refactor: resolve vulns and upgrade #615
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Mozilla Deploy Actions url: <https://github.com/mozilla-it/deploy-actions> | |
| # Note: even though Mozilla maintains the above actions, it is still suggested | |
| # when upgrading to use the full commit SHA and comment with version. | |
| # See <https://docs.github.com/en/actions/reference/security/secure-use#using-third-party-actions> | |
| # Ex. `mozilla-it/deploy-actions/.github/workflows/build-and-push.yml@4784cb70739a4f32ce010921f60fb1ebbc791a38 # v6.2.2` | |
| name: Build, Tag and Push Container Images to GAR Repository | |
| on: | |
| pull_request: | |
| types: [opened, labeled, unlabeled, synchronize] | |
| # paths: | |
| # - '**/sync*/**' | |
| push: | |
| branches: | |
| - master | |
| tags: | |
| - '**' | |
| workflow_dispatch: {} | |
| jobs: | |
| # Note: we are moving towards renaming all images `syncserver`, the union of sync and tokenserver. | |
| # This presently remains for the time being to simplify deploys by maintaining `image_name: syncstorage-rs`. | |
| # Historical context: <https://github.com/mozilla-services/syncstorage-rs/pull/1306> | |
| build-and-push-syncstorage-rs: | |
| if: > | |
| github.event_name == 'workflow_dispatch' || | |
| ( | |
| github.event_name == 'push' && | |
| (github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/')) | |
| ) || | |
| ( | |
| github.event_name == 'pull_request' && | |
| contains(github.event.pull_request.labels.*.name, 'preview') && | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| ) | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| uses: mozilla-it/deploy-actions/.github/workflows/build-and-push.yml@4784cb70739a4f32ce010921f60fb1ebbc791a38 # v6.2.2 | |
| with: | |
| image_name: syncstorage-rs | |
| gar_name: sync-prod | |
| project_id: moz-fx-sync-prod | |
| docker_build_args: | | |
| SYNCSTORAGE_DATABASE_BACKEND=spanner | |
| MYSQLCLIENT_PKG=libmysqlclient-dev | |
| should_tag_ghcr: true | |
| build-and-push-syncserver-postgres: | |
| if: > | |
| github.event_name == 'workflow_dispatch' || | |
| ( | |
| github.event_name == 'push' && | |
| (github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/')) | |
| ) || | |
| ( | |
| github.event_name == 'pull_request' && | |
| contains(github.event.pull_request.labels.*.name, 'preview') && | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| ) | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| uses: mozilla-it/deploy-actions/.github/workflows/build-and-push.yml@4784cb70739a4f32ce010921f60fb1ebbc791a38 # v6.2.2 | |
| with: | |
| image_name: syncserver-postgres | |
| gar_name: sync-prod | |
| project_id: moz-fx-sync-prod | |
| docker_build_args: | | |
| SYNCSTORAGE_DATABASE_BACKEND=postgres | |
| TOKENSERVER_DATABASE_BACKEND=postgres | |
| should_tag_ghcr: true | |
| build-and-push-syncserver-postgres-enterprise-gar: | |
| if: > | |
| github.event_name == 'workflow_dispatch' || | |
| ( | |
| github.event_name == 'push' && | |
| (github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/')) | |
| ) || | |
| ( | |
| github.event_name == 'pull_request' && | |
| contains(github.event.pull_request.labels.*.name, 'preview') && | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| ) | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| uses: mozilla-it/deploy-actions/.github/workflows/build-and-push.yml@4784cb70739a4f32ce010921f60fb1ebbc791a38 # v6.2.2 | |
| with: | |
| image_name: syncserver-postgres | |
| gar_name: fx-enterprise-private | |
| project_id: moz-fx-fx-enterprise-prod | |
| docker_build_args: | | |
| SYNCSTORAGE_DATABASE_BACKEND=postgres | |
| TOKENSERVER_DATABASE_BACKEND=postgres | |
| # Note: we are moving towards renaming all images `syncserver`, the union of sync and tokenserver. | |
| # This presently remains for the time being to simplify deploys by maintaining `image_name: syncstorage-rs-spanner-python-utils`. | |
| # Historical context: <https://github.com/mozilla-services/syncstorage-rs/pull/1306> | |
| build-and-push-syncstorage-rs-spanner-python-utils: | |
| if: > | |
| github.event_name == 'workflow_dispatch' || | |
| ( | |
| github.event_name == 'push' && | |
| (github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/')) | |
| ) || | |
| ( | |
| github.event_name == 'pull_request' && | |
| contains(github.event.pull_request.labels.*.name, 'preview') && | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| ) | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| uses: mozilla-it/deploy-actions/.github/workflows/build-and-push.yml@4784cb70739a4f32ce010921f60fb1ebbc791a38 # v6.2.2 | |
| with: | |
| image_name: syncstorage-rs-spanner-python-utils | |
| gar_name: sync-prod | |
| project_id: moz-fx-sync-prod | |
| dockerfile_path: tools/spanner/Dockerfile | |
| image_build_context: tools/spanner | |
| should_tag_ghcr: true | |
| build-and-push-syncserver-postgres-python-utils: | |
| if: > | |
| github.event_name == 'workflow_dispatch' || | |
| ( | |
| github.event_name == 'push' && | |
| (github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/')) | |
| ) || | |
| ( | |
| github.event_name == 'pull_request' && | |
| contains(github.event.pull_request.labels.*.name, 'preview') && | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| ) | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| uses: mozilla-it/deploy-actions/.github/workflows/build-and-push.yml@4784cb70739a4f32ce010921f60fb1ebbc791a38 # v6.2.2 | |
| with: | |
| image_name: syncserver-postgres-python-utils | |
| gar_name: sync-prod | |
| project_id: moz-fx-sync-prod | |
| dockerfile_path: tools/postgres/Dockerfile | |
| image_build_context: tools/postgres | |
| should_tag_ghcr: true | |
| build-and-push-syncserver-postgres-python-utils-enterprise-gar: | |
| if: > | |
| github.event_name == 'workflow_dispatch' || | |
| ( | |
| github.event_name == 'push' && | |
| (github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/')) | |
| ) || | |
| ( | |
| github.event_name == 'pull_request' && | |
| contains(github.event.pull_request.labels.*.name, 'preview') && | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| ) | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| uses: mozilla-it/deploy-actions/.github/workflows/build-and-push.yml@4784cb70739a4f32ce010921f60fb1ebbc791a38 # v6.2.2 | |
| with: | |
| image_name: syncserver-postgres-python-utils | |
| gar_name: fx-enterprise-private | |
| project_id: moz-fx-fx-enterprise-prod | |
| dockerfile_path: tools/postgres/Dockerfile | |
| image_build_context: tools/postgres | |
| build-and-push-syncserver-mysql: | |
| if: > | |
| github.event_name == 'workflow_dispatch' || | |
| ( | |
| github.event_name == 'push' && | |
| (github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/')) | |
| ) || | |
| ( | |
| github.event_name == 'pull_request' && | |
| contains(github.event.pull_request.labels.*.name, 'preview') && | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| ) | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| uses: mozilla-it/deploy-actions/.github/workflows/build-and-push.yml@4784cb70739a4f32ce010921f60fb1ebbc791a38 # v6.2.2 | |
| with: | |
| image_name: syncserver-mysql | |
| gar_name: sync-prod | |
| project_id: moz-fx-sync-prod | |
| docker_build_args: | | |
| SYNCSTORAGE_DATABASE_BACKEND=mysql | |
| TOKENSERVER_DATABASE_BACKEND=mysql | |
| should_tag_ghcr: true |