-
Notifications
You must be signed in to change notification settings - Fork 44
107 lines (92 loc) · 3.66 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
name: Stellar Docker Image CI
on:
push:
branches:
- main
- develop
tags:
- "v*.*.*"
pull_request:
branches:
- main
- develop
env:
DOCKERHUB_REPO: ${{ vars.DOCKERHUB_REPO || 'medaziz11' }}
DOCKERHUB_IMAGE: ${{ vars.DOCKERHUB_IMAGE || 'uptimekuma_restapi' }}
CACHE_PATH: /tmp/.buildx-cache
jobs:
build-test-push:
runs-on: ubuntu-latest
steps:
# Check out the repository code
- name: Checkout code
uses: actions/checkout@v3
# Set up Docker Buildx for building images with BuildKit
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
# Cache Docker layers for faster builds
# - name: Cache Docker layers
# uses: actions/cache@v3
# with:
# path: ${{ env.CACHE_PATH }}
# key: ${{ runner.os }}-buildx-${{ github.ref }}-${{ hashFiles('**/Dockerfile') }}
# restore-keys: |
# ${{ runner.os }}-buildx-${{ github.ref }}-
# ${{ runner.os }}-buildx-
# Log in to Docker Hub using the provided secrets
- name: Login to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Set image tags
id: image_tags
run: |
REPO=${{ env.DOCKERHUB_REPO }}
IMAGE=${{ env.DOCKERHUB_IMAGE }}
BRANCH=$(echo ${GITHUB_REF#refs/heads/} | sed 's/\//-/g')
if [ "${{ github.event_name }}" == "pull_request" ]; then
PR_NUMBER=${{ github.event.number }}
TAGS="${REPO}/${IMAGE}:pr-${PR_NUMBER}"
elif [[ $GITHUB_REF == "refs/heads/main" ]]; then
TAGS="${REPO}/${IMAGE}:latest"
elif [[ $GITHUB_REF == "refs/heads/develop" ]]; then
TAGS="${REPO}/${IMAGE}:dev"
elif [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=$(echo ${GITHUB_REF#refs/tags/v} | sed 's/\//-/g')
TAGS="${REPO}/${IMAGE}:v${VERSION},${REPO}/${IMAGE}:latest"
else
echo "Error: Unexpected branch or tag"
exit 1
fi
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
# Build, test, and push the Docker image
- name: Build, Test, and Push Docker image
uses: docker/build-push-action@v4
with:
context: .
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.image_tags.outputs.tags }}
# cache-from: type=local,src=${{ env.CACHE_PATH }}
cache-to: type=local,dest=${{ env.CACHE_PATH }}
# FUTURE TESTS?
# # Test the built Docker image
# - name: Run container structure tests
# run: |
# docker run -v $(pwd)/test:/test -v /var/run/docker.sock:/var/run/docker.sock \
# gcr.io/gcp-runtimes/container-structure-test:v1.12.0 \
# test --image ${{ env.DOCKERHUB_REPO }}/${{ env.DOCKERHUB_IMAGE }}:${{ matrix.branch }}-${{ matrix.platform }} \
# --config /test/structure-test-config.yaml
# # Scan the built Docker image for security vulnerabilities
# - name: Scan Docker image for vulnerabilities
# run: |
# IMAGE_TAG=${{ matrix.branch }}-${{ env.PLATFORM_TAG }}
# docker pull ${{ env.DOCKERHUB_REPO }}/${{ env.DOCKERHUB_IMAGE }}:${IMAGE_TAG}
# docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
# aquasec/trivy:latest \
# --exit-code 1 \
# --severity CRITICAL,HIGH \
# --ignore-unfixed \
# ${{ env.DOCKERHUB_REPO }}