Merge pull request #10 from sireto/BugFix/4G-4K #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Check,Build,Deploy | |
on: | |
push: | |
branches: | |
- develop | |
- test | |
- staging | |
- main | |
permissions: | |
contents: write | |
pull-requests: write | |
packages: write | |
env: | |
ENVIRONMENT: ${{ (github.ref_name == 'main' && 'prod-govtool') || (github.ref_name == 'staging' && 'pre-prod-govtool') || (github.ref_name == 'test' && 'qa-govtool') || (github.ref_name == 'develop' && 'dev-govtool') }} | |
jobs: | |
check-build-deploy: | |
environment: ${{ (github.ref_name == 'main' && 'prod-govtool') || (github.ref_name == 'staging' && 'pre-prod-govtool') || (github.ref_name == 'test' && 'qa-govtool') || (github.ref_name == 'develop' && 'dev-govtool') }} | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- workdir: ./govtool/backend | |
name: govtool-backend | |
dockerfile: ./govtool/backend/Dockerfile.qovery | |
image: ghcr.io/${{ github.repository }}-govtool-backend | |
qovery_container_name: govtool-backend | |
- workdir: ./govtool/frontend | |
name: govtool-frontend | |
dockerfile: ./govtool/frontend/Dockerfile.qovery | |
image: ghcr.io/${{ github.repository }}-govtool-frontend | |
qovery_container_name: govtool-frontend | |
- workdir: ./govtool/metadata-validation | |
name: govtool-metadata-validation | |
dockerfile: ./govtool/metadata-validation/Dockerfile | |
image: ghcr.io/${{ github.repository }}-govtool-metadata-validation | |
qovery_container_name: govtool-metadata-validation | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Set TAG Environment Variable | |
id: set_tag | |
run: | | |
if [ "${{ github.ref_name }}" = "main" ]; then | |
echo "TAG=${{ github.sha }}" >> $GITHUB_ENV | |
else | |
echo "TAG=${{ github.ref_name }}-${{ github.sha }}" >> $GITHUB_ENV | |
fi | |
- name: Lint Dockerfile | |
id: hadolint | |
uses: hadolint/[email protected] | |
with: | |
failure-threshold: error | |
format: json | |
dockerfile: ${{ matrix.dockerfile }} | |
# output-file: hadolint_output.json | |
- name: Save Hadolint output | |
id: save_hadolint_output | |
if: always() | |
run: cd ${{ matrix.workdir }} && echo "$HADOLINT_RESULTS" | jq '.' > hadolint_output.json | |
- name: Print Dockerfile lint output | |
run: | | |
cd ${{ matrix.workdir }} | |
echo "-----HADOLINT RESULT-----" | |
echo "Outcome: ${{ steps.hadolint.outcome }}" | |
echo "-----DETAILS--------" | |
cat hadolint_output.json | |
echo "--------------------" | |
- name: Code lint | |
id: code_lint | |
run: | | |
cd ${{ matrix.workdir }} | |
if [ ! -f lint.sh ]; then | |
echo "lint skipped" | tee code_lint_output.txt | |
exit 0 | |
fi | |
set -o pipefail | |
sudo chmod +x lint.sh && ./lint.sh 2>&1 | tee code_lint_output.txt | |
- name: Unit tests | |
id: unit_tests | |
run: | | |
cd ${{ matrix.workdir }} | |
if [ ! -f unit-test.sh ]; then | |
echo "unit tests skipped" | tee code_lint_output.txt | |
exit 0 | |
fi | |
set -o pipefail | |
sudo chmod +x unit-test.sh && ./unit-test.sh 2>&1 | tee unit_test_output.txt | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Cache Docker layers | |
uses: actions/cache@v3 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- id: image_lowercase | |
uses: ASzc/change-string-case-action@v6 | |
with: | |
string: ${{ matrix.image }} | |
- name: Build Docker image | |
uses: docker/build-push-action@v5 | |
with: | |
context: ${{ matrix.workdir }} | |
file: ${{ matrix.dockerfile }} | |
tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} | |
load: false | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar | |
build-args: | | |
VITE_APP_ENV=${{ secrets.VITE_APP_ENV }} | |
VITE_BASE_URL=${{ secrets.VITE_BASE_URL }} | |
VITE_METADATA_API_URL=${{ secrets.VITE_METADATA_API_URL }} | |
VITE_GTM_ID=${{ secrets.VITE_GTM_ID }} | |
VITE_NETWORK_FLAG=${{ secrets.VITE_NETWORK_FLAG }} | |
VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }} | |
NPMRC_TOKEN=${{ secrets.NPMRC_TOKEN }} | |
VITE_USERSNAP_SPACE_API_KEY=${{ secrets.VITE_USERSNAP_SPACE_API_KEY }} | |
VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED=${{ secrets.VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED }} | |
VITE_PDF_API_URL=${{ secrets.VITE_PDF_API_URL }} | |
- name: Login to GHCR | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Scan Docker image with Dockle | |
id: dockle | |
run: | | |
wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz | |
tar zxf dockle_0.4.14_Linux-64bit.tar.gz | |
sudo mv dockle /usr/local/bin | |
dockle --exit-code 1 --exit-level fatal --format json -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --input '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json | |
echo " dockle exited w/ $?" | |
cat ${{ matrix.workdir }}/dockle_scan_output.json | |
echo "outcome=success" >> $GITHUB_OUTPUT | |
- name: Push Docker image to GHCR | |
run: | | |
docker load -i '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' | |
rm -rf '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' | |
docker push ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} | |
- name: Add tag as a PR comment | |
uses: ubie-oss/[email protected] | |
id: comment-to-merged-pr | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
message: |- | |
This PR is in the tag: ${{ env.TAG }} , for ${{ matrix.name }} service |