Skip to content
Docker Build and Push - UISampleSpark

deps(deps-dev): bump fs-extra from 11.3.3 to 11.3.4 in /UISampleSpark.UI #349

Sign in to view logs

deps(deps-dev): bump fs-extra from 11.3.3 to 11.3.4 in /UISampleSpark.UI

deps(deps-dev): bump fs-extra from 11.3.3 to 11.3.4 in /UISampleSpark.UI #349

Workflow file for this run

.github/workflows/docker-image.yml at 186466e
name: Docker Build and Push - UISampleSpark
on:
push:
branches: [main]
paths-ignore:
- README.md
- .vscode/**
- .gitignore
pull_request:
branches: [main]
paths-ignore:
- README.md
- .vscode/**
- .gitignore
schedule:
# Rebuild weekly on Mondays at 2 AM UTC for security updates
- cron: '0 2 * * 1'
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Debug - List workspace structure
run: |
echo "=== Workspace Root ==="
ls -la
echo ""
echo "=== Project Directories ==="
ls -la */
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Lint Dockerfile
run: docker run --rm -i hadolint/hadolint hadolint --ignore DL3008 --ignore DL3018 --ignore DL3015 - < ./UISampleSpark.UI/Dockerfile
- name: Cache Docker layers
id: docker-cache
uses: actions/cache@v5
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}-${{ hashFiles('**/Dockerfile', '**/UISampleSpark.UI/**/*') }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Show Docker info
run: docker info
- name: Show Buildx version
run: docker buildx version
- name: Extract metadata for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ secrets.DOCKERHUB_USERNAME }}/uisamplespark
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=sha,prefix={{branch}}-
type=ref,event=pr
type=semver,pattern={{version}}
- name: Build and push
id: docker_image
uses: docker/build-push-action@v6
with:
context: .
file: ./UISampleSpark.UI/Dockerfile
push: ${{ github.event_name != 'pull_request' }}
pull: true
tags: |
${{ secrets.DOCKERHUB_USERNAME }}/uisamplespark:latest
${{ secrets.DOCKERHUB_USERNAME }}/uisamplespark:${{ github.run_number }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
provenance: false
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Test Docker image locally
if: github.event_name != 'pull_request'
run: |
# Start container (without --rm so we can get logs after crash)
CONTAINER_ID=$(docker run -d --name test-container \
-p 8080:8080 \
${{ secrets.DOCKERHUB_USERNAME }}/uisamplespark:latest)
echo "Container ID: $CONTAINER_ID"
# Wait for container to start
sleep 10
# Check if container is still running
if docker ps | grep test-container; then
echo "✓ Container is running"
docker logs test-container
# Try health check
if curl -f http://localhost:8080; then
echo "✓ Health check passed"
docker stop test-container
docker rm test-container
else
echo "✗ Health check failed but container is running"
echo "Container logs:"
docker logs test-container
docker stop test-container
docker rm test-container
exit 1
fi
else
echo "✗ Container exited immediately"
echo "Detailed container logs:"
docker logs test-container 2>&1 || echo "Could not retrieve logs"
echo "Container inspect:"
docker inspect test-container || echo "Could not inspect"
docker rm test-container || true
exit 1
fi
- name: Run Trivy vulnerability scanner
id: trivy-scan
if: github.event_name != 'pull_request'
uses: aquasecurity/trivy-action@master
continue-on-error: true
with:
image-ref: ${{ secrets.DOCKERHUB_USERNAME }}/uisamplespark:latest
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH,MEDIUM'
vuln-type: 'os,library'
scanners: 'vuln,secret,config'
timeout: '15m'
- name: Upload Trivy results to GitHub Security
uses: github/codeql-action/upload-sarif@v4
if: always() && steps.trivy-scan.outcome == 'success'
with:
sarif_file: 'trivy-results.sarif'
- name: Generate Trivy report
if: github.event_name != 'pull_request'
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ secrets.DOCKERHUB_USERNAME }}/uisamplespark:latest
format: 'table'
output: 'trivy-report.txt'
severity: 'CRITICAL,HIGH,MEDIUM,LOW'
continue-on-error: true
- name: Display Trivy summary
if: always()
run: |
if [ -f trivy-report.txt ]; then
echo "## 🔒 Security Scan Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
head -100 trivy-report.txt >> $GITHUB_STEP_SUMMARY || true
echo '```' >> $GITHUB_STEP_SUMMARY
fi
- name: Cleanup
if: always()
run: |
docker builder prune -f
docker system prune -f
- name: Output image information
if: github.event_name != 'pull_request'
run: |
echo "### Docker Image Information" >> $GITHUB_STEP_SUMMARY
echo "- **Image**: ${{ secrets.DOCKERHUB_USERNAME }}/uisamplespark:latest" >> $GITHUB_STEP_SUMMARY
echo "- **Tag**: ${{ github.run_number }}" >> $GITHUB_STEP_SUMMARY
echo "- **Digest**: ${{ steps.docker_image.outputs.digest }}" >> $GITHUB_STEP_SUMMARY