.github/workflows/docker.yml

name: webviz-docker

on:
  push:
    branches:
      - master
  pull_request:
    branches:
      - master
  workflow_dispatch:
  schedule:
    # Run CI/CD every Sunday
    - cron:  '0 0 * * 0'

jobs:

  webviz-docker:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: ['3.6']

    steps:
      - name: 📖 Checkout commit locally
        uses: actions/checkout@v2

      - name: 🐍 Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v2
        with:
          python-version: ${{ matrix.python-version }}

      - name: 📦 Install webviz-config
        run: |
          pip install webviz-config

      - name: 🐳 Build Docker base image
        run: |
          docker build -t webviz/base_image .

      - name: 🐳 Build Docker example image
        run: |
          WEBVIZ_CONFIG_VERSION=$(python -c "import webviz_config; print(webviz_config.__version__)")

          git clone https://github.com/equinor/webviz-config.git

          pushd webviz-config
          git checkout $WEBVIZ_CONFIG_VERSION
          popd

          webviz certificate
          webviz build webviz-config/examples/basic_example.yaml --portable ./example_app

          pushd example_app
          docker build -t webviz/example_image .
          popd

      - name: 🕵️ Scan Docker base image
        run: |

          sudo apt-get install wget apt-transport-https gnupg lsb-release -y
          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
          echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
          sudo apt-get update -y
          sudo apt-get install trivy -y

          trivy -q --timeout 20m --severity HIGH,CRITICAL webviz/base_image

      - name: 🐳 Update Docker Hub images
        if: github.event_name == 'workflow_dispatch' || (github.event_name == 'schedule' && github.repository == 'equinor/webviz-docker')
        run: |
          echo ${{ secrets.dockerhub_webviz_token }} | docker login --username ${{ secrets.dockerhub_webviz_username }} --password-stdin

          docker push webviz/base_image:latest
          docker push webviz/example_image:latest