|
1 | | -name: Docker Image CI |
| 1 | +name: Stellar Docker Image CI |
2 | 2 |
|
3 | 3 | on: |
4 | 4 | push: |
5 | | - branches: [ "main" ] |
| 5 | + branches: |
| 6 | + - main |
| 7 | + - develop |
| 8 | + tags: |
| 9 | + - "v*.*.*" |
| 10 | + |
6 | 11 | pull_request: |
7 | | - branches: [ "main" ] |
| 12 | + branches: |
| 13 | + - main |
| 14 | + - develop |
| 15 | + |
| 16 | +env: |
| 17 | + DOCKERHUB_REPO: ${{ vars.DOCKERHUB_REPO || 'medaziz11' }} |
| 18 | + DOCKERHUB_IMAGE: ${{ vars.DOCKERHUB_IMAGE || 'uptimekuma_restapi' }} |
| 19 | + CACHE_PATH: /tmp/.buildx-cache |
8 | 20 |
|
9 | 21 | jobs: |
| 22 | + build-test-push: |
| 23 | + runs-on: ubuntu-latest |
| 24 | + steps: |
| 25 | + # Check out the repository code |
| 26 | + - name: Checkout code |
| 27 | + uses: actions/checkout@v3 |
10 | 28 |
|
11 | | - build-and-push: |
| 29 | + # Set up Docker Buildx for building images with BuildKit |
| 30 | + - name: Set up Docker Buildx |
| 31 | + uses: docker/setup-buildx-action@v1 |
12 | 32 |
|
13 | | - runs-on: ubuntu-latest |
| 33 | + # Cache Docker layers for faster builds |
| 34 | + - name: Cache Docker layers |
| 35 | + uses: actions/cache@v2 |
| 36 | + with: |
| 37 | + path: ${{ env.CACHE_PATH }} |
| 38 | + key: ${{ runner.os }}-buildx-${{ github.ref }}-${{ hashFiles('**/Dockerfile') }} |
| 39 | + restore-keys: | |
| 40 | + ${{ runner.os }}-buildx-${{ github.ref }}- |
| 41 | + ${{ runner.os }}-buildx- |
| 42 | +
|
| 43 | + # Log in to Docker Hub using the provided secrets |
| 44 | + - name: Login to Docker Hub |
| 45 | + if: github.event_name != 'pull_request' |
| 46 | + uses: docker/login-action@v1 |
| 47 | + with: |
| 48 | + username: ${{ secrets.DOCKER_USERNAME }} |
| 49 | + password: ${{ secrets.DOCKER_PASSWORD }} |
| 50 | + |
| 51 | + - name: Set image tags |
| 52 | + id: image_tags |
| 53 | + run: | |
| 54 | + REPO=${{ env.DOCKERHUB_REPO }} |
| 55 | + IMAGE=${{ env.DOCKERHUB_IMAGE }} |
| 56 | + BRANCH=$(echo ${GITHUB_REF#refs/heads/} | sed 's/\//-/g') |
| 57 | +
|
| 58 | + if [ "${{ github.event_name }}" == "pull_request" ]; then |
| 59 | + PR_NUMBER=${{ github.event.number }} |
| 60 | + TAGS="${REPO}/${IMAGE}:pr-${PR_NUMBER}" |
| 61 | + elif [[ $GITHUB_REF == "refs/heads/main" ]]; then |
| 62 | + TAGS="${REPO}/${IMAGE}:latest" |
| 63 | + elif [[ $GITHUB_REF == "refs/heads/develop" ]]; then |
| 64 | + TAGS="${REPO}/${IMAGE}:dev" |
| 65 | + elif [[ $GITHUB_REF == refs/tags/* ]]; then |
| 66 | + VERSION=$(echo ${GITHUB_REF#refs/tags/v} | sed 's/\//-/g') |
| 67 | + TAGS="${REPO}/${IMAGE}:v${VERSION},${REPO}/${IMAGE}:latest" |
| 68 | + else |
| 69 | + echo "Error: Unexpected branch or tag" |
| 70 | + exit 1 |
| 71 | + fi |
| 72 | +
|
| 73 | + echo "::set-output name=tags::${TAGS}" |
| 74 | +
|
| 75 | + # Build, test, and push the Docker image |
| 76 | + - name: Build, Test, and Push Docker image |
| 77 | + uses: docker/build-push-action@v2 |
| 78 | + with: |
| 79 | + context: . |
| 80 | + platforms: linux/amd64,linux/arm64 |
| 81 | + push: ${{ github.event_name != 'pull_request' }} |
| 82 | + tags: ${{ steps.image_tags.outputs.tags }} |
| 83 | + cache-from: type=local,src=${{ env.CACHE_PATH }} |
| 84 | + cache-to: type=local,dest=${{ env.CACHE_PATH }} |
| 85 | + |
| 86 | + # FUTURE TESTS? |
| 87 | + # # Test the built Docker image |
| 88 | + # - name: Run container structure tests |
| 89 | + # run: | |
| 90 | + # docker run -v $(pwd)/test:/test -v /var/run/docker.sock:/var/run/docker.sock \ |
| 91 | + # gcr.io/gcp-runtimes/container-structure-test:v1.12.0 \ |
| 92 | + # test --image ${{ env.DOCKERHUB_REPO }}/${{ env.DOCKERHUB_IMAGE }}:${{ matrix.branch }}-${{ matrix.platform }} \ |
| 93 | + # --config /test/structure-test-config.yaml |
| 94 | + |
| 95 | + # # Scan the built Docker image for security vulnerabilities |
| 96 | + # - name: Scan Docker image for vulnerabilities |
| 97 | + # run: | |
| 98 | + # IMAGE_TAG=${{ matrix.branch }}-${{ env.PLATFORM_TAG }} |
| 99 | + # docker pull ${{ env.DOCKERHUB_REPO }}/${{ env.DOCKERHUB_IMAGE }}:${IMAGE_TAG} |
| 100 | + # docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \ |
| 101 | + # aquasec/trivy:latest \ |
| 102 | + # --exit-code 1 \ |
| 103 | + # --severity CRITICAL,HIGH \ |
| 104 | + # --ignore-unfixed \ |
| 105 | + # ${{ env.DOCKERHUB_REPO }} |
14 | 106 |
|
15 | | - steps: |
16 | | - - uses: actions/checkout@v3 |
17 | | - |
18 | | - - name: Build and Push the Docker image |
19 | | - uses: mr-smithers-excellent/docker-build-push@v6 |
20 | | - with: |
21 | | - image: medaziz11/uptimekuma_restapi |
22 | | - tags: 1.2 |
23 | | - registry: docker.io |
24 | | - username: ${{ secrets.DOCKER_USERNAME }} |
25 | | - password: ${{ secrets.DOCKER_PASSWORD }} |
|
0 commit comments