diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml deleted file mode 100644 index ce5a620b7..000000000 --- a/.github/workflows/image.yml +++ /dev/null @@ -1,218 +0,0 @@ -name: Check and Build Main - -on: - workflow_dispatch: - -permissions: - contents: write - pull-requests: write - packages: write - -jobs: - check-build: - environment: ${{ matrix.network }} - strategy: - fail-fast: false - matrix: - include: - - branch: main - network: prod-govtool - workdir: ./govtool/backend - name: govtool-backend - dockerfile: ./govtool/backend/Dockerfile.qovery - image: ghcr.io/${{ github.repository }}-govtool-backend - qovery_container_name: govtool-backend - - branch: main - network: prod-govtool - workdir: ./govtool/frontend - name: govtool-frontend - dockerfile: ./govtool/frontend/Dockerfile.qovery - image: ghcr.io/${{ github.repository }}-govtool-frontend - qovery_container_name: govtool-frontend - - branch: main - network: prod-govtool - workdir: ./govtool/metadata-validation - name: govtool-metadata-validation - dockerfile: ./govtool/metadata-validation/Dockerfile - image: ghcr.io/${{ github.repository }}-govtool-metadata-validation - qovery_container_name: govtool-metadata-validation - - branch: main - network: pre-prod-govtool - workdir: ./govtool/backend - name: govtool-backend - dockerfile: ./govtool/backend/Dockerfile.qovery - image: ghcr.io/${{ github.repository }}-govtool-backend - qovery_container_name: govtool-backend - - branch: main - network: pre-prod-govtool - workdir: ./govtool/frontend - name: govtool-frontend - dockerfile: ./govtool/frontend/Dockerfile.qovery - image: ghcr.io/${{ github.repository }}-govtool-frontend - qovery_container_name: govtool-frontend - - branch: main - network: pre-prod-govtool - workdir: ./govtool/metadata-validation - name: govtool-metadata-validation - dockerfile: ./govtool/metadata-validation/Dockerfile - image: ghcr.io/${{ github.repository }}-govtool-metadata-validation - qovery_container_name: govtool-metadata-validation - - branch: main - network: preview-govtool - workdir: ./govtool/backend - name: govtool-backend - dockerfile: ./govtool/backend/Dockerfile.qovery - image: ghcr.io/${{ github.repository }}-govtool-backend - qovery_container_name: govtool-backend - - branch: main - network: preview-govtool - workdir: ./govtool/frontend - name: govtool-frontend - dockerfile: ./govtool/frontend/Dockerfile.qovery - image: ghcr.io/${{ github.repository }}-govtool-frontend - qovery_container_name: govtool-frontend - - branch: main - network: preview-govtool - workdir: ./govtool/metadata-validation - name: govtool-metadata-validation - dockerfile: ./govtool/metadata-validation/Dockerfile - image: ghcr.io/${{ github.repository }}-govtool-metadata-validation - qovery_container_name: govtool-metadata-validation - - - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Set TAG Environment Variable - id: set_tag - run: | - if [ "${{ github.ref_name }}" = "main" ]; then - echo "TAG=${{ github.sha }}-${NETWORK}" >> $GITHUB_ENV - else - echo "TAG=${{ github.ref_name }}-${{ github.sha }}-${NETWORK}" >> $GITHUB_ENV - fi - - - name: Lint Dockerfile - id: hadolint - uses: hadolint/hadolint-action@v3.1.0 - with: - failure-threshold: error - format: json - dockerfile: ${{ matrix.dockerfile }} - # output-file: hadolint_output.json - - - name: Save Hadolint output - id: save_hadolint_output - if: always() - run: cd ${{ matrix.workdir }} && echo "$HADOLINT_RESULTS" | jq '.' > hadolint_output.json - - - name: Print Dockerfile lint output - run: | - cd ${{ matrix.workdir }} - echo "-----HADOLINT RESULT-----" - echo "Outcome: ${{ steps.hadolint.outcome }}" - echo "-----DETAILS--------" - cat hadolint_output.json - echo "--------------------" - - - name: Code lint - id: code_lint - run: | - cd ${{ matrix.workdir }} - if [ ! -f lint.sh ]; then - echo "lint skipped" | tee code_lint_output.txt - exit 0 - fi - set -o pipefail - sudo chmod +x lint.sh && ./lint.sh 2>&1 | tee code_lint_output.txt - - - name: Unit tests - id: unit_tests - run: | - cd ${{ matrix.workdir }} - if [ ! -f unit-test.sh ]; then - echo "unit tests skipped" | tee code_lint_output.txt - exit 0 - fi - set -o pipefail - sudo chmod +x unit-test.sh && ./unit-test.sh 2>&1 | tee unit_test_output.txt - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - id: image_lowercase - uses: ASzc/change-string-case-action@v6 - with: - string: ${{ matrix.image }} - - - name: Build Docker image - uses: docker/build-push-action@v5 - with: - context: ${{ matrix.workdir }} - file: ${{ matrix.dockerfile }} - tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} - load: false - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar - build-args: | - VITE_APP_ENV=${{ secrets.VITE_APP_ENV }} - VITE_BASE_URL=${{ secrets.VITE_BASE_URL }} - VITE_METADATA_API_URL=${{ secrets.VITE_METADATA_API_URL }} - VITE_GTM_ID=${{ secrets.VITE_GTM_ID }} - VITE_NETWORK_FLAG=${{ secrets.VITE_NETWORK_FLAG }} - VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }} - NPMRC_TOKEN=${{ secrets.NPMRC_TOKEN }} - VITE_USERSNAP_SPACE_API_KEY=${{ secrets.VITE_USERSNAP_SPACE_API_KEY }} - VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED=${{ secrets.VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED }} - VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED=${{ secrets.VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED }} - VITE_OUTCOMES_API_URL=${{secrets.VITE_OUTCOMES_API_URL}} - VITE_PDF_API_URL=${{ secrets.VITE_PDF_API_URL }} - VITE_IPFS_GATEWAY=${{ secrets.IPFS_GATEWAY }} - VITE_IPFS_PROJECT_ID=${{ secrets.IPFS_PROJECT_ID }} - IPFS_GATEWAY=${{ secrets.IPFS_GATEWAY }} - IPFS_PROJECT_ID=${{ secrets.IPFS_PROJECT_ID }} - - - name: Login to GHCR - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Scan Docker image with Dockle - id: dockle - run: | - wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz - tar zxf dockle_0.4.14_Linux-64bit.tar.gz - sudo mv dockle /usr/local/bin - - dockle --exit-code 1 --exit-level fatal --format json -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --input '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json - echo " dockle exited w/ $?" - cat ${{ matrix.workdir }}/dockle_scan_output.json - - echo "outcome=success" >> $GITHUB_OUTPUT - - - name: Push Docker image to GHCR - run: | - docker load -i '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' - rm -rf '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' - docker push ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} - - - name: Add tag as a PR comment - uses: ubie-oss/comment-to-merged-pr-action@v0.3.3 - id: comment-to-merged-pr - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - message: |- - This PR is in the tag: ${{ env.TAG }} , for ${{ matrix.name }} service