refactor: reusable docker

PierreJeanjacquot · PierreJeanjacquot · commit b44cd692090e · 2025-07-02T14:49:05.000+02:00
diff --git a/.github/workflows/pr-test.yml b/.github/workflows/pr-test.yml
@@ -60,11 +60,6 @@ jobs:
       dry-run: true
 
   docker-dry-run:
-    # TODO use tagged version
-    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-fixes
+    uses: ./.github/workflows/reusable-docker.yml
     with:
-      image-name: 'iexechub/iexec-sdk'
-      push: false
-      hadolint: true
-      security-scan: true
-      security-report: comment
+      dry-run: true
diff --git a/.github/workflows/reusable-docker.yml b/.github/workflows/reusable-docker.yml
@@ -0,0 +1,38 @@
+name: docker publish
+
+on:
+  workflow_call:
+    inputs:
+      dry-run:
+        description: 'Run in dry-run mode (the docker image will not be published)'
+        default: false
+        type: boolean
+      tag:
+        description: 'Tag of Docker Image'
+        default: 'latest'
+        type: string
+    secrets:
+      docker-username:
+        description: 'Docker registry username (required unless `dry-run: true`)'
+        required: false
+      docker-password:
+        description: 'Docker registry password or PAT (required unless `dry-run: true`)'
+        required: false
+
+jobs:
+  docker-publish:
+    # TODO use tagged version
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-fixes
+    with:
+      image-name: 'iexechub/iexec-sdk'
+      registry: 'docker.io'
+      dockerfile: 'Dockerfile'
+      context: '.'
+      security-scan: true
+      security-report: 'sarif'
+      hadolint: true
+      push: ${{ !inputs.dry-run }}
+      image-tag: ${{ inputs.tag }}
+    secrets:
+      username: ${{ secrets.docker-username }}
+      password: ${{ secrets.docker-password }}
