116 lines
3.7 KiB
YAML
116 lines
3.7 KiB
YAML
---
|
|
name: CI/CD
|
|
'on':
|
|
pull_request:
|
|
push:
|
|
|
|
jobs:
|
|
|
|
hadolint:
|
|
name: Test dockerfile syntax
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Check out the codebase.
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Install hadolint.
|
|
run: |
|
|
sudo curl -L https://github.com/hadolint/hadolint/releases/download/v$HADOLINT_VERSION/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint
|
|
sudo chmod 755 /usr/local/bin/hadolint
|
|
env:
|
|
HADOLINT_VERSION: 2.10.0
|
|
|
|
- name: Run hadolint.
|
|
run: |
|
|
hadolint Dockerfile
|
|
hadolint Dockerfile_nossl
|
|
|
|
build:
|
|
name: Build and test docker
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Check out the codebase.
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Find an open port.
|
|
run: |
|
|
CLIENT_PORT=$(cat /dev/urandom | od -N2 -An -i | awk -v f=10000 -v r=19999 '{printf "%i\n", f + r * $1 / 65536}')
|
|
[ $(netstat -an | grep LISTEN | grep :$CLIENT_PORT | wc -l) -eq 0 ] || { ./$0 && exit 0 || exit 1; }
|
|
echo "CLIENT_PORT=$CLIENT_PORT" >> $GITHUB_ENV
|
|
|
|
- name: Build docker image.
|
|
run: |
|
|
docker build --no-cache --tag ${GITHUB_REPOSITORY}:${GITHUB_RUN_ID} .
|
|
docker build --no-cache --tag ${GITHUB_REPOSITORY}:nossl -f Dockerfile_nossl .
|
|
|
|
- name: Run a container of created image.
|
|
run: |
|
|
DOCKERCONTAINER=$(docker run -d -p 127.0.0.1:${CLIENT_PORT}:21 -e ADDRESS=ftp.example.com ${GITHUB_REPOSITORY}:${GITHUB_RUN_ID})
|
|
sleep 5
|
|
echo "DOCKERCONTAINER=$DOCKERCONTAINER" >> $GITHUB_ENV
|
|
|
|
- name: Check if container is still running.
|
|
run: docker ps -f id=${DOCKERCONTAINER}
|
|
|
|
- name: Check if the port is responding.
|
|
run: nc 127.0.0.1 ${CLIENT_PORT} < /dev/null
|
|
|
|
- name: Check if the container is correctly stopped and removed.
|
|
run: docker stop ${DOCKERCONTAINER} && docker rm -fv ${DOCKERCONTAINER}
|
|
|
|
- name: Run Trivy vulnerability scanner.
|
|
uses: aquasecurity/trivy-action@master
|
|
with:
|
|
image-ref: ${{ github.repository }}:${{ github.run_id }}
|
|
exit-code: '1'
|
|
|
|
- name: Run Trivy vulnerability scanner.
|
|
uses: aquasecurity/trivy-action@master
|
|
with:
|
|
image-ref: ${{ github.repository }}:nossl
|
|
exit-code: '1'
|
|
|
|
deploy:
|
|
if: startsWith(github.ref, 'refs/tags/v')
|
|
needs: [hadolint, build]
|
|
name: Push to Quay
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Get the tag version
|
|
id: get_version
|
|
run: |
|
|
echo ::set-output name=TAG::${GITHUB_REF/refs\/tags\/v/}
|
|
TAG=${GITHUB_REF/refs\/tags\/v/}
|
|
echo ::set-output name=VERSION::${TAG%-*}
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v1
|
|
|
|
- name: Login to Quay
|
|
uses: docker/login-action@v1
|
|
with:
|
|
registry: quay.io
|
|
username: ${{ secrets.QUAY_USERNAME }}
|
|
password: ${{ secrets.QUAY_PASSWORD }}
|
|
|
|
- name: Push to Quay
|
|
uses: docker/build-push-action@v3
|
|
with:
|
|
file: ./Dockerfile
|
|
pull: true
|
|
push: true
|
|
tags: |
|
|
quay.io/aminvakil/alpine-ftp-server-tls:${{ env.TAG }}
|
|
quay.io/aminvakil/alpine-ftp-server-tls:${{ env.VERSION }}
|
|
quay.io/aminvakil/alpine-ftp-server-tls:latest
|
|
env:
|
|
TAG: ${{ steps.get_version.outputs.TAG }}
|
|
VERSION: ${{ steps.get_version.outputs.VERSION }}
|
|
|
|
- name: Push nossl to Quay
|
|
uses: docker/build-push-action@v3
|
|
with:
|
|
file: ./Dockerfile_nossl
|
|
pull: true
|
|
push: true
|
|
tags: quay.io/aminvakil/alpine-ftp-server-tls:nossl
|