From 5611dfcbbd75e29d6c685d5fa728944d2e8dcf9e Mon Sep 17 00:00:00 2001 From: tawoe Date: Thu, 29 Jan 2026 10:56:52 +0100 Subject: [PATCH 1/2] gh actions code clean --- .github/Dockerfile_PreBuild_OC | 11 ----------- .github/workflows/build_container.yml | 18 +----------------- 2 files changed, 1 insertion(+), 28 deletions(-) delete mode 100644 .github/Dockerfile_PreBuild_OC diff --git a/.github/Dockerfile_PreBuild_OC b/.github/Dockerfile_PreBuild_OC deleted file mode 100644 index c8cf7ad5cc..0000000000 --- a/.github/Dockerfile_PreBuild_OC +++ /dev/null @@ -1,11 +0,0 @@ -FROM jetty:9.4-jdk11-alpine -# Copy build artifact (.war file) into jetty from 'maven' stage. -COPY /obp-api/target/obp-api-1.*.war /var/lib/jetty/webapps/ROOT.war -USER root -RUN mkdir -p /WEB-INF/classes -COPY .github/logback.xml /WEB-INF/classes/ -RUN cd / && jar uvf /var/lib/jetty/webapps/ROOT.war WEB-INF/classes/logback.xml -RUN chgrp -R 0 /tmp/jetty && chmod -R g+rwX /tmp/jetty -RUN chgrp -R 0 /var/lib/jetty && chmod -R g+rwX /var/lib/jetty -RUN chgrp -R 0 /usr/local/jetty && chmod -R g+rwX /usr/local/jetty -USER jetty diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index f7fe971f7b..68cbfbb013 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -2,16 +2,9 @@ name: Build and publish container develop # read-write repo token # access to secrets -on: - workflow_dispatch: - push: - branches: - - "*" - - "**" -# - develop +on: [push] env: - ## Sets environment variable DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }} DOCKER_HUB_REPOSITORY: obp-api @@ -19,12 +12,9 @@ jobs: build: runs-on: ubuntu-latest services: - # Label used to access the service container redis: - # Docker Hub image image: redis ports: - # Opens tcp port 6379 on the host and service container - 6379:6379 # Set health checks to wait until redis has started options: >- @@ -132,10 +122,8 @@ jobs: echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io if [ "${{ github.ref }}" == "refs/heads/develop" ]; then docker build . --file .github/Dockerfile_PreBuild --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${GITHUB_REF##*/} - # docker build . --file .github/Dockerfile_PreBuild_OC --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA-OC --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest-OC --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${GITHUB_REF##*/}-OC else docker build . --file .github/Dockerfile_PreBuild --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${GITHUB_REF##*/} - # docker build . --file .github/Dockerfile_PreBuild_OC --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA-OC --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${GITHUB_REF##*/}-OC fi docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags echo docker done @@ -153,13 +141,9 @@ jobs: docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${GITHUB_REF##*/} cosign sign -y --key cosign.key \ docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA - # cosign sign -y --key cosign.key \ - # docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${GITHUB_REF##*/}-OC if [ "${{ github.ref }}" == "refs/heads/develop" ]; then cosign sign -y --key cosign.key \ docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest - # cosign sign -y --key cosign.key \ - # docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest-OC fi env: COSIGN_PASSWORD: "${{secrets.COSIGN_PASSWORD}}" From 7d00c791fffae16e2a360261dca32359f3478a40 Mon Sep 17 00:00:00 2001 From: tawoe Date: Thu, 29 Jan 2026 11:40:32 +0100 Subject: [PATCH 2/2] enable container creation via repo variable --- .github/workflows/build_container.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 68cbfbb013..8a027bbb95 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -117,7 +117,7 @@ jobs: path: push/ - name: Build the Docker image - if: github.repository == 'OpenBankProject/OBP-API' + if: vars.ENABLE_CONTAINER_BUILDING == 'true' run: | echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io if [ "${{ github.ref }}" == "refs/heads/develop" ]; then @@ -131,11 +131,11 @@ jobs: - uses: sigstore/cosign-installer@4d14d7f17e7112af04ea6108fbb4bfc714c00390 - name: Write signing key to disk (only needed for `cosign sign --key`) - if: github.repository == 'OpenBankProject/OBP-API' + if: vars.ENABLE_CONTAINER_BUILDING == 'true' run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - name: Sign container image - if: github.repository == 'OpenBankProject/OBP-API' + if: vars.ENABLE_CONTAINER_BUILDING == 'true' run: | cosign sign -y --key cosign.key \ docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${GITHUB_REF##*/}