-
Notifications
You must be signed in to change notification settings - Fork 4
138 lines (111 loc) · 3.22 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: CI/CD
on:
push:
tags:
- "[0-9]+.[0-9]+.[0-9]+"
schedule:
- cron: "0 5 * * 0"
workflow_dispatch:
env:
USER: loganmarchione
REPO: docker-php-startpage
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase
uses: actions/checkout@v4
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.3'
tools: phpstan
- name: Install dependencies
run: composer install --no-interaction --no-plugins --no-scripts --no-dev --prefer-dist --no-ansi --no-progress
- name: Run PHPStan
run: phpstan analyse --level 7 index.php
- name: Lint Dockerfile with Hadolint
uses: hadolint/hadolint-action@v3.1.0
with:
failure-threshold: error
ignore: DL3008,DL3018
# - name: PHP Compatibility
# uses: pantheon-systems/phpcompatibility-action@v1
# with:
# skip-php-setup: true
# test-versions: 7.4-
# paths: ${{ github.workspace }}
ci:
name: Build and test
needs: lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase
uses: actions/checkout@v4
- name: Set variables
run: |
VER=$(cat VERSION)
echo "VERSION=$VER" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker Image
uses: docker/build-push-action@v6
with:
push: false
context: .
file: Dockerfile
load: true
tags: |
${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}
${{ env.USER }}/${{ env.REPO }}:latest
- name: Test image
run: |
docker images
docker run --name test-container --detach ${USER}/${REPO}:${VERSION}
docker ps -a
# - name: Container scan with Dockle
# uses: goodwithtech/dockle-action@v0.1.2
# with:
# image: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}'
# format: 'list'
# exit-code: '1'
# exit-level: 'warn'
# ignore: 'CIS-DI-0001,CIS-DI-0010'
- name: Container scan with Trivy
uses: aquasecurity/trivy-action@0.28.0
with:
scan-type: 'image'
image-ref: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}'
trivy-config: ./github/trivy.yaml
cd:
name: Deploy
needs: ci
runs-on: ubuntu-latest
steps:
- name: Check out the codebase
uses: actions/checkout@v4
- name: Set variables
run: |
VER=$(cat VERSION)
echo "VERSION=$VER" >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USER }}
password: ${{ secrets.DOCKER_HUB_PASS }}
logout: true
- name: Build Docker Image
uses: docker/build-push-action@v6
with:
push: true
context: .
file: Dockerfile
platforms: linux/amd64,linux/arm64,linux/arm/v7
tags: |
${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}
${{ env.USER }}/${{ env.REPO }}:latest