This repository has been archived by the owner on Mar 4, 2024. It is now read-only.
Build and push dev-latest image #308
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and push dev-latest image | |
on: | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: An image tag | |
required: false | |
push: | |
branches: | |
- main | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Configure git for private modules | |
env: | |
ROBOT_TOKEN: ${{ secrets.ROBOT_TOKEN }} | |
run: git config --global url."https://percona-platform-robot:${ROBOT_TOKEN}@github.com".insteadOf "https://github.com" | |
- name: Check out frontend repo | |
uses: actions/checkout@v4 | |
with: | |
repository: percona/percona-everest-frontend | |
ref: 'main' | |
path: percona-everest-frontend | |
token: ${{ secrets.ROBOT_TOKEN }} | |
- name: Run with Node 16 | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: Install Bit Version Manager | |
run: npm i -g @teambit/bvm | |
- name: Install latest Bit version | |
run: bvm install 0.2.3 | |
- name: Add bvm bin folder to path | |
run: echo "$HOME/bin" >> $GITHUB_PATH | |
- name: Set up bit config | |
env: | |
BIT_TOKEN: ${{ secrets.BIT_TOKEN }} | |
run: bit config set user.token $BIT_TOKEN | |
- name: Build Everest Frontend app | |
run: | | |
cd ${GITHUB_WORKSPACE}/percona-everest-frontend | |
bit install --recurring-install | |
bit snap | |
bit artifacts percona.apps/everest --out-dir build | |
mkdir ${GITHUB_WORKSPACE}/front | |
cp -rf build/percona.apps_everest/react-common-js/everest/public/* ${GITHUB_WORKSPACE}/front/ | |
- name: Check out Everest Backend | |
uses: actions/checkout@v4 | |
with: | |
path: ./backend | |
- name: Embed Everest Frontend app into backend | |
run: | | |
cp -rf ${GITHUB_WORKSPACE}/front/* ${GITHUB_WORKSPACE}/backend/public/dist/ | |
cd ${GITHUB_WORKSPACE}/backend | |
- name: Set tag from inputs | |
run: echo "IMAGE_TAG=${{ github.event.inputs.tag }}" >> $GITHUB_ENV | |
if: ${{ github.event.inputs.tag != '' }} | |
- name: Set tag from inputs | |
run: echo "IMAGE_TAG=dev-latest" >> $GITHUB_ENV | |
if: ${{ github.event.inputs.tag == '' }} | |
- name: Setup docker build metadata | |
uses: docker/metadata-action@v5 | |
id: meta | |
with: | |
images: perconalab/everest | |
tags: ${{ env.IMAGE_TAG }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build and Push everest dev-latest image | |
uses: docker/build-push-action@v5 | |
with: | |
context: backend | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
scan: | |
runs-on: ubuntu-latest | |
needs: [build] | |
steps: | |
- name: Install Trivy | |
run: | | |
wget https://github.com/aquasecurity/trivy/releases/download/v0.41.0/trivy_0.41.0_Linux-64bit.deb | |
sudo dpkg -i trivy_0.41.0_Linux-64bit.deb | |
- name: Run Trivy vulnerability scanner on dev-latest | |
run: | | |
trivy image --exit-code 1 --severity HIGH,CRITICAL --no-progress perconalab/everest:dev-latest |