Add .gitea/workflows/*.yaml

.gitea/workflows/010_ci_docker_image.yaml

@@ -0,0 +1,131 @@
+name: Example CI
+
+on:
+  workflow_dispatch:
+    inputs:
+      image-tag: 
+        description: "Tag for image"
+        default: "latest" # Define Docker image tag
+        type: string
+        required: true
+
+jobs:
+  lint:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout source code 
+        uses: actions/checkout@v4
+      - name: Install Python 3.10.12
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10.12'
+      - name: Install tox
+        run: pip install tox
+      - name: Run lint
+        run: |
+          cd backend
+          tox -e lint
+  
+  unit-test:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout source code 
+        uses: actions/checkout@v4
+      - name: Install Python 3.10.12
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10.12'
+      - name: Install tox
+        run: pip install tox
+      - name: Run unit tests
+        run: |
+          cd backend
+          tox -e unit
+
+  build-image:
+    runs-on: ubuntu-22.04
+    needs: [lint, unit-test]  # Specify that build-image depends on lint and unit-test
+    steps:
+      - name: Checkout source code 
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and export
+        uses: docker/build-push-action@v5 # Build Docker image via Dockerfile
+        with:
+          context: backend # Directory of Dockerfile
+          tags: ${{ vars.IMAGE }}:${{ inputs.image-tag }} 
+          outputs: type=docker,dest=/tmp/image.tar
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: image
+          path: /tmp/image.tar
+  
+  integration-tests:
+    runs-on: ubuntu-22.04
+    needs: [build-image]
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: image
+          path: /tmp
+      - name: Load image
+        run: |
+          docker load --input /tmp/image.tar
+          docker image ls -a
+          docker run -p 8080:80 -d ${{ vars.IMAGE }}:${{ inputs.image-tag }} 
+          sleep 5
+          curl --fail 'http://localhost:8080/'
+  
+  vulnerability-scan:
+    runs-on: ubuntu-22.04
+    needs: [build-image]
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: image
+          path: /tmp
+      - name: Load image
+        run: |
+          docker load --input /tmp/image.tar
+          docker image ls -a
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ vars.IMAGE }}:${{ inputs.image-tag }}
+          format: 'json'
+          output: 'trivy-results.json'
+          severity: 'CRITICAL,HIGH'
+      - name: Upload results
+        uses: actions/upload-artifact@v3
+        with:
+          name: trivy-results
+          path: ${{ github.workspace }}/trivy-results.json
+  
+  publish-image:
+    runs-on: ubuntu-22.04
+    needs: [integration-tests, vulnerability-scan]
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: image
+          path: /tmp
+      - name: Load image
+        run: |
+          docker load --input /tmp/image.tar
+          docker image ls -a
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+      - name: Docker push image to DockerHub
+        run: |
+          docker push ${{ vars.IMAGE }}:${{ inputs.image-tag }}