Merge pull request #551 from UN-OCHA/develop

Dependabot, ECR and Webform security update

Author: cafuego

.github/workflows/docker-build-image.yml

@@ -4,55 +4,31 @@ on:
   push:
     branches:
       - develop
-      - main
       - feature/**
+      - main
   release:
     types: [published]
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - name: Configure AWS Credentials
-      id: aws
-      uses: aws-actions/configure-aws-credentials@v1
-      with:
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        aws-region: us-east-1
-
     - name: Checkout code
       id: checkout
       uses: actions/checkout@v1
-
-    - name: Determine environment type
-      id: env
-      uses: docker://ghcr.io/un-ocha/actions:determine-environment-main
-
-    - name: Build docker image
-      env:
-        DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
-      run: |
-        export DOCKER_TAG="${GITHUB_REF#refs/*/}"
-        export DOCKER_TAG="${DOCKER_TAG//[^[:alnum:].-]/-}"
-        echo "${DOCKER_PASSWORD}" | docker login -u "${DOCKER_USERNAME}" --password-stdin
-        docker build \
-            --build-arg BRANCH_ENVIRONMENT=${BRANCH_ENVIRONMENT} \
-            --build-arg VCS_REF=`git rev-parse --short HEAD` \
-            --build-arg VCS_URL=`git config --get remote.origin.url | sed 's#git@github.com:#https://github.com/#'` \
-            --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` \
-            --build-arg GITHUB_ACTOR=${GITHUB_ACTOR} \
-            --build-arg GITHUB_REPOSITORY=${GITHUB_REPOSITORY} \
-            --build-arg GITHUB_SHA=${GITHUB_SHA} \
-            --build-arg GITHUB_REF=${GITHUB_REF} \
-         . --file docker/Dockerfile --tag unocha/iasc-site:${DOCKER_TAG}
-        docker push unocha/iasc-site:${DOCKER_TAG}
-
-    - name: Flowdock Notify
-      uses: docker://ghcr.io/un-ocha/actions:flowdock-notify-main
-      env:
-        FLOWDOCK_TOKEN: ${{ secrets.FLOWDOCK_TOKEN }}
-        FLOWDOCK_ICON: 'package'
-        FLOWDOCK_MESSAGE: 'Built a new `unocha/iasc-site` image from ${{ github.ref }} and pushed to [DockerHub](https://hub.docker.com/r/unocha/iasc-site/tags).'
-        FLOWDOCK_TAGS: 'build,docker,${{ github.actor }}'
+      with:
+        fetch-depth: 0
+    - name: Build The Thing
+      id: build-action
+      uses: UN-OCHA/actions/drupal-docker-build@main
+      with:
+        aws_access_key_id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
+        aws_secret_access_key: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
+        docker_registry_url: public.ecr.aws
+        docker_registry_path: /unocha/
+        docker_image: iasc-site
+        docker_username: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
+        docker_password: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
+        ecr_github_token: ${{ secrets.ECR_GITHUB_TOKEN }}
+        ecr_jenkins_token: ${{ secrets.JENKINS_ECR_TOKEN }}
+        flowdock_token: ${{ secrets.FLOWDOCK_TOKEN }}

composer.json

@@ -78,7 +78,7 @@
         "drupal/twig_tweak": "^2.8",
         "drupal/variationcache": "^1.0",
         "drupal/viewsreference": "^2.0.0",
-        "drupal/webform": "^6.1@beta",
+        "drupal/webform": "^6.1.2",
         "drush/drush": "^10.0.0",
         "npm-asset/select2": "^4.0",
         "oomphinc/composer-installers-extender": "^2.0",