Skip to content

Commit 1623e45

Browse files
aaboyle878kneerose
aaboyle878
authored and
kneerose
committed
rebase branch with the addition of workflow file
1 parent 74c6824 commit 1623e45

File tree

1 file changed

+205
-0
lines changed

1 file changed

+205
-0
lines changed

.github/workflows/build-from-test.yml

Lines changed: 205 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,205 @@
1+
name: Check and Build QA
2+
3+
on:
4+
push:
5+
branches:
6+
- test
7+
workflow_dispatch:
8+
9+
permissions:
10+
contents: write
11+
pull-requests: write
12+
packages: write
13+
14+
jobs:
15+
check-build:
16+
if: contains(fromJson('["test"]'), github.ref_name)
17+
environment: ${{ matrix.network }}
18+
strategy:
19+
fail-fast: false
20+
matrix:
21+
include:
22+
- branch: test
23+
network: qa-govtool
24+
workdir: ./govtool/backend
25+
name: govtool-backend
26+
dockerfile: ./govtool/backend/Dockerfile.qovery
27+
image: ghcr.io/${{ github.repository }}-backend
28+
qovery_container_name: govtool-backend
29+
- branch: test
30+
network: qa-govtool
31+
workdir: ./govtool/frontend
32+
name: govtool-frontend
33+
dockerfile: ./govtool/frontend/Dockerfile.qovery
34+
image: ghcr.io/${{ github.repository }}-frontend
35+
qovery_container_name: govtool-frontend
36+
- branch: test
37+
network: qa-govtool
38+
workdir: ./govtool/metadata-validation
39+
name: govtool-metadata-validation
40+
dockerfile: ./govtool/metadata-validation/Dockerfile
41+
image: ghcr.io/${{ github.repository }}-metadata-validation
42+
qovery_container_name: govtool-metadata-validation
43+
44+
runs-on: ubuntu-latest
45+
steps:
46+
- name: Checkout code
47+
uses: actions/checkout@v3
48+
49+
- name: Ensure Job Runs Only for Matching Branch
50+
if: github.ref_name != matrix.branch
51+
run: |
52+
echo "Branch mismatch, exiting..."
53+
exit 0
54+
55+
- name: Set TAG Environment Variable
56+
id: set_tag
57+
run: |
58+
SANITIZED_BRANCH=$(echo "${{ github.ref_name }}" | tr '/' '-')
59+
echo "COMMIT_TAG=${SANITIZED_BRANCH}-${{ github.sha }}-${{ github.run_number }}" >> $GITHUB_ENV
60+
echo "STATIC_TAG=qa-latest" >> $GITHUB_ENV
61+
echo "Generated TAG: $COMMIT_TAG"
62+
echo "Generated STATIC_TAG: $STATIC_TAG"
63+
64+
65+
- name: Lint Dockerfile
66+
id: hadolint
67+
uses: hadolint/[email protected]
68+
with:
69+
failure-threshold: error
70+
format: json
71+
dockerfile: ${{ matrix.dockerfile }}
72+
# output-file: hadolint_output.json
73+
74+
- name: Save Hadolint output
75+
id: save_hadolint_output
76+
if: always()
77+
run: cd ${{ matrix.workdir }} && echo "$HADOLINT_RESULTS" | jq '.' > hadolint_output.json
78+
79+
- name: Print Dockerfile lint output
80+
run: |
81+
cd ${{ matrix.workdir }}
82+
echo "-----HADOLINT RESULT-----"
83+
echo "Outcome: ${{ steps.hadolint.outcome }}"
84+
echo "-----DETAILS--------"
85+
cat hadolint_output.json
86+
echo "--------------------"
87+
88+
- name: Code lint
89+
id: code_lint
90+
run: |
91+
cd ${{ matrix.workdir }}
92+
if [ ! -f lint.sh ]; then
93+
echo "lint skipped" | tee code_lint_output.txt
94+
exit 0
95+
fi
96+
set -o pipefail
97+
sudo chmod +x lint.sh && ./lint.sh 2>&1 | tee code_lint_output.txt
98+
99+
- name: Unit tests
100+
id: unit_tests
101+
run: |
102+
cd ${{ matrix.workdir }}
103+
if [ ! -f unit-test.sh ]; then
104+
echo "unit tests skipped" | tee code_lint_output.txt
105+
exit 0
106+
fi
107+
set -o pipefail
108+
sudo chmod +x unit-test.sh && ./unit-test.sh 2>&1 | tee unit_test_output.txt
109+
110+
- name: Set up Docker Buildx
111+
uses: docker/setup-buildx-action@v2
112+
113+
- name: Cache Docker layers
114+
uses: actions/cache@v3
115+
with:
116+
path: /tmp/.buildx-cache
117+
key: ${{ runner.os }}-buildx-${{ github.sha }}-${{ github.run_number}}
118+
restore-keys: |
119+
${{ runner.os }}-buildx-
120+
121+
- id: image_lowercase
122+
uses: ASzc/change-string-case-action@v6
123+
with:
124+
string: ${{ matrix.image }}
125+
126+
- name: Set ENVIRONMENT Variable
127+
run: echo "ENVIRONMENT=${{ matrix.network }}" >> $GITHUB_ENV
128+
129+
- name: Sanitize Network Name
130+
run: |
131+
CLEAN_NETWORK=$(echo "${{ matrix.network }}" | sed 's/-govtool$//')
132+
echo "CLEAN_NETWORK=$CLEAN_NETWORK" >> $GITHUB_ENV
133+
134+
- name: Build Docker image
135+
uses: docker/build-push-action@v5
136+
with:
137+
context: ${{ matrix.workdir }}
138+
file: ${{ matrix.dockerfile }}
139+
tags: >
140+
${{ steps.image_lowercase.outputs.lowercase }}-${{ env.CLEAN_NETWORK }}:${{ env.COMMIT_TAG }},
141+
${{ steps.image_lowercase.outputs.lowercase }}-${{ env.CLEAN_NETWORK }}:${{ env.STATIC_TAG }}
142+
load: false
143+
cache-from: type=local,src=/tmp/.buildx-cache
144+
cache-to: type=local,dest=/tmp/.buildx-cache
145+
outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar
146+
build-args: |
147+
VITE_APP_ENV=${{ secrets.VITE_APP_ENV }}
148+
VITE_BASE_URL=${{ secrets.VITE_BASE_URL }}
149+
VITE_METADATA_API_URL=${{ secrets.VITE_METADATA_API_URL }}
150+
VITE_GTM_ID=${{ secrets.VITE_GTM_ID }}
151+
VITE_NETWORK_FLAG=${{ secrets.VITE_NETWORK_FLAG }}
152+
VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }}
153+
NPMRC_TOKEN=${{ secrets.NPMRC_TOKEN }}
154+
VITE_USERSNAP_SPACE_API_KEY=${{ secrets.VITE_USERSNAP_SPACE_API_KEY }}
155+
VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED=${{ secrets.VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED }}
156+
VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED=${{ secrets.VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED }}
157+
VITE_OUTCOMES_API_URL=${{secrets.VITE_OUTCOMES_API_URL}}
158+
VITE_PDF_API_URL=${{ secrets.VITE_PDF_API_URL }}
159+
VITE_IPFS_GATEWAY=${{ secrets.IPFS_GATEWAY }}
160+
VITE_IPFS_PROJECT_ID=${{ secrets.IPFS_PROJECT_ID }}
161+
IPFS_GATEWAY=${{ secrets.IPFS_GATEWAY }}
162+
IPFS_PROJECT_ID=${{ secrets.IPFS_PROJECT_ID }}
163+
164+
- name: Login to GHCR
165+
uses: docker/login-action@v2
166+
with:
167+
registry: ghcr.io
168+
username: ${{ github.actor }}
169+
password: ${{ secrets.GITHUB_TOKEN }}
170+
171+
- name: Scan Docker image with Dockle
172+
id: dockle
173+
run: |
174+
wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
175+
tar zxf dockle_0.4.14_Linux-64bit.tar.gz
176+
sudo mv dockle /usr/local/bin
177+
178+
dockle --exit-code 1 --exit-level fatal --format json -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --input '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json
179+
echo " dockle exited w/ $?"
180+
cat ${{ matrix.workdir }}/dockle_scan_output.json
181+
182+
echo "outcome=success" >> $GITHUB_OUTPUT
183+
184+
- name: Debug TAG Before Docker Push
185+
run: |
186+
echo "Lowercase Image: ${{ steps.image_lowercase.outputs.lowercase }}"
187+
echo "Network: ${{ matrix.network }}"
188+
echo "COMMIT_TAG: ${{ env.COMMIT_TAG }}"
189+
echo "STATIC_TAG: ${{ env.STATIC_TAG }}"
190+
echo "Final Docker Tag: ${{ steps.image_lowercase.outputs.lowercase }}-${{ matrix.network}}:${{ env.TAG }}"
191+
192+
- name: Push Docker image to GHCR
193+
run: |
194+
docker load -i '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
195+
rm -rf '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
196+
docker push ${{ steps.image_lowercase.outputs.lowercase }}-${{ env.CLEAN_NETWORK}}:${{ env.COMMIT_TAG }}
197+
docker push ${{ steps.image_lowercase.outputs.lowercase }}-${{ env.CLEAN_NETWORK}}:${{ env.STATIC_TAG }}
198+
199+
- name: Add tag as a PR comment
200+
uses: ubie-oss/[email protected]
201+
id: comment-to-merged-pr
202+
with:
203+
github-token: ${{ secrets.GITHUB_TOKEN }}
204+
message: |-
205+
This PR is in the tag: ${{ env.COMMIT_TAG }} , for ${{ matrix.name }} service

0 commit comments

Comments
 (0)