146 lines
4.1 KiB
YAML
146 lines
4.1 KiB
YAML
name: Example CI
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
image-name:
|
|
description: "Name for image"
|
|
default: "gitea.cuihang1201.synology.me/hangpersonal/ci-test"
|
|
type: string
|
|
required: true
|
|
image-tag:
|
|
description: "Tag for image"
|
|
default: "latest"
|
|
type: string
|
|
required: true
|
|
container-name:
|
|
description: "Name for container"
|
|
default: "ci-test"
|
|
type: string
|
|
required: true
|
|
|
|
jobs:
|
|
lint:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: Checkout source code
|
|
uses: actions/checkout@v4
|
|
- name: Install Python 3.10.12
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: '3.10.12'
|
|
- name: Install tox
|
|
run: pip install tox
|
|
- name: Run lint
|
|
run: |
|
|
cd backend
|
|
tox -e lint
|
|
|
|
unit-test:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: Checkout source code
|
|
uses: actions/checkout@v4
|
|
- name: Install Python 3.10.12
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: '3.10.12'
|
|
- name: Install tox
|
|
run: pip install tox
|
|
- name: Run unit tests
|
|
run: |
|
|
cd backend
|
|
tox -e unit
|
|
|
|
build-image:
|
|
runs-on: ubuntu-22.04
|
|
needs: [lint, unit-test] # Specify that build-image depends on lint and unit-test
|
|
steps:
|
|
- name: Checkout source code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Build and export
|
|
uses: docker/build-push-action@v5 # Build Docker image via Dockerfile
|
|
with:
|
|
context: backend # Directory of Dockerfile
|
|
tags: ${{ inputs.image-name }}:${{ inputs.image-tag }}
|
|
outputs: type=docker,dest=/tmp/image.tar
|
|
|
|
- name: Upload artifact
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: image
|
|
path: /tmp/image.tar
|
|
|
|
integration-tests:
|
|
runs-on: ubuntu-22.04
|
|
needs: [build-image]
|
|
steps:
|
|
- name: Download artifact
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: image
|
|
path: /tmp
|
|
- name: Load image
|
|
run: |
|
|
docker load --input /tmp/image.tar
|
|
docker image ls -a
|
|
docker run --rm -p 8143:80 --name ${{ inputs.container-name }} -d ${{ inputs.image-name }}:${{ inputs.image-tag }}
|
|
sleep 5
|
|
curl -s "http://${{ vars.LOCALHOST }}:8143/" ; echo
|
|
echo "Stop container: "
|
|
docker container stop ${{ inputs.container-name }}
|
|
|
|
vulnerability-scan:
|
|
runs-on: ubuntu-22.04
|
|
needs: [build-image]
|
|
steps:
|
|
- name: Download artifact
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: image
|
|
path: /tmp
|
|
- name: Install Trivy CLI
|
|
run: |
|
|
set -euo pipefail
|
|
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh \
|
|
| sh -s -- -b /usr/local/bin v0.65.0
|
|
trivy --version
|
|
- name: Scan saved image tar with Trivy
|
|
run: |
|
|
ls -la /tmp || true
|
|
trivy image \
|
|
--input /tmp/image.tar \
|
|
--format json \
|
|
--output /tmp/trivy-results.json \
|
|
--severity CRITICAL,HIGH \
|
|
--ignore-unfixed
|
|
- name: Upload results
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: trivy-results
|
|
path: /tmp/trivy-results.json
|
|
|
|
publish-image:
|
|
runs-on: ubuntu-22.04
|
|
needs: [integration-tests, vulnerability-scan]
|
|
steps:
|
|
- name: Download artifact
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: image
|
|
path: /tmp
|
|
- name: Load image
|
|
run: |
|
|
docker load --input /tmp/image.tar
|
|
docker image ls -a
|
|
- name: Login to Gitea Docker Registry
|
|
run: |
|
|
echo "${{ secrets.REGISTRY_TOKEN }}" | \
|
|
docker login gitea.cuihang1201.synology.me -u ${{ secrets.REGISTRY_USER }} --password-stdin
|
|
- name: Push Docker image
|
|
run: |
|
|
docker push ${{ vars.IMAGE }}:${{ inputs.image-tag }} |