diff --git a/.github/workflows/ci-checks.yml b/.github/workflows/ci-checks.yml index a1b3dcb4..15f63edd 100644 --- a/.github/workflows/ci-checks.yml +++ b/.github/workflows/ci-checks.yml @@ -57,6 +57,7 @@ jobs: fail-fast: false matrix: image: [ 'server', 'ui' ] + environment: ['qa', 'prod'] steps: - name: Checkout code uses: actions/checkout@v2 @@ -72,26 +73,26 @@ jobs: id: login-ecr uses: aws-actions/amazon-ecr-login@v1 - - name: Build QA ${{ matrix.image }} Docker image + - name: Building ${{ matrix.environment }} ${{ matrix.image }} Docker image env: ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} ECR_REPOSITORY: "memefactory" run: | echo "Building on ${GITHUB_REF} branch" - DOCKER_BUILDKIT=1 docker build --build-arg BUILD_ENV=qa -t ${{ matrix.image }}:${{ github.sha }} -f docker-builds/${{ matrix.image }}/Dockerfile . + DOCKER_BUILDKIT=1 docker build --build-arg BUILD_ENV=${{ matrix.environment }} -t ${{ matrix.image }}:${{ github.sha }}-${{ matrix.environment }} -t ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:latest-${{ matrix.environment }} -t ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:${{ github.sha }}-${{ matrix.environment }} -f docker-builds/${{ matrix.image }}/Dockerfile . echo "Successfully built docker image" - - name: Run Trivy vulnerability scanner + - name: Run Trivy vulnerability scanner for ${{ matrix.environment }} ${{ matrix.image }} Docker image uses: aquasecurity/trivy-action@master with: - image-ref: '${{ matrix.image }}:${{ github.sha }}' + image-ref: '${{ matrix.image }}:${{ github.sha }}-${{ matrix.environment }}' format: 'table' exit-code: '0' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL' - - name: Push QA docker images + - name: Push docker images env: ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} ECR_REPOSITORY: "memefactory" @@ -99,8 +100,9 @@ jobs: echo "Pushing docker images" if [[ ${GITHUB_REF} == "refs/heads/master" ]]; then echo "On the default branch will push to the registry with latest and ${{ github.sha }} tags" - docker tag ${{ matrix.image }}:${{ github.sha }} ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:${{ github.sha }} - docker tag ${{ matrix.image }}:${{ github.sha }} ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:latest - docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:${{ github.sha }} - docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:latest + docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:${{ github.sha }}-prod + docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:latest-prod + else + docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:${{ github.sha }}-qa + docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:latest-qa fi diff --git a/docker-builds/server/Dockerfile b/docker-builds/server/Dockerfile index 037ec941..e8110854 100644 --- a/docker-builds/server/Dockerfile +++ b/docker-builds/server/Dockerfile @@ -1,5 +1,5 @@ FROM node:11.14.0-stretch AS build_stage -ARG BUILD_ENV=qa +ARG BUILD_ENV=prod ENV BUILD_ENV=${BUILD_ENV} ENV MEMEFACTORY_ENV=${BUILD_ENV} ENV SMART_CONTRACTS=./src/memefactory/shared/smart_contracts_${BUILD_ENV}.cljs diff --git a/docker-builds/ui/Dockerfile b/docker-builds/ui/Dockerfile index 6feec1ea..e3d5be28 100644 --- a/docker-builds/ui/Dockerfile +++ b/docker-builds/ui/Dockerfile @@ -1,13 +1,12 @@ - FROM node:11.14.0-stretch AS build_stage # FROM node:latest AS build_stage -ARG build_environment="qa" +ARG BUILD_ENV= COPY . /build/ WORKDIR /build -ENV BUILD_ENV=$build_environment -ENV MEMEFACTORY_ENV=$build_environment +ENV BUILD_ENV=${BUILD_ENV} +ENV MEMEFACTORY_ENV=${BUILD_ENV} ENV SMART_CONTRACTS="./src/memefactory/shared/smart_contracts_${BUILD_ENV}.cljs" ENV SMART_CONTRACTS_BUILD_PATH=./resources/public/contracts/build/