@@ -48,7 +48,7 @@ concurrency:
4848
4949env :
5050 WORKFLOW_BRANCH : " main"
51- PYTHON_BASE_IMAGE : " python:3.10.8 -slim-bullseye"
51+ PYTHON_BASE_IMAGE : " python:3.10.18 -slim-bullseye"
5252 DATAVISYN_PYTHON_BASE_IMAGE : " 188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/python:main"
5353 NODE_BASE_IMAGE : " node:20.9-bullseye"
5454 DATAVISYN_NGINX_BASE_IMAGE : " 188237246440.dkr.ecr.eu-central-1.amazonaws.com/datavisyn/base/nginx:main"
@@ -262,47 +262,18 @@ jobs:
262262 uses :
aquasecurity/[email protected] 263263 with :
264264 image-ref : ${{ vars.DV_AWS_ECR_REGISTRY }}/${{ matrix.component.ecr_repository }}:${{ matrix.component.image_tag }}
265+ # Disable scanning the current directory (defaults to .)
266+ scan-ref : ' /dev/null'
265267 format : ' table'
266268 exit-code : ' 1'
267269 ignore-unfixed : false
268270 vuln-type : ' os,library'
269271 severity : ${{ steps.set_severity.outputs.severity }}
270- cache : ' false'
271272 continue-on-error : false
272273
273274 - name : Push image
274- uses : docker/build-push-action@v6
275- with :
276- context : .
277- file : ${{ matrix.component.flavor_directory }}/${{ matrix.component.directory }}/Dockerfile
278- push : true
279- # Disable provenance as it creates weird multi-arch images: https://github.com/docker/build-push-action/issues/755
280- provenance : false
281- # Duplicated the build-args, secrets, tags and labels from the actual build above
282- # TODO: How can we avoid the build here and just push with this action?
283- build-args : |
284- DOCKERFILE_DIRECTORY=${{ matrix.component.flavor_directory }}/${{ matrix.component.directory }}
285- PYTHON_BASE_IMAGE=${{ env.PYTHON_BASE_IMAGE }}
286- DATAVISYN_PYTHON_BASE_IMAGE=${{ env.DATAVISYN_PYTHON_BASE_IMAGE }}
287- NODE_BASE_IMAGE=${{ env.NODE_BASE_IMAGE }}
288- DATAVISYN_NGINX_BASE_IMAGE=${{ env.DATAVISYN_NGINX_BASE_IMAGE }}
289- secrets :
290- # Mount the token as secret mount: https://docs.docker.com/build/ci/github-actions/secrets/#secret-mounts
291- " github_token=${{ secrets.CHECKOUT_TOKEN || github.event.repository.private == true && secrets.DATAVISYN_BOT_REPO_TOKEN || github.token }}"
292- # TODO: As soon as we only have a single tag, we can push the same image to multiple repositories: https://docs.docker.com/build/ci/github-actions/push-multi-registries/
293- # This will be useful for the images which don't change between flavors, e.g. the backend images
294- tags : |
295- ${{ vars.DV_AWS_ECR_REGISTRY }}/${{ matrix.component.ecr_repository }}:${{ matrix.component.image_tag }}
296- labels : |
297- name=${{ matrix.component.ecr_repository }}
298- version=${{ matrix.component.image_tag_branch_name }}
299- org.opencontainers.image.description=Image for ${{ matrix.component.ecr_repository }}
300- org.opencontainers.image.source=${{ github.event.repository.html_url }}
301- org.opencontainers.image.url=${{ github.event.repository.html_url }}
302- org.opencontainers.image.title=${{ matrix.component.ecr_repository }}
303- org.opencontainers.image.version=${{ matrix.component.image_tag_branch_name }}
304- org.opencontainers.image.created=${{ matrix.component.build_time }}
305- org.opencontainers.image.revision=${{ github.sha }}
275+ # Instead of the docker/build-push-action@v6 which will rebuild the image, just push it directly
276+ run : docker push ${{ vars.DV_AWS_ECR_REGISTRY }}/${{ matrix.component.ecr_repository }}:${{ matrix.component.image_tag }}
306277
307278 - name : Log out from Amazon ECR
308279 shell : bash
0 commit comments