Skip to content

Commit

Permalink
[CI] Deploy CI
Browse files Browse the repository at this point in the history
  • Loading branch information
@admin-cloudforet
admin-cloudforet committed Jan 6, 2024
1 parent 332f6a1 commit cdfefac
Showing 1 changed file with 6 additions and 148 deletions.
154 changes: 6 additions & 148 deletions .github/workflows/push_build_dev.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,155 +1,13 @@
name: "[Push] Build dev"

on:
push:
branches:
- master
paths-ignore:
- '.github/**'
- 'src/VERSION'
- 'docs/**'
workflow_dispatch:

env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

jobs:
versioning:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.versioning.outputs.VERSION }}
steps:
- uses: actions/checkout@v2
- name: get current date
run: |
sudo ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime
echo "TIME=$(date +'%Y%m%d.%H%M%S')" >> $GITHUB_ENV
- name: set version with current date
id: versioning
run: |
echo "VERSION=$(cat src/VERSION | cut -c 2-).${{ env.TIME }}" >> $GITHUB_OUTPUT
echo "::set-output name=VERSION::$(cat src/VERSION | cut -c 2-).${{ env.TIME }}"
- name: Notice when job fails
if: failure()
uses: 8398a7/action-slack@v3.2.0
with:
status: ${{job.status}}
fields: repo,workflow,job
author_name: Github Action Slack

docker:
if: github.repository_owner == 'cloudforet-io'
needs: versioning
runs-on: ubuntu-latest
env:
VERSION: ${{ needs.versioning.outputs.version }}
steps:
- uses: actions/checkout@v2
- name: get service name
run: |
echo "SERVICE=$(echo ${{ github.repository }} | cut -d '/' -f2)" >> $GITHUB_ENV
- name: Upload docker
uses: docker/build-push-action@v1
with:
path: .
repository: pyengine/${{ env.SERVICE }}
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
tags: ${{ env.VERSION }}
- name: Notice when job fails
if: failure()
uses: 8398a7/action-slack@v3.2.0
with:
status: ${{job.status}}
fields: repo,workflow,job
author_name: Github Action Slack

scan:
needs: [versioning, docker]
runs-on: ubuntu-20.04
env:
VERSION: ${{ needs.versioning.outputs.version }}
steps:
- name: Run Trivy vulnerability scanner
id: trivy-scan
uses: aquasecurity/trivy-action@master
with:
image-ref: pyengine/${{ github.event.repository.name }}:${{ env.VERSION }}
format: 'sarif'
output: 'trivy-results.sarif'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'

- name: Count vulnerabilities
id: vulnerabilities
run: |
count=$(jq '.runs[].results[].ruleId' ./trivy-results.sarif | wc -c)
echo "result_count=$count" >> $GITHUB_OUTPUT
echo "$count"
- name: slack
if: ${{ steps.vulnerabilities.outputs.result_count != 0 }}
uses: 8398a7/action-slack@v3
with:
status: custom
fields: workflowRun
custom_payload: |
{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": ":warning: Image vulnerability detected"
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Image:*\npyengine/${{ github.event.repository.name }}:${{ env.VERSION }}"
},
{
"type": "mrkdwn",
"text": "*Repo name:*\n${{ github.repository }}"
}
]
},
{
"type": "actions",
"elements": [
{
"type": "button",
"text": {
"type": "plain_text",
"emoji": true,
"text": "View Detail"
},
"style": "danger",
"url": "https://github.com/${{ github.repository }}/security/code-scanning"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{secrets.VULNERABILITY_SLACK_WEBHOOK_URL}}

notification:
runs-on: ubuntu-latest
needs: docker
none:
run-on: ubuntu-latest
steps:
- name: Slack
if: always()
uses: 8398a7/action-slack@v3.2.0
with:
status: ${{job.status}}
fields: repo,message,commit,author,action,ref,workflow,job
author_name: Github Action Slack
- name: none
run: echo "This is deprecated."

# deprecated workflow

0 comments on commit cdfefac

Please sign in to comment.