Skip to content
Check,Build,Deploy

Merge pull request #89 from IntersectMBO/ci #1

Sign in to view logs

Merge pull request #89 from IntersectMBO/ci

Merge pull request #89 from IntersectMBO/ci #1

Workflow file for this run

.github/workflows/merge.yaml at 7a4d19d
name: Check,Build,Deploy
on:
push:
branches:
- dev
- qa
- pre-prod
- main
permissions:
contents: write
pull-requests: write
packages: write
env:
ENVIRONMENT: ${{ github.ref_name == 'main' && 'production' || 'pre-prod' || 'qa' || 'dev' }}
PROJECT: ""
ORGANIZATION: ""
jobs:
check-build-deploy:
strategy:
matrix:
include:
- workdir: ./backend
name: backend
dockerfile: ./backend/Dockerfile
image: ghcr.io/${{ github.repository }}-backend
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Lint Dockerfile
id: hadolint
uses: hadolint/[email protected]
with:
failure-threshold: error
format: json
dockerfile: ${{ matrix.dockerfile }}
# output-file: hadolint_output.json
- name: Save Hadolint output
id: save_hadolint_output
if: always()
run: cd ${{ matrix.workdir }} && echo "$HADOLINT_RESULTS" | jq '.' > hadolint_output.json
- name: Print Dockerfile lint output
run: |
echo "-----HADOLINT RESULT-----"
echo "Outcome: ${{ steps.hadolint.outcome }}"
echo "-----DETAILS--------"
cat hadolint_output.json
echo "--------------------"
- name: Code lint
id: code_lint
run: |
cd ${{ matrix.workdir }}
npm i
set -o pipefail
# npm run lint 2>&1 | tee code_lint_output.txt
echo "no lint for now, skip" | tee code_lint_output.txt
- name: Unit tests
id: unit_tests
run: |
cd ${{ matrix.workdir }}
npm i
set -o pipefail
# npm run test 2>&1 | tee unit_test_output.txt
echo "no tests for now, skip" | tee unit_test_output.txt
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- id: image_lowercase
uses: ASzc/change-string-case-action@v6
with:
string: ${{ matrix.image }}
- name: Build Docker image
uses: docker/build-push-action@v5
with:
context: ${{ matrix.workdir }}
file: ${{ matrix.dockerfile }}
tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ github.sha }}
load: true
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Scan Docker image with Dockle
id: dockle
run: |
wget https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
tar zxvf dockle_0.4.14_Linux-64bit.tar.gz
sudo mv dockle /usr/local/bin
dockle --exit-level fatal --format json --output ${{ matrix.workdir }}/dockle_scan_output.json ${{ steps.image_lowercase.outputs.lowercase }}:${{ github.sha }}
echo " dockle exited w/ $?"
cat ${{ matrix.workdir }}/dockle_scan_output.json
echo "outcome=success" >> $GITHUB_OUTPUT
- name: Push Docker image to GHCR
run: |
docker push ${{ steps.image_lowercase.outputs.lowercase }}:${{ github.sha }}
- name: Deploy with Qovery
env:
QOVERY_CLI_ACCESS_TOKEN: "" #{{secrets.QOVERY_CLI_ACCESS_TOKEN }}
run: |
echo "Deploying on $ENVIRONMENT"
# Download and install Qovery CLI
curl -s https://get.qovery.com | bash
qovery container deploy \
--organization ${{ env.ORGANIZATION }} \
--project ${{ env.PROJECT }} \
--environment ${{ env.ENVIRONMENT }} \
--container ${{ steps.image_lowercase.outputs.lowercase }} \
--tag ${{ github.sha }} \
--watch