Skip to content
This repository has been archived by the owner on Mar 4, 2024. It is now read-only.

Build and push dev-latest image #308

Build and push dev-latest image

Build and push dev-latest image #308

Workflow file for this run

name: Build and push dev-latest image
on:
workflow_dispatch:
inputs:
tag:
description: An image tag
required: false
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Configure git for private modules
env:
ROBOT_TOKEN: ${{ secrets.ROBOT_TOKEN }}
run: git config --global url."https://percona-platform-robot:${ROBOT_TOKEN}@github.com".insteadOf "https://github.com"
- name: Check out frontend repo
uses: actions/checkout@v4
with:
repository: percona/percona-everest-frontend
ref: 'main'
path: percona-everest-frontend
token: ${{ secrets.ROBOT_TOKEN }}
- name: Run with Node 16
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
- name: Install Bit Version Manager
run: npm i -g @teambit/bvm
- name: Install latest Bit version
run: bvm install 0.2.3
- name: Add bvm bin folder to path
run: echo "$HOME/bin" >> $GITHUB_PATH
- name: Set up bit config
env:
BIT_TOKEN: ${{ secrets.BIT_TOKEN }}
run: bit config set user.token $BIT_TOKEN
- name: Build Everest Frontend app
run: |
cd ${GITHUB_WORKSPACE}/percona-everest-frontend
bit install --recurring-install
bit snap
bit artifacts percona.apps/everest --out-dir build
mkdir ${GITHUB_WORKSPACE}/front
cp -rf build/percona.apps_everest/react-common-js/everest/public/* ${GITHUB_WORKSPACE}/front/
- name: Check out Everest Backend
uses: actions/checkout@v4
with:
path: ./backend
- name: Embed Everest Frontend app into backend
run: |
cp -rf ${GITHUB_WORKSPACE}/front/* ${GITHUB_WORKSPACE}/backend/public/dist/
cd ${GITHUB_WORKSPACE}/backend
- name: Set tag from inputs
run: echo "IMAGE_TAG=${{ github.event.inputs.tag }}" >> $GITHUB_ENV
if: ${{ github.event.inputs.tag != '' }}
- name: Set tag from inputs
run: echo "IMAGE_TAG=dev-latest" >> $GITHUB_ENV
if: ${{ github.event.inputs.tag == '' }}
- name: Setup docker build metadata
uses: docker/metadata-action@v5
id: meta
with:
images: perconalab/everest
tags: ${{ env.IMAGE_TAG }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and Push everest dev-latest image
uses: docker/build-push-action@v5
with:
context: backend
push: true
tags: ${{ steps.meta.outputs.tags }}
scan:
runs-on: ubuntu-latest
needs: [build]
steps:
- name: Install Trivy
run: |
wget https://github.com/aquasecurity/trivy/releases/download/v0.41.0/trivy_0.41.0_Linux-64bit.deb
sudo dpkg -i trivy_0.41.0_Linux-64bit.deb
- name: Run Trivy vulnerability scanner on dev-latest
run: |
trivy image --exit-code 1 --severity HIGH,CRITICAL --no-progress perconalab/everest:dev-latest