diff --git a/.github/workflows/apps-event-worker.yaml b/.github/workflows/apps-event-worker.yaml index 9d6df9b2..be32ce41 100644 --- a/.github/workflows/apps-event-worker.yaml +++ b/.github/workflows/apps-event-worker.yaml @@ -23,9 +23,15 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: contents: read id-token: write + + strategy: + matrix: + platform: [linux/amd64, linux/arm64] + steps: - uses: actions/checkout@v4 @@ -35,8 +41,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -55,12 +70,14 @@ jobs: with: push: false file: apps/event-worker/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: apps/event-worker/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/apps-job-policy-checker.yaml b/.github/workflows/apps-job-policy-checker.yaml index 8895c8c8..79841af9 100644 --- a/.github/workflows/apps-job-policy-checker.yaml +++ b/.github/workflows/apps-job-policy-checker.yaml @@ -21,9 +21,15 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: contents: read id-token: write + + strategy: + matrix: + platform: [linux/amd64, linux/arm64] + steps: - uses: actions/checkout@v4 @@ -33,8 +39,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -53,12 +68,14 @@ jobs: with: push: false file: apps/job-policy-checker/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: apps/job-policy-checker/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/apps-webservice.yaml b/.github/workflows/apps-webservice.yaml index a86cab19..6f30ee36 100644 --- a/.github/workflows/apps-webservice.yaml +++ b/.github/workflows/apps-webservice.yaml @@ -19,9 +19,15 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: contents: read id-token: write + + strategy: + matrix: + platform: [linux/amd64, linux/arm64] + steps: - uses: actions/checkout@v4 @@ -31,8 +37,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -51,12 +66,14 @@ jobs: with: push: false file: apps/webservice/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: apps/webservice/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/integrations-google-compute-scanner.yaml b/.github/workflows/integrations-google-compute-scanner.yaml index 0206a1a4..07f88c2a 100644 --- a/.github/workflows/integrations-google-compute-scanner.yaml +++ b/.github/workflows/integrations-google-compute-scanner.yaml @@ -19,9 +19,15 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: contents: read id-token: write + + strategy: + matrix: + platform: [linux/amd64, linux/arm64] + steps: - uses: actions/checkout@v4 @@ -31,8 +37,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -51,12 +66,14 @@ jobs: with: push: false file: integrations/google-compute-scanner/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true - file: integrations/google-compute-scanner/Dockerfile + file: integrations/google-compute-scanner/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/integrations-kubernetes-job-agent.yaml b/.github/workflows/integrations-kubernetes-job-agent.yaml index e173e890..d7dd33e3 100644 --- a/.github/workflows/integrations-kubernetes-job-agent.yaml +++ b/.github/workflows/integrations-kubernetes-job-agent.yaml @@ -19,9 +19,15 @@ on: jobs: build: runs-on: ubuntu-latest + permissions: contents: read id-token: write + + strategy: + matrix: + platform: [linux/amd64, linux/arm64] + steps: - uses: actions/checkout@v4 @@ -31,8 +37,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -51,12 +66,14 @@ jobs: with: push: false file: integrations/kubernetes-job-agent/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: integrations/kubernetes-job-agent/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/integrations-terraform-cloud-scanner.yaml b/.github/workflows/integrations-terraform-cloud-scanner.yaml index 42a32937..96b76b1d 100644 --- a/.github/workflows/integrations-terraform-cloud-scanner.yaml +++ b/.github/workflows/integrations-terraform-cloud-scanner.yaml @@ -31,8 +31,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -51,12 +60,14 @@ jobs: with: push: false file: integrations/terraform-cloud-scanner/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: integrations/terraform-cloud-scanner/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/packages-migrations.yaml b/.github/workflows/packages-migrations.yaml index 21480b70..21b6ab8c 100644 --- a/.github/workflows/packages-migrations.yaml +++ b/.github/workflows/packages-migrations.yaml @@ -27,8 +27,17 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Check if Docker Hub secrets are available + run: | + if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then + echo "DOCKERHUB_LOGIN=false" >> $GITHUB_ENV + else + echo "DOCKERHUB_LOGIN=true" >> $GITHUB_ENV + fi + - name: Login to Docker Hub uses: docker/login-action@v3 + if: env.DOCKERHUB_LOGIN == 'true' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -47,12 +56,14 @@ jobs: with: push: false file: packages/db/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }} - name: Build and Push uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' && env.DOCKERHUB_LOGIN == 'true' with: push: true file: packages/db/Dockerfile + platforms: ${{ matrix.platform }} tags: ${{ steps.meta.outputs.tags }}