@@ -39,16 +39,20 @@ jobs:
3939 runs-on : ubuntu-latest
4040 strategy :
4141 matrix :
42- app :
42+ sbtProject :
4343 - main
4444 - lzo
4545 - distroless
4646 include :
47- - suffix : " "
48- - app : lzo
49- run_snyk : ${{ !contains(github.ref, 'rc') }}
50- - app : distroless
51- run_snyk : ${{ !contains(github.ref, 'rc') }}
47+ - sbtProject : main
48+ runSnyk : false
49+ dockerTagSuffix : " "
50+ - sbtProject : lzo
51+ runSnyk : true
52+ dockerTagSuffix : " -lzo"
53+ - sbtProject : distroless
54+ runSnyk : true
55+ dockerTagSuffix : " -distroless"
5256
5357 steps :
5458 - uses : actions/checkout@v2
@@ -58,28 +62,44 @@ jobs:
5862 with :
5963 java-version : 11
6064 distribution : adopt
61-
62- - name : Install LZO
63- run : sudo apt-get install -y lzop liblzo2-dev
64-
6565 - name : Login to Docker Hub
6666 run : docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
6767 env :
6868 DOCKER_USERNAME : ${{ secrets.DOCKER_USERNAME }}
6969 DOCKER_PASSWORD : ${{ secrets.DOCKER_PASSWORD }}
70-
71- - name : Publish to Docker Hub
72- run : sbt "project ${{ matrix.app }}" docker:publish
73-
70+ - name : Stage the Docker build
71+ run : sbt "project ${{ matrix.sbtProject}}" docker:stage
72+ - name : Docker metadata
73+ id : meta
74+ uses : docker/metadata-action@v3
75+ with :
76+ images : snowplow/snowplow-s3-loader
77+ tags : |
78+ type=raw,value=latest${{ matrix.dockerTagSuffix }},enable=${{ !contains(github.ref_name, 'rc') }}
79+ type=raw,value=${{ github.ref_name }}${{ matrix.dockerTagSuffix }}
80+ flavor : |
81+ latest=false
82+ - name : Set up QEMU
83+ uses : docker/setup-qemu-action@v1
84+ - name : Set up Docker Buildx
85+ uses : docker/setup-buildx-action@v1
86+ - name : Push image
87+ uses : docker/build-push-action@v2
88+ with :
89+ context : modules/${{ matrix.sbtProject }}/target/docker/stage
90+ file : modules/${{ matrix.sbtProject }}/target/docker/stage/Dockerfile
91+ platforms : linux/amd64,linux/arm64/v8
92+ tags : ${{ steps.meta.outputs.tags }}
93+ push : true
7494 - name : Build local image, which is needed to run Snyk
75- if : matrix.run_snyk
76- run : sbt "project ${{ matrix.app }}" docker:publishLocal
95+ if : ${{ !contains(github.ref_name, 'rc') && fromJSON( matrix.runSnyk) }}
96+ run : sbt "project ${{ matrix.sbtProject }}" docker:publishLocal
7797 - name : Run Snyk to check for vulnerabilities
7898 uses : snyk/actions/docker@master
79- if : matrix.run_snyk
99+ if : ${{ !contains(github.ref_name, 'rc') && fromJSON( matrix.runSnyk) }}
80100 with :
81- image : " snowplow/snowplow-s3-loader:${{ github.ref_name }}- ${{ matrix.app }}"
82- args : " --app-vulns --org=data-processing-new "
101+ image : " snowplow/snowplow-s3-loader:${{ github.ref_name }}${{ matrix.dockerTagSuffix }}"
102+ args : " --app-vulns --org=99605b41-ca0f-42c9-a9ff-45c201a10a26 "
83103 command : monitor
84104 env :
85105 SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
0 commit comments