-
Notifications
You must be signed in to change notification settings - Fork 0
99 lines (96 loc) · 3.17 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
name: CI/CD
on:
push:
branches:
- master
- develop
tags:
- '*'
paths-ignore:
- infrastructure/**
pull_request:
branches:
- '*'
jobs:
cleanup-runs:
runs-on: ubuntu-latest
steps:
- uses: rokroskar/workflow-run-cleanup-action@master
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
test:
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
testType:
- integration
- unit
- architecture
env:
TEST_TYPE: ${{ matrix.testType }}
steps:
- uses: actions/checkout@v3
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'adopt'
cache: gradle
- name: Run tests
run: ./gradlew ci
dockerize:
name: Build and push Docker image
runs-on: ubuntu-latest
needs:
- test
steps:
- uses: actions/checkout@v3
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'adopt'
cache: gradle
- name: Build Docker image
run: ./gradlew bootBuildImage -x test -x integrationTest -x architectureTest -x detekt
- name: Run Trivy image scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'ghcr.io/roche/ambassador-indexer:latest'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results.sarif'
- name: Docker meta
id: meta
if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' || contains(github.ref, 'refs/tags/') }}
uses: docker/metadata-action@v3
with:
images: ghcr.io/roche/ambassador-indexer
tags: |
type=ref,event=branch
type=semver,pattern={{version}},event=tag
type=semver,pattern={{major}}.{{minor}},event=tag
type=semver,pattern={{major}},event=tag
type=sha,event=tag
- name: Tag docker image
if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' || contains(github.ref, 'refs/tags/') }}
run: |
tags="${{ steps.meta.outputs.tags }}"
for tag in ${tags}; do docker tag ghcr.io/roche/ambassador-indexer:latest $tag; done
echo 'Ready tags to be published:'
docker images | grep 'ghcr.io/roche/ambassador-indexer'
- name: Login to GitHub Container Registry
if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' || contains(github.ref, 'refs/tags/') }}
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push Docker image to GitHub Registry
if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' || contains(github.ref, 'refs/tags/') }}
run: docker push ghcr.io/roche/ambassador-indexer -a