This repository has been archived by the owner on Mar 4, 2024. It is now read-only.
Build and push dev-latest image #455
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and push dev-latest image | |
on: | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: An image tag | |
required: false | |
push: | |
branches: | |
- main | |
env: | |
NODE_OPTIONS: "--max_old_space_size=4096" | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Configure git for private modules | |
env: | |
ROBOT_TOKEN: ${{ secrets.ROBOT_TOKEN }} | |
run: git config --global url."https://percona-platform-robot:${ROBOT_TOKEN}@github.com".insteadOf "https://github.com" | |
- name: Check out frontend repo | |
uses: actions/checkout@v4 | |
with: | |
repository: percona/percona-everest-frontend | |
ref: 'main' | |
path: percona-everest-frontend | |
token: ${{ secrets.ROBOT_TOKEN }} | |
- uses: pnpm/action-setup@v2 | |
with: | |
version: 8 | |
- name: Run with Node 16 | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'pnpm' | |
cache-dependency-path: percona-everest-frontend/pnpm-lock.yaml | |
- name: Build Everest Frontend app | |
run: | | |
cd percona-everest-frontend | |
pnpm install | |
EVEREST_OUT_DIR=build pnpm build | |
mkdir ${GITHUB_WORKSPACE}/front | |
cp -rvf ./build/* ${GITHUB_WORKSPACE}/front/ | |
- name: Check out Everest Backend | |
uses: actions/checkout@v4 | |
with: | |
path: ./backend | |
- name: Embed Everest Frontend app into backend | |
run: | | |
cp -rf ${GITHUB_WORKSPACE}/front/* ${GITHUB_WORKSPACE}/backend/public/dist/ | |
- uses: actions/setup-go@v4 | |
with: | |
go-version-file: './backend/go.mod' | |
- name: Build Everest | |
run: | | |
cd ${GITHUB_WORKSPACE}/backend | |
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 make build | |
- name: Set tag from inputs | |
run: echo "IMAGE_TAG=${{ github.event.inputs.tag }}" >> $GITHUB_ENV | |
if: ${{ github.event.inputs.tag != '' }} | |
- name: Set tag from inputs | |
run: echo "IMAGE_TAG=dev-latest" >> $GITHUB_ENV | |
if: ${{ github.event.inputs.tag == '' }} | |
- name: Setup docker build metadata | |
uses: docker/metadata-action@v5 | |
id: meta | |
with: | |
images: perconalab/everest | |
tags: ${{ env.IMAGE_TAG }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build and Push everest dev-latest image | |
uses: docker/build-push-action@v5 | |
with: | |
context: backend | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
scan: | |
runs-on: ubuntu-latest | |
needs: [build] | |
steps: | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/[email protected] | |
with: | |
image-ref: 'docker.io/perconalab/everest:dev-latest' | |
format: 'table' | |
exit-code: '1' | |
severity: 'CRITICAL,HIGH' |