Merge pull request #2 from ABI-Deployment-Thesis/ruiar/add-cicd

feat(ci/cd): add cicd
ABI-Deployment-Thesis · Aug 23, 2024 · b1f8cc3 · b1f8cc3
2 parents 50769f8 + 9e23803
commit b1f8cc3
Show file tree

Hide file tree

Showing 6 changed files with 154 additions and 1 deletion.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+*   @ruigomes99
diff --git a/.github/workflows/publish-images.yaml b/.github/workflows/publish-images.yaml
@@ -0,0 +1,69 @@
+# https://docs.github.com/en/actions/use-cases-and-examples/publishing-packages/publishing-docker-images
+name: Publish Docker image
+
+on:
+  release:
+    types: [published]
+
+env:
+  GITHUB_REGISTRY: ghcr.io
+  DOCKERHUB_REGISTRY: index.docker.io
+  GITHUB_IMAGE_NAME: ${{ github.repository }}
+  DOCKERHUB_IMAGE_NAME: ruigomes99/${{ github.event.repository.name }}
+
+jobs:
+  push_to_registries:
+    name: Push Docker image to multiple registries
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+      attestations: write
+      id-token: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Log in to GitHub Container registry
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 #v5.5.1
+        with:
+          images: |
+            ${{ env.DOCKERHUB_IMAGE_NAME}}
+            ${{ env.GITHUB_REGISTRY }}/${{ env.GITHUB_IMAGE_NAME }}
+
+      - name: Build and push Docker images
+        id: push
+        uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 #v6.7.0
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Generate artifact attestation to GitHub Container registry
+        uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 #v1.4.1
+        with:
+          subject-name: ${{ env.GITHUB_REGISTRY }}/${{ env.GITHUB_IMAGE_NAME }}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
+
+      - name: Generate artifact attestation to Docker Hub
+        uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 #v1.4.1
+        with:
+          subject-name: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.DOCKERHUB_IMAGE_NAME }}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,20 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+jobs:
+  create_release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
+
+      - name: Release
+        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 #v2.0.8
+        with:
+          prerelease: ${{ contains(github.ref, '-alpha') }}
+          generate_release_notes: true
+          token: ${{ secrets.ACTION_TOKEN }}
diff --git a/.github/workflows/security-checks.yaml b/.github/workflows/security-checks.yaml
@@ -0,0 +1,34 @@
+name: Security checks
+
+on:
+  pull_request:
+    branches: [master, main]
+
+jobs:
+  trivy_file_system:
+    name: Trivy file system scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 #v0.24.0
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'table'
+          output: './results.txt'
+          severity: 'CRITICAL,HIGH,MEDIUM,LOW'
+          exit-code: '1'
+
+      - name: Inspect action report
+        if: always()
+        run: cat ./results.txt
+
+      - name: Upload artifact
+        if: always()
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a #v4.3.6
+        with:
+          name: trivy-fs-scan-results
+          path: ./results.txt
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -0,0 +1,28 @@
+name: Tests
+
+on:
+  pull_request:
+    branches: [master, main]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
+      - name: Build Docker image
+        run: docker build -t ${{ github.event.repository.name }}:ci .
+
+  # https://docs.github.com/en/actions/use-cases-and-examples/building-and-testing/building-and-testing-nodejs
+  unit_tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
+      - name: Use Node.js
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b #v4.0.3
+        with:
+          node-version: '20.x'
+      - run: npm ci
+      - run: npm run build --if-present
+      - run: npm test
diff --git a/package.json b/package.json
@@ -4,7 +4,8 @@
   "description": "",
   "main": "index.js",
   "scripts": {
-    "start": "set \"NODE_ENV=development\" && nodemon index"
+    "start": "set \"NODE_ENV=development\" && nodemon index",
+    "test": "echo \"No tests specified\" && exit 0"
   },
   "author": "[email protected]",
   "license": "ISC",