refactor: add github actions for docker image push #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Lint and Build | |
on: | |
push: | |
## do not lint and build when tagged, we just need to build when tagged | |
tags-ignore: | |
- '*' | |
branches: | |
- '*' | |
pull_request: | |
branches: ['main', 'master'] | |
jobs: | |
lint-and-build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones disabled for a linting job | |
- name: Run golangci-lint | |
uses: reviewdog/action-golangci-lint@v2 | |
with: | |
golangci_lint_flags: "--config=./.golangci.yml --timeout=6m0s" | |
- name: Setup Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: '>=1.21.0' | |
- name: Check if go.mod and go.sum are up to date | |
run: | | |
go mod tidy | |
git diff --exit-code go.mod go.sum | |
- name: Install dependencies | |
run: go get ./... | |
- name: Test | |
run: go test -v ./... --race | |
- name: Build | |
run: go build -v ./... | |
build-scan-docker-images: | |
runs-on: ubuntu-latest | |
needs: lint-and-build | |
steps: | |
- name: Checkout source code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build and tag dev image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./dev.Dockerfile | |
tags: | | |
controlplane/simulator:dev | |
load: true | |
push: false | |
- name: Run Trivy vulnerability scanner on the dev image | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: 'controlplane/simulator:dev' | |
format: 'table' | |
exit-code: '1' | |
vuln-type: 'os,library' | |
severity: 'CRITICAL,HIGH' | |
- name: Build and tag simulator image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./Dockerfile | |
tags: controlplane/simulator:${{ github.sha }} | |
load: true | |
push: false | |
- name: Run Trivy vulnerability scanner on simulator image | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: controlplane/simulator:${{ github.sha }} | |
format: 'table' | |
exit-code: '1' | |
vuln-type: 'os,library' | |
severity: 'CRITICAL,HIGH' | |
trivyignores: './.trivy-config/.trivyignore' |