This repository has been archived by the owner on Oct 18, 2024. It is now read-only.
Merge pull request #60 from MaziniiX/main #147
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker Compose Test Workflow | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
jobs: | |
compose-build-and-test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Cache Docker layers | |
uses: actions/cache@v2 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Build and start Docker Compose services | |
run: | | |
docker-compose -f Docker/docker-compose.yml up -d --build | |
env: | |
POSTGRES_DB: app | |
POSTGRES_USER: app | |
POSTGRES_PASSWORD: app | |
DJANGO_ENVIRONMENT: production | |
DJANGO_SUPERUSER_USERNAME: admin | |
DJANGO_SUPERUSER_EMAIL: [email protected] | |
DJANGO_SUPERUSER_PASSWORD: admin | |
NATS_USER: user | |
NATS_PASSWORD: password | |
DOMAIN: sae.local | |
- name: Extract image references and run Trivy scan | |
run: | | |
IMAGES=$(docker-compose -f Docker/docker-compose.yml config | grep 'image:' | awk '{print $2}') | |
for IMAGE in $IMAGES; do | |
echo "Scanning $IMAGE" | |
trivy image --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL --format table $IMAGE || true | |
done | |
- name: Add domain to /etc/hosts | |
run: | | |
echo "127.0.0.1 ${{ env.DOMAIN }}" | sudo tee -a /etc/hosts && \ | |
echo "127.0.0.1 api.${{ env.DOMAIN }}" | sudo tee -a /etc/hosts | |
env: | |
DOMAIN: sae.local | |
- name: Check website connection | |
run: | | |
echo "Pinging https://${{ env.DOMAIN }}" | |
curl -v -k --retry 5 --retry-delay 5 --retry-connrefused https://${{ env.DOMAIN }} | |
echo "Pinging https://api.${{ env.DOMAIN }}" | |
curl -v -k --retry 5 --retry-delay 5 --retry-connrefused https://api.${{ env.DOMAIN }} | |
env: | |
DOMAIN: sae.local | |
- name: Scan requirements for CVEs in Django API container | |
run: | | |
docker-compose -f Docker/docker-compose.yml exec -T django_api /bin/bash -c "pip install safety && safety check -r /app/requirements.txt --full-report" | |
- name: Scan requirements for CVEs in Django Frontend container | |
run: | | |
docker-compose -f Docker/docker-compose.yml exec -T django_frontend /bin/bash -c "pip install safety && safety check -r /app/requirements.txt --full-report" | |
- name: Cleanup | |
run: | | |
docker-compose -f Docker/docker-compose.yml down |