From 94b0638e2cb69c5952eb57af9e9da5b62f181eab Mon Sep 17 00:00:00 2001 From: tawoe Date: Wed, 25 Feb 2026 15:04:25 +0100 Subject: [PATCH 1/4] use commit_id as container tag --- .github/workflows/build_container_main_branch_themed.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_container_main_branch_themed.yml b/.github/workflows/build_container_main_branch_themed.yml index 6d8be60..e670691 100644 --- a/.github/workflows/build_container_main_branch_themed.yml +++ b/.github/workflows/build_container_main_branch_themed.yml @@ -18,7 +18,7 @@ jobs: - name: Build the Docker image run: | echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io - docker build . --file .github/Dockerfile_themed --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:main-themed --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:main --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest + docker build . --file .github/Dockerfile_themed --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${GITHUB_REF##*/} --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:main-themed --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:main --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags echo docker done From 817db87a95dd29212cd9b769221f853221e310f1 Mon Sep 17 00:00:00 2001 From: tawoe Date: Mon, 2 Mar 2026 12:15:49 +0100 Subject: [PATCH 2/4] pipeline: multibranch deployment, decouple container build and optional push --- .github/{Dockerfile_themed => Dockerfile} | 0 .github/workflows/build_container.yml | 53 +++++++++++++++++++ .../build_container_main_branch_themed.yml | 38 ------------- 3 files changed, 53 insertions(+), 38 deletions(-) rename .github/{Dockerfile_themed => Dockerfile} (100%) create mode 100644 .github/workflows/build_container.yml delete mode 100644 .github/workflows/build_container_main_branch_themed.yml diff --git a/.github/Dockerfile_themed b/.github/Dockerfile similarity index 100% rename from .github/Dockerfile_themed rename to .github/Dockerfile diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml new file mode 100644 index 0000000..9a23d6d --- /dev/null +++ b/.github/workflows/build_container.yml @@ -0,0 +1,53 @@ +name: Build and publish container main - themed + +on: [push] + +env: + DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }} + DOCKER_HUB_REPOSITORY: obp-keycloak + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Extract branch name + shell: bash + run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >>$GITHUB_OUTPUT + id: extract_branch + + - uses: actions/checkout@v4 + - name: Build container image + run: | + if [ "${{ github.ref }}" == "refs/heads/main" ]; then + echo Building container image for main branch + docker build . --file .github/Dockerfile --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${GITHUB_REF##*/} --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:main --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest + echo Building container image for main branch done + else + echo Building container image for branch ${{ github.ref }} + docker build . --file .github/Dockerfile --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${GITHUB_REF##*/} --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} + echo Building container image for branch ${{ github.ref }} done + fi + - name: Push container image + if: github.secrets.DOCKER_HUB_USERNAME != '' + run: | + echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io + docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags + echo pushing container image done + - uses: sigstore/cosign-installer@main + + - name: Write signing key to disk (only needed for `cosign sign --key`) + if: github.secrets.DOCKER_HUB_USERNAME != '' + run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key + + - name: Sign container image + if: github.secrets.DOCKER_HUB_USERNAME != '' + run: | + cosign sign -y --key cosign.key \ + docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:main + cosign sign -y --key cosign.key \ + docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${GITHUB_REF##*/} + env: + COSIGN_PASSWORD: "${{secrets.COSIGN_PASSWORD}}" + + + diff --git a/.github/workflows/build_container_main_branch_themed.yml b/.github/workflows/build_container_main_branch_themed.yml deleted file mode 100644 index e670691..0000000 --- a/.github/workflows/build_container_main_branch_themed.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Build and publish container main - themed - -on: - workflow_dispatch: - push: - branches: - - main - -env: - DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }} - DOCKER_HUB_REPOSITORY: obp-keycloak - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Build the Docker image - run: | - echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io - docker build . --file .github/Dockerfile_themed --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${GITHUB_REF##*/} --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:main-themed --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:main --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest - docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags - echo docker done - - - uses: sigstore/cosign-installer@main - - - name: Write signing key to disk (only needed for `cosign sign --key`) - run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - - - name: Sign container image - run: | - cosign sign -y --key cosign.key \ - docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:main-themed - env: - COSIGN_PASSWORD: "${{secrets.COSIGN_PASSWORD}}" - - - From 45347ae7e2f8d2bc15d8ed38514703aed7b693c7 Mon Sep 17 00:00:00 2001 From: tawoe Date: Mon, 2 Mar 2026 12:25:44 +0100 Subject: [PATCH 3/4] fix container push trigger --- .github/workflows/build_container.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 9a23d6d..66664e9 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -28,7 +28,7 @@ jobs: echo Building container image for branch ${{ github.ref }} done fi - name: Push container image - if: github.secrets.DOCKER_HUB_USERNAME != '' + if: ${{ secrets.DOCKER_HUB_USERNAME }} run: | echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags @@ -36,11 +36,11 @@ jobs: - uses: sigstore/cosign-installer@main - name: Write signing key to disk (only needed for `cosign sign --key`) - if: github.secrets.DOCKER_HUB_USERNAME != '' + if: ${{ secrets.DOCKER_HUB_USERNAME }} run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - name: Sign container image - if: github.secrets.DOCKER_HUB_USERNAME != '' + if: ${{ secrets.DOCKER_HUB_USERNAME }} run: | cosign sign -y --key cosign.key \ docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:main From 49d5b0c8e76a25d3ed0499d8a500b9f2ec093456 Mon Sep 17 00:00:00 2001 From: tawoe Date: Mon, 2 Mar 2026 12:29:23 +0100 Subject: [PATCH 4/4] fix container push trigger --- .github/workflows/build_container.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 66664e9..6118f4b 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -28,7 +28,7 @@ jobs: echo Building container image for branch ${{ github.ref }} done fi - name: Push container image - if: ${{ secrets.DOCKER_HUB_USERNAME }} + if: ${{ github.secrets.DOCKER_HUB_USERNAME }} run: | echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags @@ -36,11 +36,11 @@ jobs: - uses: sigstore/cosign-installer@main - name: Write signing key to disk (only needed for `cosign sign --key`) - if: ${{ secrets.DOCKER_HUB_USERNAME }} + if: ${{ github.secrets.DOCKER_HUB_USERNAME }} run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key - name: Sign container image - if: ${{ secrets.DOCKER_HUB_USERNAME }} + if: ${{ github.secrets.DOCKER_HUB_USERNAME }} run: | cosign sign -y --key cosign.key \ docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:main