WIP

jbern0rd · jbern0rd · commit 9f495e6e91e7 · 2025-09-30T14:28:03.000+02:00
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,59 @@
+name: Rust CI
+
+on:
+  pull_request:
+  push:
+  workflow_dispatch:
+
+jobs:
+  prepare:
+    name: Determine image tag
+    runs-on: ubuntu-latest
+    #if: |
+    #  github.ref_name == 'main' ||
+    #  startsWith(github.head_ref, 'feature/') ||
+    #  startsWith(github.head_ref, 'bugfix/') ||
+    #  (github.event_name == 'workflow_dispatch' && (startsWith(github.ref_name, 'feature/') || startsWith(github.ref_name, 'bugfix/')))
+    outputs:
+      image_tag: ${{ steps.determine-tag.outputs.image_tag }}
+      jar_path: ${{ steps.determine-tag.outputs.jar_path }}
+    steps:
+      - name: Determine base tag
+        id: determine-tag
+        run: |
+          if [ "${{ github.event_name }}" = "pull_request" ] ; then
+            SHORT_SHA=$(echo ${{ github.event.pull_request.head.sha }} | cut -c1-8)
+          else
+            SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-8)
+          fi
+
+          if [ "${{ github.ref_name }}" = "main" ] ; then
+            echo "Processing main branch"
+            echo "image_tag=dev-${SHORT_SHA}" | tee -a $GITHUB_OUTPUT
+          else
+            # This covers feature/ and bugfix/ branches
+            echo "Processing feature/bugfix branch ${{ github.head_ref }}"
+            echo "image_tag=feature-${SHORT_SHA}" | tee -a $GITHUB_OUTPUT
+          fi
+          echo "jar_path=$(./gradlew properties | grep jarPathForOCI | cut -d" " -f2)" | tee -a $GITHUB_OUTPUT
+
+  build-oci-image:
+    name: Build OCI images
+    needs: prepare
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@feature/improve-docker-build
+    with:
+      image-name: docker-regis.iex.ec/iexec-blockchain-adpter-api
+      image-tag: ${{ needs.prepare.outputs.image_tag }}
+      dockerfile: Dockerfile
+      context: .
+      registry: docker-regis.iex.ec
+      push: true
+      security-scan: true
+      security-report: "sarif"
+      hadolint: true
+      platforms: linux/amd64
+      build-args: |
+        jar=${{ needs.prepare.outputs.jar_path }}
+    secrets:
+      username: ${{ secrets.NEXUS_USERNAME }}
+      password: ${{ secrets.NEXUS_PASSWORD }}
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -2,4 +2,4 @@
 buildJavaProject(
         integrationTestsEnvVars: ['BROKER_PRIVATE_KEY'],
         shouldPublishJars: true,
-        shouldPublishDockerImages: true)
+        shouldPublishDockerImages: false)
