Skip to content

Commit

Permalink
Fix tests
Browse files Browse the repository at this point in the history
  • Loading branch information
ahosgood committed Nov 6, 2024
1 parent 1e5e317 commit 4074993
Show file tree
Hide file tree
Showing 4 changed files with 237 additions and 93 deletions.
126 changes: 63 additions & 63 deletions .github/actions/build/action.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Build and push Docker images
name: Build Docker images

inputs:
image-name:
Expand Down Expand Up @@ -84,65 +84,65 @@ runs:
- name: List manifest
run: docker buildx imagetools inspect ${{ env.IMAGE_ID }}:${{ env.TAG }}
shell: bash
- name: Tag major version
if: startsWith(github.ref, 'refs/tags/')
uses: docker/build-push-action@v6
with:
context: ${{ inputs.docker-context }}
platforms: linux/amd64,linux/arm64
labels: |
runnumber=${{ github.run_id }}
build-args: |
BASE_IMAGE=${{ inputs.base-image }}
BASE_IMAGE_TAG=${{ env.MAJOR_VERSION }}
TNA_DOCKER_IMAGE_VERSION=${{ env.TAG }}
TNA_DOCKER_IMAGE_SOURCE=${{ github.server_url }}/${{ github.repository }}/blob/main/${{ inputs.docker-context }}/Dockerfile
USER_IMAGE=${{ inputs.user-image }}
push: true
tags: ${{ env.IMAGE_ID }}:${{ env.MAJOR_VERSION }}
provenance: false
- name: Tag minor version
if: startsWith(github.ref, 'refs/tags/')
uses: docker/build-push-action@v6
with:
context: ${{ inputs.docker-context }}
platforms: linux/amd64,linux/arm64
labels: |
runnumber=${{ github.run_id }}
build-args: |
BASE_IMAGE=${{ inputs.base-image }}
BASE_IMAGE_TAG=${{ env.MINOR_VERSION }}
TNA_DOCKER_IMAGE_VERSION=${{ env.TAG }}
TNA_DOCKER_IMAGE_SOURCE=${{ github.server_url }}/${{ github.repository }}/blob/main/${{ inputs.docker-context }}/Dockerfile
USER_IMAGE=${{ inputs.user-image }}
push: true
tags: ${{ env.IMAGE_ID }}:${{ env.MINOR_VERSION }}
provenance: false
- name: Tag latest
if: startsWith(github.ref, 'refs/tags/')
uses: docker/build-push-action@v6
with:
context: ${{ inputs.docker-context }}
platforms: linux/amd64,linux/arm64
labels: |
runnumber=${{ github.run_id }}
build-args: |
BASE_IMAGE=${{ inputs.base-image }}
BASE_IMAGE_TAG=latest
TNA_DOCKER_IMAGE_VERSION=${{ env.TAG }}
TNA_DOCKER_IMAGE_SOURCE=${{ github.server_url }}/${{ github.repository }}/blob/main/${{ inputs.docker-context }}/Dockerfile
USER_IMAGE=${{ inputs.user-image }}
push: true
tags: ${{ env.IMAGE_ID }}:latest
provenance: false
- name: Scan for vulnerabilities
uses: aquasecurity/[email protected]
with:
image-ref: ${{ env.IMAGE_ID }}:${{ env.TAG }}
format: "sarif"
output: "trivy-results.sarif"
ignore-unfixed: true
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"
# - name: Tag major version
# if: startsWith(github.ref, 'refs/tags/')
# uses: docker/build-push-action@v6
# with:
# context: ${{ inputs.docker-context }}
# platforms: linux/amd64,linux/arm64
# labels: |
# runnumber=${{ github.run_id }}
# build-args: |
# BASE_IMAGE=${{ inputs.base-image }}
# BASE_IMAGE_TAG=${{ env.MAJOR_VERSION }}
# TNA_DOCKER_IMAGE_VERSION=${{ env.TAG }}
# TNA_DOCKER_IMAGE_SOURCE=${{ github.server_url }}/${{ github.repository }}/blob/main/${{ inputs.docker-context }}/Dockerfile
# USER_IMAGE=${{ inputs.user-image }}
# push: true
# tags: ${{ env.IMAGE_ID }}:${{ env.MAJOR_VERSION }}
# provenance: false
# - name: Tag minor version
# if: startsWith(github.ref, 'refs/tags/')
# uses: docker/build-push-action@v6
# with:
# context: ${{ inputs.docker-context }}
# platforms: linux/amd64,linux/arm64
# labels: |
# runnumber=${{ github.run_id }}
# build-args: |
# BASE_IMAGE=${{ inputs.base-image }}
# BASE_IMAGE_TAG=${{ env.MINOR_VERSION }}
# TNA_DOCKER_IMAGE_VERSION=${{ env.TAG }}
# TNA_DOCKER_IMAGE_SOURCE=${{ github.server_url }}/${{ github.repository }}/blob/main/${{ inputs.docker-context }}/Dockerfile
# USER_IMAGE=${{ inputs.user-image }}
# push: true
# tags: ${{ env.IMAGE_ID }}:${{ env.MINOR_VERSION }}
# provenance: false
# - name: Tag latest
# if: startsWith(github.ref, 'refs/tags/')
# uses: docker/build-push-action@v6
# with:
# context: ${{ inputs.docker-context }}
# platforms: linux/amd64,linux/arm64
# labels: |
# runnumber=${{ github.run_id }}
# build-args: |
# BASE_IMAGE=${{ inputs.base-image }}
# BASE_IMAGE_TAG=latest
# TNA_DOCKER_IMAGE_VERSION=${{ env.TAG }}
# TNA_DOCKER_IMAGE_SOURCE=${{ github.server_url }}/${{ github.repository }}/blob/main/${{ inputs.docker-context }}/Dockerfile
# USER_IMAGE=${{ inputs.user-image }}
# push: true
# tags: ${{ env.IMAGE_ID }}:latest
# provenance: false
# - name: Scan for vulnerabilities
# uses: aquasecurity/[email protected]
# with:
# image-ref: ${{ env.IMAGE_ID }}:${{ env.TAG }}
# format: "sarif"
# output: "trivy-results.sarif"
# ignore-unfixed: true
# - name: Upload Trivy scan results to GitHub Security tab
# uses: github/codeql-action/upload-sarif@v3
# with:
# sarif_file: "trivy-results.sarif"
136 changes: 136 additions & 0 deletions .github/actions/push/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
name: Push Docker image

inputs:
image-name:
required: true
type: string
image-tag:
required: true
type: string
docker-context:
required: true
type: string
base-image:
required: false
type: string
user-image:
required: false
type: string
default: appuser
ignore-linting-rules:
required: false
type: string
github-token:
required: true
type: string

runs:
using: "composite"
steps:
# - uses: hadolint/[email protected]
# with:
# dockerfile: ${{ inputs.docker-context }}/Dockerfile
# ignore: SC1091,${{ inputs.ignore-linting-rules }}
# - name: ShellCheck
# run: |
# cd ${{ inputs.docker-context }}
# [ -d "./bin" ] && shellcheck --external-sources --exclude=SC1091 ./bin/*
# shellcheck --external-sources --exclude=SC2148 ./Dockerfile
# shell: bash
- name: Log in to registry
run: echo "${{ inputs.github-token }}" | docker login ghcr.io -u $ --password-stdin
shell: bash
- name: Prepare image tag
id: generate-tags
run: |
VERSION_MAJOR=$(echo "${{ inputs.image-tag }}" | awk -F'.' '{print $1}')
VERSION_MINOR=$(echo "${{ inputs.image-tag }}" | awk -F'.' '{print $2}')
echo "TAG=$VERSION" >> "$GITHUB_ENV"
echo "MAJOR_VERSION=$VERSION_MAJOR" >> "$GITHUB_ENV"
echo "MINOR_VERSION=$VERSION_MAJOR.$VERSION_MINOR" >> "$GITHUB_ENV"
shell: bash
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push images
uses: docker/build-push-action@v6
with:
context: ${{ inputs.docker-context }}
platforms: linux/amd64,linux/arm64
labels: |
runnumber=${{ github.run_id }}
build-args: |
BASE_IMAGE=${{ inputs.base-image }}
BASE_IMAGE_TAG=${{ env.TAG }}
TNA_DOCKER_IMAGE_VERSION=${{ env.TAG }}
TNA_DOCKER_IMAGE_SOURCE=${{ github.server_url }}/${{ github.repository }}/blob/main/${{ inputs.docker-context }}/Dockerfile
USER_IMAGE=${{ inputs.user-image }}
push: true
tags: ${{ env.IMAGE_ID }}:${{ env.TAG }}
provenance: false
- name: List manifest
run: docker buildx imagetools inspect ${{ env.IMAGE_ID }}:${{ env.TAG }}
shell: bash
- name: Tag major version
if: startsWith(github.ref, 'refs/tags/')
uses: docker/build-push-action@v6
with:
context: ${{ inputs.docker-context }}
platforms: linux/amd64,linux/arm64
labels: |
runnumber=${{ github.run_id }}
build-args: |
BASE_IMAGE=${{ inputs.base-image }}
BASE_IMAGE_TAG=${{ env.MAJOR_VERSION }}
TNA_DOCKER_IMAGE_VERSION=${{ env.TAG }}
TNA_DOCKER_IMAGE_SOURCE=${{ github.server_url }}/${{ github.repository }}/blob/main/${{ inputs.docker-context }}/Dockerfile
USER_IMAGE=${{ inputs.user-image }}
push: true
tags: ${{ env.IMAGE_ID }}:${{ env.MAJOR_VERSION }}
provenance: false
- name: Tag minor version
if: startsWith(github.ref, 'refs/tags/')
uses: docker/build-push-action@v6
with:
context: ${{ inputs.docker-context }}
platforms: linux/amd64,linux/arm64
labels: |
runnumber=${{ github.run_id }}
build-args: |
BASE_IMAGE=${{ inputs.base-image }}
BASE_IMAGE_TAG=${{ env.MINOR_VERSION }}
TNA_DOCKER_IMAGE_VERSION=${{ env.TAG }}
TNA_DOCKER_IMAGE_SOURCE=${{ github.server_url }}/${{ github.repository }}/blob/main/${{ inputs.docker-context }}/Dockerfile
USER_IMAGE=${{ inputs.user-image }}
push: true
tags: ${{ env.IMAGE_ID }}:${{ env.MINOR_VERSION }}
provenance: false
- name: Tag latest
if: startsWith(github.ref, 'refs/tags/')
uses: docker/build-push-action@v6
with:
context: ${{ inputs.docker-context }}
platforms: linux/amd64,linux/arm64
labels: |
runnumber=${{ github.run_id }}
build-args: |
BASE_IMAGE=${{ inputs.base-image }}
BASE_IMAGE_TAG=latest
TNA_DOCKER_IMAGE_VERSION=${{ env.TAG }}
TNA_DOCKER_IMAGE_SOURCE=${{ github.server_url }}/${{ github.repository }}/blob/main/${{ inputs.docker-context }}/Dockerfile
USER_IMAGE=${{ inputs.user-image }}
push: true
tags: ${{ env.IMAGE_ID }}:latest
provenance: false
- name: Scan for vulnerabilities
uses: aquasecurity/[email protected]
with:
image-ref: ${{ env.IMAGE_ID }}:${{ env.TAG }}
format: "sarif"
output: "trivy-results.sarif"
ignore-unfixed: true
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"
7 changes: 4 additions & 3 deletions .github/actions/test/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,19 +22,20 @@ runs:
with:
repository: ${{ inputs.application-repository }}
path: test
- name: TODO
- name: DEBUG
run: |
echo "inputs.application-repository: ${{ inputs.application-repository }}"
echo "inputs.image: ${{ inputs.image }}"
echo "inputs.image-tag: ${{ inputs.image-tag }}"
ls -alh
ls -alh test
shell: bash
- name: Update docker-compose.yml
- name: Start application
run: |
cd test
docker images
cat docker-compose.yml
yq '(.services.app.build.args.IMAGE|="${{ inputs.image }}")' docker-compose.yml > tmp.$$.yml && mv tmp.$$.yml docker-compose.yml
yq '(.services.app.build.args.IMAGE|="ghcr.io/${{ github.repository_owner }}/${{ inputs.image }}")' docker-compose.yml > tmp.$$.yml && mv tmp.$$.yml docker-compose.yml
yq '(.services.app.build.args.IMAGE_TAG|="${{ inputs.image-tag }}")' docker-compose.yml > tmp.$$.yml && mv tmp.$$.yml docker-compose.yml
cat docker-compose.yml
PORT=$(yq '(.services.app.ports)' docker-compose.yml | sed -e 's/^\- \(.*\)\:.*$/\1/')
Expand Down
Loading

0 comments on commit 4074993

Please sign in to comment.