Skip to content

Workflow file for this run

name: Build Slides for Training and Publish to Stg Env
on:
pull_request:
paths:
- 'slides/**'
jobs:
build-slides-stg:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: Login to Quay.io Container Registry
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_TOKEN }}
-
name: Build Slides
uses: docker/build-push-action@v3
with:
context: .
file: ./slides/Dockerfile
secrets: |
"gitlab_pullsecret=${{ secrets.GITLAB_PULLSECRET }}"
push: true
tags: |
quay.io/puzzle/ansible-training-slides:stg
-
name: Run vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'quay.io/puzzle/ansible-training-slides:stg'
format: 'table'
output: 'trivy-results.txt'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os'
severity: 'CRITICAL,HIGH'
-
name: Archive vulnerability scan results
uses: actions/upload-artifact@v3
with:
name: trivy-results-build
path: trivy-results.txt
-
name: Install Kubectl
uses: azure/setup-kubectl@v3
with:
version: v1.21.2
-
name: Deploy RevealJS Stg
env:
TRAINING_NAMESPACE: 'pitc-ansible-training-stg'
KUBE_TOKEN: '${{ secrets.OPENSHIFT_SA_TOKEN_STG }}'
KUBE_URL: '${{ secrets.OPENSHIFT_API_URL }}'
run: |
kubectl rollout restart deployment/ansible-slides --server=$KUBE_URL --token=$KUBE_TOKEN --namespace $TRAINING_NAMESPACE