Skip to content

Commit

Permalink
refactor ci
Browse files Browse the repository at this point in the history
  • Loading branch information
Baja-KS committed Aug 27, 2024
1 parent 5e6a2b5 commit 48b129d
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 11 deletions.
21 changes: 16 additions & 5 deletions .github/workflows/merge.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ env:
jobs:
check-build-deploy:
strategy:
fail-fast: false
matrix:
include:
- workdir: ./backend
Expand Down Expand Up @@ -109,9 +110,10 @@ jobs:
context: ${{ matrix.workdir }}
file: ${{ matrix.dockerfile }}
tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
load: true
load: false
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar

- name: Login to GHCR
uses: docker/login-action@v2
Expand All @@ -123,20 +125,29 @@ jobs:
- name: Scan Docker image with Dockle
id: dockle
run: |
wget https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
tar zxvf dockle_0.4.14_Linux-64bit.tar.gz
wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
tar zxf dockle_0.4.14_Linux-64bit.tar.gz
sudo mv dockle /usr/local/bin
dockle --exit-level fatal --format json --output ${{ matrix.workdir }}/dockle_scan_output.json ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
echo " dockle exited w/ $?"
dockle --exit-code 1 --exit-level fatal --format json --input '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json
cat ${{ matrix.workdir }}/dockle_scan_output.json
echo "outcome=success" >> $GITHUB_OUTPUT
- name: Push Docker image to GHCR
run: |
docker load -i '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
rm -rf '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
docker push ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
- name: Add tag as a PR comment
uses: ubie-oss/[email protected]
id: comment-to-merged-pr
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
message: |-
This PR is in the tag: ${{ env.TAG }} , for ${{ matrix.name }} service
- name: Deploy with Qovery
if: github.ref == 'refs/heads/dev'
env:
Expand Down
12 changes: 7 additions & 5 deletions .github/workflows/pr.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ permissions:
jobs:
static-checks:
strategy:
fail-fast: false
matrix:
include:
- workdir: ./backend
Expand Down Expand Up @@ -96,19 +97,20 @@ jobs:
context: ${{ matrix.workdir }}
file: ${{ matrix.dockerfile }}
tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ github.sha }}
load: true
load: false
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar

- name: Scan Docker image with Dockle
id: dockle
run: |
wget https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
tar zxvf dockle_0.4.14_Linux-64bit.tar.gz
wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
tar zxf dockle_0.4.14_Linux-64bit.tar.gz
sudo mv dockle /usr/local/bin
dockle --exit-level fatal --format json --output ${{ matrix.workdir }}/dockle_scan_output.json ${{ steps.image_lowercase.outputs.lowercase }}:${{ github.sha }}
echo " dockle exited w/ $?"
dockle --exit-code 1 --exit-level fatal --format json --input '/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json
rm -rf '/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar'
cat ${{ matrix.workdir }}/dockle_scan_output.json
echo "outcome=success" >> $GITHUB_OUTPUT
Expand Down
2 changes: 1 addition & 1 deletion backend/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# path: ./Dockerfile
FROM node:alpine
RUN apk update && apk add build-base gcc autoconf automake zlib-dev libpng-dev nasm bash vips-dev
RUN apk update && apk add --no-cache build-base gcc autoconf automake zlib-dev libpng-dev nasm bash vips-dev
ARG NODE_ENV=development
ENV NODE_ENV=${NODE_ENV}
WORKDIR /opt/
Expand Down

0 comments on commit 48b129d

Please sign in to comment.