feat: create dirs for testing in pipeline #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Container release pipeline | |
on: | |
push: | |
workflow_dispatch: # Allows you to run this workflow manually from the Actions tab | |
pull_request: | |
types: | |
- opened | |
schedule: | |
- cron: "0 0 * * 0" # weekly at sunday night | |
env: | |
CONTAINER_FILE: ./Containerfile | |
IMAGE_NAME: rouhim/sons-of-the-forest-server | |
IMAGE_TAG: latest | |
jobs: | |
check-containerfile: | |
name: Check container file | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: 'config' | |
hide-progress: false | |
format: 'table' | |
exit-code: '1' | |
ignore-unfixed: true | |
severity: 'CRITICAL,HIGH' | |
build-test-push-image: | |
needs: check-containerfile | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Build container image | |
uses: docker/build-push-action@v5 | |
with: | |
tags: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
platforms: linux/amd64 | |
context: . | |
file: ./Containerfile | |
load: true | |
push: false | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: image | |
image-ref: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
format: 'table' | |
exit-code: '1' | |
ignore-unfixed: true | |
severity: 'CRITICAL,HIGH' | |
- name: Test the built image | |
run: | | |
mkdir -p config/ data/ | |
chmod 777 config/ data/ | |
bash test-image.sh | |
- name: Build and push container image | |
if: github.ref == 'refs/heads/main' | |
uses: docker/build-push-action@v5 | |
with: | |
tags: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
platforms: linux/amd64 | |
context: . | |
file: ./Containerfile | |
load: false | |
push: true | |
- name: Update docker hub description | |
if: github.ref == 'refs/heads/main' | |
uses: peter-evans/dockerhub-description@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
repository: ${{ env.IMAGE_NAME }} | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
scan-type: image | |
image-ref: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
exit-code: '0' | |
ignore-unfixed: true | |
severity: 'CRITICAL,HIGH' | |
format: 'sarif' | |
output: 'trivy-results.sarif' | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: 'trivy-results.sarif' |