.github/workflows/docker-nightly.yml

# Copyright (c) 2021 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Eclipse Public License 2.0 which is available at
# http://www.eclipse.org/legal/epl-2.0
#
# SPDX-License-Identifier: EPL-2.0
name: push-dockerhub-nightly

on:
  schedule:
    - cron: '0 1 * * *' # run at 1 AM UTC
  workflow_dispatch:

jobs:
  build:
    if: github.repository == 'eclipse-ditto/ditto'
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v2 # setup buildx in order to do build and push multi-architecture images
      -
        name: Inspect buildx builder
        run: |
          echo "Name:      ${{ steps.buildx.outputs.name }}"
          echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
          echo "Status:    ${{ steps.buildx.outputs.status }}"
          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
      -
        name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: eclipsedittobot
          password: ${{ secrets.DOCKER_HUB_TOKEN }}
      -
        name: Branch name
        id: branch_name
        run: |
          echo "IMAGE_TAG=nightly" >> $GITHUB_ENV
      -
        name: Building + pushing Docker images for tag
        run: |
          echo $IMAGE_TAG
      -
        name: Build and push ditto-policies
        uses: docker/build-push-action@v4
        with:
          context: .
          file: dockerfile-release
          platforms: linux/amd64,linux/arm64
          build-args: |
            SERVICE_STARTER=ditto-policies-service
            SERVICE_VERSION=0-SNAPSHOT
            MAIN_CLASS=org.eclipse.ditto.policies.service.starter.PoliciesService
          pull: true
          push: true
          tags: |
            eclipse/ditto-policies:${{ env.IMAGE_TAG }}
      -
        name: Build and push ditto-things
        uses: docker/build-push-action@v4
        with:
          context: .
          file: dockerfile-release
          platforms: linux/amd64,linux/arm64
          build-args: |
            SERVICE_STARTER=ditto-things-service
            SERVICE_VERSION=0-SNAPSHOT
            MAIN_CLASS=org.eclipse.ditto.things.service.starter.ThingsService
          pull: true
          push: true
          tags: |
            eclipse/ditto-things:${{ env.IMAGE_TAG }}
      -
        name: Build and push ditto-gateway
        uses: docker/build-push-action@v4
        with:
          context: .
          file: dockerfile-release
          platforms: linux/amd64,linux/arm64
          build-args: |
            SERVICE_STARTER=ditto-gateway-service
            SERVICE_VERSION=0-SNAPSHOT
            MAIN_CLASS=org.eclipse.ditto.gateway.service.starter.GatewayService
          pull: true
          push: true
          tags: |
            eclipse/ditto-gateway:${{ env.IMAGE_TAG }}
      -
        name: Build and push ditto-thingsearch
        uses: docker/build-push-action@v4
        with:
          context: .
          file: dockerfile-release
          platforms: linux/amd64,linux/arm64
          build-args: |
            SERVICE_STARTER=ditto-thingsearch-service
            SERVICE_VERSION=0-SNAPSHOT
            MAIN_CLASS=org.eclipse.ditto.thingsearch.service.starter.SearchService
          pull: true
          push: true
          tags: |
            eclipse/ditto-things-search:${{ env.IMAGE_TAG }}
      -
        name: Build and push ditto-connectivity
        uses: docker/build-push-action@v4
        with:
          context: .
          file: dockerfile-release
          platforms: linux/amd64,linux/arm64
          build-args: |
            SERVICE_STARTER=ditto-connectivity-service
            SERVICE_VERSION=0-SNAPSHOT
            MAIN_CLASS=org.eclipse.ditto.connectivity.service.ConnectivityService
            JVM_CMD_ARGS=--add-opens java.base/java.nio=ALL-UNNAMED --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/sun.security.util=ALL-UNNAMED
          pull: true
          push: true
          tags: |
            eclipse/ditto-connectivity:${{ env.IMAGE_TAG }}
      -
        name: Use Node.js 18.x
        uses: actions/setup-node@v4
        with:
          node-version: 20
      -
        name: Install npm dependencies
        run: npm install
        working-directory: ./ui
      -
        name: Build UI with node
        run: npm run build
        working-directory: ./ui
      -
        name: Build and push ditto-ui image
        uses: docker/build-push-action@v4
        with:
          context: ./ui
          file: ui/Dockerfile
          platforms: linux/amd64,linux/arm64
          pull: true
          push: true
          tags: |
            eclipse/ditto-ui:${{ env.IMAGE_TAG }}
      - 
        name: Run Trivy vulnerability scanner for ditto-policies
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'docker.io/eclipse/ditto-policies:${{ env.IMAGE_TAG }}'
          format: 'table'
          exit-code: '1'
          ignore-unfixed: true
          vuln-type: 'os,library'
          severity: 'CRITICAL'
      - 
        name: Run Trivy vulnerability scanner for ditto-things
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'docker.io/eclipse/ditto-things:${{ env.IMAGE_TAG }}'
          format: 'table'
          exit-code: '1'
          ignore-unfixed: true
          vuln-type: 'os,library'
          severity: 'CRITICAL'
      - 
        name: Run Trivy vulnerability scanner for ditto-gateway
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'docker.io/eclipse/ditto-gateway:${{ env.IMAGE_TAG }}'
          format: 'table'
          exit-code: '1'
          ignore-unfixed: true
          vuln-type: 'os,library'
          severity: 'CRITICAL'
      - 
        name: Run Trivy vulnerability scanner for ditto-things-search
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'docker.io/eclipse/ditto-things-search:${{ env.IMAGE_TAG }}'
          format: 'table'
          exit-code: '1'
          ignore-unfixed: true
          vuln-type: 'os,library'
          severity: 'CRITICAL'
      - 
        name: Run Trivy vulnerability scanner for ditto-connectivity
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'docker.io/eclipse/ditto-connectivity:${{ env.IMAGE_TAG }}'
          format: 'table'
          exit-code: '1'
          ignore-unfixed: true
          vuln-type: 'os,library'
          severity: 'CRITICAL'
      - 
        name: Run Trivy vulnerability scanner for ditto-ui
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'docker.io/eclipse/ditto-ui:${{ env.IMAGE_TAG }}'
          format: 'table'
          exit-code: '1'
          ignore-unfixed: true
          vuln-type: 'os,library'
          severity: 'CRITICAL'