-
Notifications
You must be signed in to change notification settings - Fork 0
83 lines (70 loc) · 2.1 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
name: Go CI
on:
push:
branches:
- '**'
jobs:
lint:
name: Lint Go project
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Checkout repository
uses: actions/[email protected]
- name: Set up Go
uses: actions/[email protected]
with:
go-version: '1.22'
cache: false
- name: golangci-lint
uses: golangci/[email protected]
with:
version: latest
args: --timeout=10m
test:
name: Test Go project
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/[email protected]
- name: Set up Go
uses: actions/[email protected]
with:
go-version: '1.22'
cache: false
- name: Install dependencies
run: go mod download
- name: Test
run: go test ./controllers
docker:
name: Build and Push Docker Image
runs-on: ubuntu-latest
needs:
- lint
- test
steps:
- name: Checkout repository
uses: actions/[email protected]
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Login to Docker Hub
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Short SHA
id: sha
run: echo "SHA_SHORT=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Build Docker image
run: docker build -t ${{ secrets.DOCKER_USERNAME }}/${{ vars.APP_NAME }}:${{ steps.sha.outputs.sha_short }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
image-ref: ${{ secrets.DOCKER_USERNAME }}/${{ vars.APP_NAME }}:${{ steps.sha.outputs.sha_short }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
- name: Push Docker image
run: docker push ${{ secrets.DOCKER_USERNAME }}/${{ vars.APP_NAME }}:${{ steps.sha.outputs.sha_short }}