Skip to content
This repository has been archived by the owner on Oct 18, 2024. It is now read-only.
Docker Compose Test Workflow

docstring #161

Sign in to view logs

docstring

docstring #161

Workflow file for this run

.github/workflows/sae.yml at 2627559
name: Docker Compose Test Workflow
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
compose-build-and-test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and start Docker Compose services
run: |
docker-compose -f Docker/docker-compose.yml up -d --build
env:
POSTGRES_DB: app
POSTGRES_USER: app
POSTGRES_PASSWORD: app
DJANGO_ENVIRONMENT: production
DJANGO_SUPERUSER_USERNAME: admin
DJANGO_SUPERUSER_EMAIL: [email protected]
DJANGO_SUPERUSER_PASSWORD: admin
NATS_USER: user
NATS_PASSWORD: password
DOMAIN: sae.local
- name: Extract image references and run Trivy scan
run: |
IMAGES=$(docker-compose -f Docker/docker-compose.yml config | grep 'image:' | awk '{print $2}')
for IMAGE in $IMAGES; do
echo "Scanning $IMAGE"
trivy image --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL --format table $IMAGE || true
done
- name: Add domain to /etc/hosts
run: |
echo "127.0.0.1 ${{ env.DOMAIN }}" | sudo tee -a /etc/hosts && \
echo "127.0.0.1 api.${{ env.DOMAIN }}" | sudo tee -a /etc/hosts
env:
DOMAIN: sae.local
- name: Check website connection
run: |
echo "Pinging https://${{ env.DOMAIN }}"
curl -v -k --retry 5 --retry-delay 5 --retry-connrefused https://${{ env.DOMAIN }}
echo "Pinging https://api.${{ env.DOMAIN }}"
curl -v -k --retry 5 --retry-delay 5 --retry-connrefused https://api.${{ env.DOMAIN }}
env:
DOMAIN: sae.local
- name: Scan requirements for CVEs in Django API container
run: |
docker-compose -f Docker/docker-compose.yml exec -T django_api /bin/bash -c "pip install safety && safety check -r /app/requirements.txt --full-report"
- name: Scan requirements for CVEs in Django Frontend container
run: |
docker-compose -f Docker/docker-compose.yml exec -T django_frontend /bin/bash -c "pip install safety && safety check -r /app/requirements.txt --full-report"
- name: Cleanup
run: |
docker-compose -f Docker/docker-compose.yml down