This repository has been archived by the owner on Jan 1, 2024. It is now read-only.
CI/CD #176
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD | |
| on: | |
| push: | |
| tags: | |
| - "[0-9]+.[0-9]+.[0-9]+" | |
| schedule: | |
| - cron: "30 5 * * 0" | |
| workflow_dispatch: | |
| env: | |
| USER: loganmarchione | |
| REPO: docker-speedtest-influxdbv2 | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ['3.8', '3.9', '3.10'] | |
| steps: | |
| - name: Check out the codebase | |
| uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install Python dependencies | |
| run: | | |
| python -c "import sys; print(sys.version)" | |
| python -m pip install --upgrade pip | |
| pip install bandit flake8 pytest ruff | |
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
| - name: Lint Python with flake8 | |
| run: | | |
| grep -rl '^#!/.*py' | xargs -n1 flake8 --extend-ignore=E501 | |
| - name: Lint with ruff | |
| run: | | |
| ruff check . --ignore E501 | |
| - name: Python best practices with Bandit | |
| run: | | |
| bandit -r . | |
| - name: Lint Dockerfile with Hadolint | |
| uses: hadolint/[email protected] | |
| with: | |
| failure-threshold: error | |
| ignore: DL3008,DL3018 | |
| ci: | |
| name: Build and test | |
| needs: lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the codebase | |
| uses: actions/checkout@v4 | |
| - name: Set variables | |
| run: | | |
| VER=$(cat VERSION) | |
| echo "VERSION=$VER" >> $GITHUB_ENV | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| push: false | |
| context: . | |
| file: Dockerfile | |
| load: true | |
| tags: | | |
| ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }} | |
| ${{ env.USER }}/${{ env.REPO }}:latest | |
| - name: Test image | |
| run: | | |
| docker images | |
| # TODO - Add image test here | |
| docker ps -a | |
| - name: Container scan with Dockle | |
| uses: goodwithtech/[email protected] | |
| with: | |
| image: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}' | |
| format: 'list' | |
| exit-code: '1' | |
| exit-level: 'warn' | |
| ignore: 'CIS-DI-0001,CIS-DI-0010' | |
| - name: Container scan with Trivy | |
| uses: aquasecurity/[email protected] | |
| with: | |
| scan-type: 'image' | |
| image-ref: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}' | |
| trivy-config: ./github/trivy.yaml | |
| cd: | |
| name: Deploy | |
| needs: ci | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the codebase | |
| uses: actions/checkout@v4 | |
| - name: Set variables | |
| run: | | |
| VER=$(cat VERSION) | |
| echo "VERSION=$VER" >> $GITHUB_ENV | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USER }} | |
| password: ${{ secrets.DOCKER_HUB_PASS }} | |
| logout: true | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| push: true | |
| context: . | |
| file: Dockerfile | |
| tags: | | |
| ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }} | |
| ${{ env.USER }}/${{ env.REPO }}:latest |