diff --git a/.github/workflows/merge.yaml b/.github/workflows/merge.yaml index c00ff07..df24d79 100644 --- a/.github/workflows/merge.yaml +++ b/.github/workflows/merge.yaml @@ -19,6 +19,7 @@ env: jobs: check-build-deploy: strategy: + fail-fast: false matrix: include: - workdir: ./backend @@ -109,9 +110,10 @@ jobs: context: ${{ matrix.workdir }} file: ${{ matrix.dockerfile }} tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} - load: true + load: false cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache + outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar - name: Login to GHCR uses: docker/login-action@v2 @@ -123,20 +125,29 @@ jobs: - name: Scan Docker image with Dockle id: dockle run: | - wget https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz - tar zxvf dockle_0.4.14_Linux-64bit.tar.gz + wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz + tar zxf dockle_0.4.14_Linux-64bit.tar.gz sudo mv dockle /usr/local/bin - dockle --exit-level fatal --format json --output ${{ matrix.workdir }}/dockle_scan_output.json ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} - echo " dockle exited w/ $?" + dockle --exit-code 1 --exit-level fatal --format json --input '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json cat ${{ matrix.workdir }}/dockle_scan_output.json echo "outcome=success" >> $GITHUB_OUTPUT - name: Push Docker image to GHCR run: | + docker load -i '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' + rm -rf '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' docker push ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} + - name: Add tag as a PR comment + uses: ubie-oss/comment-to-merged-pr-action@v0.3.3 + id: comment-to-merged-pr + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + message: |- + This PR is in the tag: ${{ env.TAG }} , for ${{ matrix.name }} service + - name: Deploy with Qovery if: github.ref == 'refs/heads/dev' env: diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 933e857..89b7f2c 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -16,6 +16,7 @@ permissions: jobs: static-checks: strategy: + fail-fast: false matrix: include: - workdir: ./backend @@ -96,19 +97,20 @@ jobs: context: ${{ matrix.workdir }} file: ${{ matrix.dockerfile }} tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ github.sha }} - load: true + load: false cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache + outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar - name: Scan Docker image with Dockle id: dockle run: | - wget https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz - tar zxvf dockle_0.4.14_Linux-64bit.tar.gz + wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz + tar zxf dockle_0.4.14_Linux-64bit.tar.gz sudo mv dockle /usr/local/bin - dockle --exit-level fatal --format json --output ${{ matrix.workdir }}/dockle_scan_output.json ${{ steps.image_lowercase.outputs.lowercase }}:${{ github.sha }} - echo " dockle exited w/ $?" + dockle --exit-code 1 --exit-level fatal --format json --input '/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json + rm -rf '/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar' cat ${{ matrix.workdir }}/dockle_scan_output.json echo "outcome=success" >> $GITHUB_OUTPUT diff --git a/backend/Dockerfile b/backend/Dockerfile index 9f3f5a3..9144d5b 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -1,6 +1,6 @@ # path: ./Dockerfile FROM node:alpine -RUN apk update && apk add build-base gcc autoconf automake zlib-dev libpng-dev nasm bash vips-dev +RUN apk update && apk add --no-cache build-base gcc autoconf automake zlib-dev libpng-dev nasm bash vips-dev ARG NODE_ENV=development ENV NODE_ENV=${NODE_ENV} WORKDIR /opt/