144 lines
3.9 KiB
YAML
144 lines
3.9 KiB
YAML
name: Example CI
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
image-name:
|
|
description: "Name for image"
|
|
default: "gitea.cuihang1201.synology.me/hangpersonal/ci-test"
|
|
type: string
|
|
required: true
|
|
image-tag:
|
|
description: "Tag for image"
|
|
default: "latest"
|
|
type: string
|
|
required: true
|
|
container-name:
|
|
description: "Name for container"
|
|
default: "ci-test"
|
|
type: string
|
|
required: true
|
|
|
|
jobs:
|
|
lint:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: Checkout source code
|
|
uses: actions/checkout@v4
|
|
- name: Install Python 3.10.12
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: '3.10.12'
|
|
- name: Install tox
|
|
run: pip install tox
|
|
- name: Run lint
|
|
run: |
|
|
cd backend
|
|
tox -e lint
|
|
|
|
unit-test:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: Checkout source code
|
|
uses: actions/checkout@v4
|
|
- name: Install Python 3.10.12
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: '3.10.12'
|
|
- name: Install tox
|
|
run: pip install tox
|
|
- name: Run unit tests
|
|
run: |
|
|
cd backend
|
|
tox -e unit
|
|
|
|
build-image:
|
|
runs-on: ubuntu-22.04
|
|
needs: [lint, unit-test] # Specify that build-image depends on lint and unit-test
|
|
steps:
|
|
- name: Checkout source code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Build and export
|
|
uses: docker/build-push-action@v5 # Build Docker image via Dockerfile
|
|
with:
|
|
context: backend # Directory of Dockerfile
|
|
tags: ${{ inputs.image-name }}:${{ inputs.image-tag }}
|
|
outputs: type=docker,dest=/tmp/image.tar
|
|
|
|
- name: Upload artifact
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: image
|
|
path: /tmp/image.tar
|
|
|
|
integration-tests:
|
|
runs-on: ubuntu-22.04
|
|
needs: [build-image]
|
|
steps:
|
|
- name: Download artifact
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: image
|
|
path: /tmp
|
|
- name: Load image
|
|
run: |
|
|
docker load --input /tmp/image.tar
|
|
docker image ls -a
|
|
docker run --rm -p 8143:80 --name ${{ inputs.container-name }} -d ${{ inputs.image-name }}:${{ inputs.image-tag }}
|
|
sleep 5
|
|
curl -s "http://${{ vars.LOCALHOST }}:8143/" ; echo
|
|
echo "Stop container: "
|
|
docker container stop ${{ inputs.container-name }}
|
|
|
|
vulnerability-scan:
|
|
runs-on: ubuntu-22.04
|
|
needs: [build-image]
|
|
steps:
|
|
- name: Download artifact
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: image
|
|
path: /tmp
|
|
- name: Scan saved image tar with Trivy via Docker
|
|
run: |
|
|
pwd
|
|
ls -la /tmp || true
|
|
docker run --rm \
|
|
-v /tmp:/tmp \
|
|
aquasec/trivy:0.52.2 image \
|
|
--input /tmp/image.tar \
|
|
--format json \
|
|
--output /tmp/trivy-results.json \
|
|
--severity CRITICAL,HIGH \
|
|
--ignore-unfixed
|
|
- name: Upload results
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: trivy-results
|
|
path: /tmp/trivy-results.json
|
|
|
|
publish-image:
|
|
runs-on: ubuntu-22.04
|
|
needs: [integration-tests, vulnerability-scan]
|
|
steps:
|
|
- name: Download artifact
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: image
|
|
path: /tmp
|
|
- name: Load image
|
|
run: |
|
|
docker load --input /tmp/image.tar
|
|
docker image ls -a
|
|
- name: Login to DockerHub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.REGISTRY_USER }}
|
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
|
- name: Docker push image to DockerHub
|
|
run: |
|
|
docker push ${{ vars.IMAGE }}:${{ inputs.image-tag }} |