diff --git a/.github/workflows/push_build_dev.yaml b/.github/workflows/push_build_dev.yaml index cee779b..b4c4c80 100644 --- a/.github/workflows/push_build_dev.yaml +++ b/.github/workflows/push_build_dev.yaml @@ -1,152 +1,3 @@ name: "[Push] Build dev" -on: - push: - branches: - - master - paths-ignore: - - '.github/**' - - 'src/VERSION' - - 'docs/**' - workflow_dispatch: - -env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - -jobs: - versioning: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.versioning.outputs.VERSION }} - steps: - - uses: actions/checkout@v2 - - name: get current date - run: | - sudo ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime - echo "TIME=$(date +'%Y%m%d.%H%M%S')" >> $GITHUB_ENV - - name: set version with current date - id: versioning - run: | - echo "::set-output name=VERSION::$(cat src/VERSION | cut -c 2-).${{ env.TIME }}" - - name: Notice when job fails - if: failure() - uses: 8398a7/action-slack@v3.2.0 - with: - status: ${{job.status}} - fields: repo,workflow,job - author_name: Github Action Slack - - docker: - if: github.repository_owner == 'cloudforet-io' - needs: versioning - runs-on: ubuntu-latest - env: - VERSION: ${{ needs.versioning.outputs.version }} - steps: - - uses: actions/checkout@v2 - - name: get service name - run: | - echo "SERVICE=$(echo ${{ github.repository }} | cut -d '/' -f2)" >> $GITHUB_ENV - - name: Upload docker - uses: docker/build-push-action@v1 - with: - path: . - repository: pyengine/${{ env.SERVICE }} - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - tags: ${{ env.VERSION }} - - name: Notice when job fails - if: failure() - uses: 8398a7/action-slack@v3.2.0 - with: - status: ${{job.status}} - fields: repo,workflow,job - author_name: Github Action Slack - - scan: - needs: [versioning, docker] - runs-on: ubuntu-20.04 - steps: - - name: Run Trivy vulnerability scanner - id: trivy-scan - uses: aquasecurity/trivy-action@master - with: - image-ref: pyengine/${{ github.event.repository.name }}:${{ needs.versioning.outputs.version }} - format: 'sarif' - output: 'trivy-results.sarif' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'trivy-results.sarif' - - - name: Count vulnerabilities - id: vulnerabilities - run: | - count=$(jq '.runs[].results[].ruleId' ./trivy-results.sarif | wc -c) - echo "result_count=$count" >> $GITHUB_OUTPUT - echo "$count" - - - name: slack - if: ${{ steps.vulnerabilities.outputs.result_count != 0 }} - uses: 8398a7/action-slack@v3 - with: - status: custom - fields: workflowRun - custom_payload: | - { - "blocks": [ - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": ":warning: Image vulnerability detected" - } - }, - { - "type": "section", - "fields": [ - { - "type": "mrkdwn", - "text": "*Image:*\npyengine/${{ github.event.repository.name }}:${{ needs.versioning.outputs.version }}" - }, - { - "type": "mrkdwn", - "text": "*Repo name:*\n${{ github.repository }}" - } - ] - }, - { - "type": "actions", - "elements": [ - { - "type": "button", - "text": { - "type": "plain_text", - "emoji": true, - "text": "View Detail" - }, - "style": "danger", - "url": "https://github.com/${{ github.repository }}/security/code-scanning" - } - ] - } - ] - } - env: - SLACK_WEBHOOK_URL: ${{secrets.VULNERABILITY_SLACK_WEBHOOK_URL}} - - notification: - runs-on: ubuntu-latest - needs: docker - steps: - - name: Slack - if: always() - uses: 8398a7/action-slack@v3.2.0 - with: - status: ${{job.status}} - fields: repo,message,commit,author,action,ref,workflow,job - author_name: Github Action Slack \ No newline at end of file +# deprecated