CI/CD #155
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
on: | |
push: | |
tags: | |
- "[0-9]+.[0-9]+.[0-9]+" | |
schedule: | |
- cron: "0 5 * * 0" | |
workflow_dispatch: | |
env: | |
USER: loganmarchione | |
REPO: docker-php-startpage | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the codebase | |
uses: actions/checkout@v4 | |
- name: Setup PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: '8.2' | |
- name: Install dependencies | |
run: composer install --no-interaction --no-plugins --no-scripts --no-dev --prefer-dist --no-ansi --no-progress | |
- name: Lint PHP | |
uses: docker://ghcr.io/phpstan/phpstan | |
with: | |
args: analyse --level 7 index.php | |
- name: Lint Dockerfile with Hadolint | |
uses: hadolint/hadolint-action@v3.1.0 | |
with: | |
failure-threshold: error | |
ignore: DL3008,DL3018 | |
# - name: PHP Compatibility | |
# uses: pantheon-systems/phpcompatibility-action@v1 | |
# with: | |
# skip-php-setup: true | |
# test-versions: 7.4- | |
# paths: ${{ github.workspace }} | |
ci: | |
name: Build and test | |
needs: lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the codebase | |
uses: actions/checkout@v4 | |
- name: Set variables | |
run: | | |
VER=$(cat VERSION) | |
echo "VERSION=$VER" >> $GITHUB_ENV | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build Docker Image | |
uses: docker/build-push-action@v5 | |
with: | |
push: false | |
context: . | |
file: Dockerfile | |
load: true | |
tags: | | |
${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }} | |
${{ env.USER }}/${{ env.REPO }}:latest | |
- name: Test image | |
run: | | |
docker images | |
docker run --name test-container --detach ${USER}/${REPO}:${VERSION} | |
docker ps -a | |
- name: Container scan with Dockle | |
uses: goodwithtech/dockle-action@v0.1.2 | |
with: | |
image: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}' | |
format: 'list' | |
exit-code: '1' | |
exit-level: 'warn' | |
ignore: 'CIS-DI-0001,CIS-DI-0010' | |
- name: Container scan with Trivy | |
uses: aquasecurity/trivy-action@0.16.0 | |
with: | |
scan-type: 'image' | |
image-ref: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}' | |
trivy-config: ./github/trivy.yaml | |
cd: | |
name: Deploy | |
needs: ci | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the codebase | |
uses: actions/checkout@v4 | |
- name: Set variables | |
run: | | |
VER=$(cat VERSION) | |
echo "VERSION=$VER" >> $GITHUB_ENV | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USER }} | |
password: ${{ secrets.DOCKER_HUB_PASS }} | |
logout: true | |
- name: Build Docker Image | |
uses: docker/build-push-action@v5 | |
with: | |
push: true | |
context: . | |
file: Dockerfile | |
platforms: linux/amd64,linux/arm64,linux/arm/v7 | |
tags: | | |
${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }} | |
${{ env.USER }}/${{ env.REPO }}:latest |