
-      # - name: Set up QEMU
-      #   uses: docker/setup-qemu-action@v3
-      # - name: Set up Docker Buildx
-      #   uses: docker/setup-buildx-action@v3
-
-      # - name: Configure AWS Credentials
-      #   uses: aws-actions/[email protected]
-      #   with:
-      #     role-to-assume: ${{ vars.DV_AWS_ECR_ROLE }}
-      #     aws-region: ${{ vars.DV_AWS_REGION }}
-
-      # - name: Login to Amazon ECR
-      #   id: login-ecr
-      #   uses: aws-actions/[email protected]
-
-      # - uses: ./tmp/github-workflows/.github/actions/get-branch
-      #   id: get-branch
-      #   with:
-      #     branch: ${{ inputs.branch }}
-
-      # - name: Build image
-      #   uses: docker/build-push-action@v6
-      #   with:
-      #     context: .
-      #     file: ${{ matrix.component.flavor_directory }}/${{ matrix.component.directory }}/Dockerfile
-      #     push: false
-      #     load: true
-      #     # Disable provenance as it creates weird multi-arch images: https://github.com/docker/build-push-action/issues/755
-      #     provenance: false
-      #     # Disable the cache to avoid outdated (base) images
-      #     no-cache: true
-      #     build-args: |
-      #       GIT_BRANCH=${{ steps.get-branch.outputs.branch }}
-      #       GIT_COMMIT_HASH=${{ steps.get-branch.outputs.commit_hash }}
-      #       DOCKERFILE_DIRECTORY=${{ matrix.component.flavor_directory }}/${{ matrix.component.directory }}
-      #       DATAVISYN_PYTHON_BASE_IMAGE=${{ env.DATAVISYN_PYTHON_BASE_IMAGE }}
-      #       DATAVISYN_NGINX_BASE_IMAGE=${{ env.DATAVISYN_NGINX_BASE_IMAGE }}
-      #       UV_HTTP_TIMEOUT=300
-      #       ${{ matrix.component.formatted_build_args }}
-      #     secrets:
-      #       # Mount the token as secret mount: https://docs.docker.com/build/ci/github-actions/secrets/#secret-mounts
-      #       "github_token=${{ secrets.CHECKOUT_TOKEN || github.event.repository.private == true && secrets.DATAVISYN_BOT_REPO_TOKEN || github.token }}"
-      #     # TODO: As soon as we only have a single tag, we can push the same image to multiple repositories: https://docs.docker.com/build/ci/github-actions/push-multi-registries/
-      #     # This will be useful for the images which don't change between flavors, e.g. the backend images
-      #     tags: |
-      #       ${{ matrix.component.image_ref }}
-      #     labels: |
-      #       name=${{ matrix.component.ecr_repository }}
-      #       version=${{ matrix.component.image_tag_branch_name }}
-      #       org.opencontainers.image.description=Image for ${{ matrix.component.ecr_repository }}
-      #       org.opencontainers.image.source=${{ github.event.repository.html_url }}
-      #       org.opencontainers.image.url=${{ github.event.repository.html_url }}
-      #       org.opencontainers.image.title=${{ matrix.component.ecr_repository }}
-      #       org.opencontainers.image.version=${{ matrix.component.image_tag_branch_name }}
-      #       org.opencontainers.image.created=${{ matrix.component.build_time }}
-      #       org.opencontainers.image.revision=${{ github.sha }}
-      #   env:
-      #     # Disable the build summary for now as it leads to "Failed to export build record: .../export/rec.dockerbuild not found"
-      #     # https://github.com/docker/build-push-action/issues/1156#issuecomment-2437227730
-      #     DOCKER_BUILD_SUMMARY: false
-
-      # - name: Determine trivy scan severity levels
-      #   id: set_severity
-      #   run: |
-      #     if [[ "${{ github.event.inputs.scan_high_severity }}" == "false" ]] || \
-      #        [[ "${{ vars.SCAN_HIGH_SEVERITY }}" == "false" ]] || \
-      #        [[ "${{ matrix.component.scan_high_severity }}" == "false" ]]; then
-      #       echo "severity=CRITICAL" >> "$GITHUB_OUTPUT"
-      #     else
-      #       echo "severity=HIGH,CRITICAL" >> "$GITHUB_OUTPUT"
-      #     fi
-      # - name: Run Trivy vulnerability scanner
-      #   uses: aquasecurity/[email protected]
-      #   with:
-      #     image-ref: ${{ matrix.component.image_ref }}
-      #     # Disable scanning the current directory (defaults to .)
-      #     scan-ref: '/dev/null'
-      #     format: 'table'
-      #     exit-code: '1'
-      #     ignore-unfixed: false
-      #     vuln-type: 'os,library'
-      #     severity: ${{ steps.set_severity.outputs.severity }}
-      #   continue-on-error: false
-
-      # - name: Push image
-      #   if: ${{ inputs.skip_push != true }}
-      #   # Instead of the docker/build-push-action@v6 which will rebuild the image, just push it directly
-      #   run: docker push ${{ matrix.component.image_ref }}
-
-      # - name: Log out from Amazon ECR
-      #   shell: bash
-      #   run: docker logout ${{ steps.login-ecr.outputs.registry }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/[email protected]
+        with:
+          role-to-assume: ${{ vars.DV_AWS_ECR_ROLE }}
+          aws-region: ${{ vars.DV_AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/[email protected]
+
+      - uses: ./tmp/github-workflows/.github/actions/get-branch
+        id: get-branch
+        with:
+          branch: ${{ inputs.branch }}
+
+      - name: Build image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ matrix.component.flavor_directory }}/${{ matrix.component.directory }}/Dockerfile
+          push: false
+          load: true
+          # Disable provenance as it creates weird multi-arch images: https://github.com/docker/build-push-action/issues/755
+          provenance: false
+          # Disable the cache to avoid outdated (base) images
+          no-cache: true
+          build-args: |
+            GIT_BRANCH=${{ steps.get-branch.outputs.branch }}
+            GIT_COMMIT_HASH=${{ steps.get-branch.outputs.commit_hash }}
+            DOCKERFILE_DIRECTORY=${{ matrix.component.flavor_directory }}/${{ matrix.component.directory }}
+            DATAVISYN_PYTHON_BASE_IMAGE=${{ env.DATAVISYN_PYTHON_BASE_IMAGE }}
+            DATAVISYN_NGINX_BASE_IMAGE=${{ env.DATAVISYN_NGINX_BASE_IMAGE }}
+            UV_HTTP_TIMEOUT=300
+            ${{ matrix.component.formatted_build_args }}
+          secrets:
+            # Mount the token as secret mount: https://docs.docker.com/build/ci/github-actions/secrets/#secret-mounts
+            "github_token=${{ secrets.CHECKOUT_TOKEN || github.event.repository.private == true && secrets.DATAVISYN_BOT_REPO_TOKEN || github.token }}"
+          # TODO: As soon as we only have a single tag, we can push the same image to multiple repositories: https://docs.docker.com/build/ci/github-actions/push-multi-registries/
+          # This will be useful for the images which don't change between flavors, e.g. the backend images
+          tags: |
+            ${{ matrix.component.image_ref }}
+          labels: |
+            name=${{ matrix.component.ecr_repository }}
+            version=${{ matrix.component.image_tag_branch_name }}
+            org.opencontainers.image.description=Image for ${{ matrix.component.ecr_repository }}
+            org.opencontainers.image.source=${{ github.event.repository.html_url }}
+            org.opencontainers.image.url=${{ github.event.repository.html_url }}
+            org.opencontainers.image.title=${{ matrix.component.ecr_repository }}
+            org.opencontainers.image.version=${{ matrix.component.image_tag_branch_name }}
+            org.opencontainers.image.created=${{ matrix.component.build_time }}
+            org.opencontainers.image.revision=${{ github.sha }}
+        env:
+          # Disable the build summary for now as it leads to "Failed to export build record: .../export/rec.dockerbuild not found"
+          # https://github.com/docker/build-push-action/issues/1156#issuecomment-2437227730
+          DOCKER_BUILD_SUMMARY: false
+
+      - name: Determine trivy scan severity levels
+        id: set_severity
+        run: |
+          if [[ "${{ github.event.inputs.scan_high_severity }}" == "false" ]] || \
+             [[ "${{ vars.SCAN_HIGH_SEVERITY }}" == "false" ]] || \
+             [[ "${{ matrix.component.scan_high_severity }}" == "false" ]]; then
+            echo "severity=CRITICAL" >> "$GITHUB_OUTPUT"
+          else
+            echo "severity=HIGH,CRITICAL" >> "$GITHUB_OUTPUT"
+          fi
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: ${{ matrix.component.image_ref }}
+          # Disable scanning the current directory (defaults to .)
+          scan-ref: '/dev/null'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: false
+          vuln-type: 'os,library'
+          severity: ${{ steps.set_severity.outputs.severity }}
+        continue-on-error: false
+
+      - name: Push image
+        if: ${{ inputs.skip_push != true }}
+        # Instead of the docker/build-push-action@v6 which will rebuild the image, just push it directly
+        run: docker push ${{ matrix.component.image_ref }}
+
+      - name: Log out from Amazon ECR
+        shell: bash
+        run: docker logout ${{ steps.login-ecr.outputs.registry }}
 
   test-images:
     name: Test images of flavor ${{ matrix.flavor.id || 'default' }}
@@ -345,11 +344,11 @@ jobs:
             # TODO: For some reason this doesn't work yet, i.e. if a docker-compose script mounts a volume here, nothing shows up...
             mkdir -p "$test_images_report"
             chmod 777 "$test_images_report"
+            echo "test_images_report=${test_images_report}" >> $GITHUB_OUTPUT
 
             echo "Run $test_images_hook"
             chmod +x "$test_images_hook"
-            "$test_images_hook"
-
+            bash "$test_images_hook"
           else
             echo "No $test_images_hook found, skipping tests."
           fi