CI/CD

CI/CD #1743

Workflow file for this run

	---
	name: CI/CD
	'on':
	pull_request:
	push:
	branches:
	- master
	schedule:
	- cron: '0 0 * * *'

	jobs:

	hadolint:
	name: Test dockerfile syntax
	runs-on: ubuntu-latest
	steps:
	- name: Check out the codebase.
	uses: actions/checkout@main

	- name: Install hadolint.
	run: \|
	sudo curl -L https://github.com/hadolint/hadolint/releases/download/v$HADOLINT_VERSION/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint
	sudo chmod 755 /usr/local/bin/hadolint
	env:
	HADOLINT_VERSION: 2.12.0

	- name: Run hadolint.
	run: hadolint Dockerfile

	- name: Run hadolint on devel.
	run: hadolint Dockerfile_devel

	build:
	name: Build and test docker
	runs-on: ubuntu-latest
	steps:
	- name: Check out the codebase.
	uses: actions/checkout@main

	- name: Build docker image.
	run: \|
	docker build --no-cache --tag ${GITHUB_REPOSITORY}:${GITHUB_RUN_ID} .
	docker build --no-cache --tag ${GITHUB_REPOSITORY}:devel -f Dockerfile_devel .

	- name: Run a container of created images.
	run: \|
	BASECONTAINER=$(docker run --detach --privileged --cgroup-parent=docker.slice --cgroupns private --tmpfs /run --tmpfs /run/lock ${GITHUB_REPOSITORY}:${GITHUB_RUN_ID})
	DEVELCONTAINER=$(docker run --detach --privileged --cgroup-parent=docker.slice --cgroupns private --tmpfs /run --tmpfs /run/lock ${GITHUB_REPOSITORY}:devel)
	sleep 5
	echo "BASECONTAINER=$BASECONTAINER" >> $GITHUB_ENV
	echo "DEVELCONTAINER=$DEVELCONTAINER" >> $GITHUB_ENV

	- name: Check if containers are still running.
	run: \|
	docker ps -f id=${BASECONTAINER}
	docker ps -f id=${DEVELCONTAINER}

	- name: Check if the containers can be correctly stopped and removed.
	run: \|
	docker stop ${BASECONTAINER} && docker rm -fv ${BASECONTAINER}
	docker stop ${DEVELCONTAINER} && docker rm -fv ${DEVELCONTAINER}

	- name: Run Trivy vulnerability scanner.
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: ${{ github.repository }}:${{ github.run_id }}
	exit-code: '1'
	severity: 'CRITICAL,HIGH'
	env:
	TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2

	- name: Run Trivy vulnerability scanner.
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: ${{ github.repository }}:devel
	exit-code: '1'
	severity: 'CRITICAL,HIGH'
	env:
	TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2

	deploy:
	if: ${{ github.ref == 'refs/heads/master' }}
	needs: [hadolint, build]
	name: Push to Quay
	runs-on: ubuntu-latest
	steps:
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@master

	- name: Login to Quay
	uses: docker/login-action@master
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_PASSWORD }}

	- name: Push to Quay
	uses: docker/build-push-action@master
	with:
	file: ./Dockerfile
	pull: true
	push: true
	tags: quay.io/aminvakil/archlinux:latest

	- name: Push to Quay (devel)
	uses: docker/build-push-action@master
	with:
	file: ./Dockerfile_devel
	pull: true
	push: true
	tags: quay.io/aminvakil/archlinux:devel

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI/CD #1743

Workflow file

CI/CD #1743

Jobs

Run details

Workflow file for this run