-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch UKWA Docker image builds to standard workflow #77
Comments
Note fragment is just
But the image name can be overridden if needed (see warc-server example) |
Switched to Trivy security scanner as this seems more widely used and a bit easier to work with. |
Note that this query can be use to check on which systems are using this shared workflow: https://github.com/search?q=org%3Aukwa+push-to-docker-hub&type=code |
The following repos make up the w3act stack.
Of these, the following are third party services (which we contribute to), and have not been amended (this may change subject to guidance).
The following are already using the workflow:
Repos with workflows updated by this work to the new standard are:
Note:
|
I've started merging the PRs as its quite a bind to test in temporary branches. |
All w3act repos now on the shared workflow within UKWA org main branches on github. Possibly a bit more testing to follow. |
…ndard build contexts
access stack repos in scope for workflow and if necessary changed in the above work (others in the stack had either already been done or were omitted after investigation: crawl-streams |
Miscellaneous repos that also needed converting to the new workflow and were done in the above work or omitted after investigation: acid-crawl |
Testing note: Although there was significant testing early on, the later changes to ukwa-services to allow context passing have not been significantly regression tested. This can be done if necessary when we have decided on the priority services within the context of our renewed platform and processes. |
We need to make sure all important Docker images are scanned for security issues as part of the GitHub Actions process, before the images are pushed to Docker Hub.
To do this, we can reuse GitHub Actions workflows across repositories, to ensure we build, scan and upload Docker Images consistently.
This is an example of a container that uses the shared workflow: https://github.com/ukwa/ukwa-warc-server/blob/master/.github/workflows/push-to-docker-hub.yml
The task here is to go through the stacks in this repository and update every referenced container build to re-use this shared workflow. Every change should be proposed as a PR on each repository, and linked here for @anjackson to review.
The text was updated successfully, but these errors were encountered: