adding env variables to tmas #41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: java-goof image build and deployment | |
| on: | |
| push: | |
| branches: | |
| - 'master' | |
| pull_request: | |
| branches: | |
| - 'master' | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| jobs: | |
| build-todolist-image: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: todolist-goof | |
| steps: | |
| - uses: actions/checkout@v4.1.1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Build | |
| uses: docker/build-push-action@v2 | |
| with: | |
| load: true | |
| context: todolist-goof | |
| push: false | |
| tags: java-goof:latest | |
| - id: auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: "${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}" | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Install gke-gcloud-auth-plugin | |
| run: gcloud components install kubectl | |
| - name: Check gke-gcloud-auth-plugin | |
| run: kubectl version --client | |
| - name: Use gcloud CLI | |
| run: gcloud info | |
| - name: Docker auth | |
| run: gcloud auth configure-docker us-central-1-docker.pkg.dev --quiet | |
| - name: Set version | |
| id: version | |
| run: echo "VERSION=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| - name: build and push the docker image | |
| env: | |
| GOOGLE_PROJECT: ${{ secrets.GOOGLE_PROJECT }} | |
| VERSION: ${{ steps.version.outputs.VERSION }} | |
| run: | | |
| DOCKER_IMAGE="us-central1-docker.pkg.dev/${GOOGLE_PROJECT}/java-goof/goof:${VERSION}" | |
| gcloud auth configure-docker us-central1-docker.pkg.dev | |
| docker build -t $DOCKER_IMAGE . | |
| docker push ${DOCKER_IMAGE} | |
| - name: Trend Cloud One Container Security Scan Action | |
| env: | |
| GOOGLE_PROJECT: ${{ secrets.GOOGLE_PROJECT }} | |
| VERSION: ${{ steps.version.outputs.VERSION }} | |
| run: | | |
| DOCKER_IMAGE="us-central1-docker.pkg.dev/${GOOGLE_PROJECT}/java-goof/goof:${VERSION}" | |
| export TMAS_API_KEY=${{ secrets.TMAS_API_KEY }} | |
| curl -s -L https://gist.github.com/raphabot/abae09b46c29afc7c3b918b7b8ec2a5c/raw/ | bash | |
| tmas scan registry:${DOCKER_IMAGE} | |
| # - name: Deploy to GKE | |
| # env: | |
| # GOOGLE_PROJECT: ${{ secrets.GOOGLE_PROJECT }} | |
| # VERSION: ${{ steps.version.outputs.VERSION }} | |
| # run: | | |
| # gcloud container clusters get-credentials igorsdevcluster --region us-central1 | |
| # sed -i "s/GOOGLE_PROJECT/$GOOGLE_PROJECT/g" k8s/java-goof.yaml | |
| # kubectl apply -f k8s/java-goof.yaml |