Building the Docker image in github worflo

Author: christopherlouet

.github/workflows/docker-build-push.yml

@@ -0,0 +1,55 @@
+name: DockerBuildPush
+
+on:
+  push:
+    branches:
+      - main
+
+env:
+  DOCKER_REPOSITORY: breizhcamp/konter
+
+jobs:
+
+  docker-build-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Build an image from Dockerfile
+        run: |
+          docker build -t $DOCKER_REPOSITORY:${{ github.sha }} .
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: '${{ env.DOCKER_REPOSITORY }}:${{ github.sha }}'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+      - name: Login to Harbor
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.DOCKER_REGISTRY_URL }}
+          username: ${{ vars.DOCKER_REGISTRY_USER }}
+          password: ${{ secrets.DOCKER_REGISTRY_PASS }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ vars.DOCKER_REGISTRY_URL }}/${{ env.DOCKER_REPOSITORY }}:latest,${{ vars.DOCKER_REGISTRY_URL }}/${{ env.DOCKER_REPOSITORY }}:${{ github.sha }}

.github/workflows/docker-build.yml

@@ -0,0 +1,33 @@
+name: DockerBuild
+
+on:
+  pull_request:
+
+env:
+  DOCKER_REPOSITORY: breizhcamp/konter
+
+jobs:
+
+  docker-build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Build an image from Dockerfile
+        run: |
+          docker build -t $DOCKER_REPOSITORY:${{ github.sha }} .
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: '${{ env.DOCKER_REPOSITORY }}:${{ github.sha }}'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'

Dockerfile

@@ -0,0 +1,19 @@
+FROM eclipse-temurin:17-jdk-alpine AS build
+WORKDIR /workspace/app
+
+COPY mvnw .
+COPY .mvn .mvn
+COPY pom.xml .
+COPY src src
+
+RUN ./mvnw install -DskipTests
+WORKDIR /workspace/app/target/dependency
+RUN jar -xf ../*.jar
+
+FROM eclipse-temurin:17-jdk-alpine
+VOLUME /tmp
+ARG DEPENDENCY=/workspace/app/target/dependency
+COPY --from=build ${DEPENDENCY}/BOOT-INF/lib /app/lib
+COPY --from=build ${DEPENDENCY}/META-INF /app/META-INF
+COPY --from=build ${DEPENDENCY}/BOOT-INF/classes /app
+ENTRYPOINT ["java","-cp","app:app/lib/*","org.breizhcamp.konter.KonterApplicationKt"]