Skip to content

chore(deps): lock file maintenance (#87) #12

chore(deps): lock file maintenance (#87)

chore(deps): lock file maintenance (#87) #12

name: Validate codebase and image
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_call:
jobs:
lint-format-test:
timeout-minutes: 5
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
cache: npm
- name: Install dependencies and lint files
run: |
npm ci
npm run lint
npm run format
npm run test
- name: Save code coverage to artifact
uses: actions/upload-artifact@v4
with:
name: code-coverage
path: "coverage/clover.xml"
retention-days: 5
upload-coverage:
timeout-minutes: 5
runs-on: ubuntu-latest
needs:
- lint-format-test
steps:
- name: Fetch code coverage artifact
uses: actions/download-artifact@v4
with:
name: code-coverage
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: true
docker-test:
timeout-minutes: 5
runs-on: ubuntu-latest
needs:
- lint-format-test
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
install: true
# This repository's Dockerfile uses $CACHE_BUST to invalidate Docker layer caching. The
# variable is passed to the Docker build action below.
- name: Export $CACHE_BUST environment variable
run: echo "CACHE_BUST=$(date +%FT%T%z)" >> $GITHUB_ENV
# Docker Compose builds an image with a default name of 'tracktime-tracktime'. Building an
# image with that name here and then using Docker Compose to start it in the next step. This
# is a workaround because Compose does not support BuildKit/buildx, which is required for
# GHA caching.
- name: Build Docker image
uses: docker/build-push-action@v6
with:
context: .
tags: idrc-cms-authenticator
build-args: CACHE_BUST=${{ env.CACHE_BUST }}
cache-from: type=gha
cache-to: type=gha,mode=max
load: true
- name: Run Docker Compose using built image
run: docker compose up --detach
- name: Run Docker integration tests
run: |
curl --location --remote-name https://github.com/Orange-OpenSource/hurl/releases/download/4.0.0/hurl_4.0.0_amd64.deb
sudo dpkg -i hurl_4.0.0_amd64.deb
bin/integration.sh http://localhost:3000/auth
- name: Scan image
uses: anchore/scan-action@v6
with:
image: "idrc-cms-authenticator"
only-fixed: true
cache-db: true
output-format: table