nginx_develop.yml

# Build and Publish Docker Image for NGINX

name: NGINX Develop

on:
  push:
    branches:
      - develop
    paths:
      - infrastructure/docker/nginx/**
      - .github/workflows/nginx_develop.yml
  pull_request:
    branches:
      - develop
    paths:
      - iris-client-fe/**
      - iris-client-bff/**
      - infrastructure/docker/nginx/**
      - .github/workflows/nginx_develop.yml

jobs:
  build_and_push:
    name: Build and push Docker image
    runs-on: ubuntu-latest
    
    # Map a step output to a job output
    outputs:
      image-ref: ${{ steps.meta.outputs.tags }}

    steps:
      - name: Check out the repo
        uses: actions/checkout@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Create image tag
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: inoeg/iris-client-nginx

      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USER }}
          password: ${{ secrets.DOCKER_HUB_PW }}

      - name: Build and push to docker.io
        uses: docker/build-push-action@v3.1.1
        with:
          context: ./infrastructure/docker/nginx/
          tags: ${{ steps.meta.outputs.tags }}
          push: false
          load: true
          labels: |
            iris.client-nginx.image.revision=${{ github.sha }}

      - name: Sign and push docker image
        uses: sudo-bot/action-docker-sign@latest
        with:
          image-ref: ${{steps.meta.outputs.tags}}
          private-key-id: ${{ secrets.DOCKER_HUB_DCT_PRIVATE_KEY_IDENTIFIER }}
          private-key: ${{ secrets.DOCKER_HUB_DCT_PRIVATE_KEY }}
          private-key-passphrase: ${{ secrets.DOCKER_HUB_DCT_PASSPHRASE }}

  container_scan:
    name: Container Scan
    needs: build_and_push
    uses: iris-connect/iris-client/.github/workflows/trivy-container-scan.yml@develop
    with:
      image-refs: "[ '${{needs.build_and_push.outputs.image-ref}}' ]"