-
-
Notifications
You must be signed in to change notification settings - Fork 0
119 lines (101 loc) · 3.6 KB
/
test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
---
on: # yamllint disable-line rule:truthy
pull_request:
paths-ignore:
- '**.md'
env:
DOCKER_NAMESPACE: wayofdev/nginx
GHCR_NAMESPACE: ghcr.io/wayofdev/docker-nginx
name: 🧪 Test Docker images
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
jobs:
test:
strategy:
fail-fast: false
matrix:
os_name: ["alpine"]
nginx_type: ["dev", "k8s"]
builder: [{arch: "amd64", os: "ubuntu-latest"}]
runs-on: ${{ matrix.builder.os }}
steps:
- name: 🌎 Set environment variables
run: |
tag="${{ matrix.nginx_type }}-${{ matrix.os_name }}-${{ matrix.builder.arch }}"
target="nginx-${{ matrix.nginx_type }}-${{ matrix.os_name }}"
echo "TARGET=${target}" >> "$GITHUB_ENV"
echo "PLATFORM_CACHE_TAG=${tag}" >> "$GITHUB_ENV"
- name: 📦 Check out the codebase
uses: actions/[email protected]
- name: 🛠️ Install goss and dgoss
uses: e1himself/[email protected]
with:
version: v0.4.6
- name: 🤖 Generate dist files
run: ansible-playbook src/playbook.yml -l ${{ matrix.nginx_type }}-${{ matrix.os_name }}
- name: 🖥️ Setup docker QEMU
uses: docker/setup-qemu-action@v3
- name: 🛠️ Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-flags: "--debug"
- name: 🔑 Login to docker-hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: 🔑 Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: 🐳 Extract docker meta data
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.DOCKER_NAMESPACE }}
${{ env.GHCR_NAMESPACE }}
tags: |
type=raw,event=branch,value=latest
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
flavor: |
latest=false
prefix=${{ matrix.nginx_type }}-${{ matrix.os_name }}-
- name: 🧪 Bake image for testing
id: bake
uses: docker/[email protected]
with:
targets: ${{ env.TARGET }}
files: |
./docker-bake.hcl
${{ steps.meta.outputs.bake-file }}
push: false
set: |
*.tags=
*.platform=linux/${{ matrix.builder.arch }}
*.cache-from=type=gha,scope=build-${{ env.PLATFORM_CACHE_TAG }}
*.cache-to=type=gha,scope=build-${{ env.PLATFORM_CACHE_TAG }}
*.output=type=docker,"name=${{ env.DOCKER_NAMESPACE }},${{ env.GHCR_NAMESPACE }}",name-canonical=true
- name: 🧪 Test Docker image
run: |
export IMAGE_TEMPLATE=${{ matrix.nginx_type }}-${{ matrix.os_name }}
export IMAGE_TAG=${{ env.DOCKER_NAMESPACE }}:latest
make test
- name: 🔍 Run Docker Scout
id: docker-scout
uses: docker/scout-action@v1
with:
command: cves,recommendations
ignore-unchanged: true
only-fixed: true
only-severities: critical,high
keep-previous-comments: true
github-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-user: ${{ secrets.DOCKER_USERNAME }}
dockerhub-password: ${{ secrets.DOCKER_TOKEN }}
...