Create container image for finkctl #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Qserv operator CI workflow | |
| --- | |
| name: "CI" | |
| on: | |
| push: | |
| pull_request: | |
| branches: | |
| - main | |
| env: | |
| CIUXCONFIG: /tmp/ciux.sh | |
| CIUX_VERSION: v0.0.1-rc7 | |
| jobs: | |
| build: | |
| name: Build image | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.21.4' | |
| - name: Install ciux | |
| run: go install github.com/k8s-school/ciux@"${{ env.CIUX_VERSION }}" | |
| - name: Check dependencies consistency | |
| run: ciux ignite $PWD | |
| - name: Declare Variables | |
| id: vars | |
| shell: bash | |
| run: | | |
| DIR="$PWD" | |
| . ./conf.sh | |
| echo "IMAGE=${IMAGE}" >> $GITHUB_ENV | |
| echo "IMAGE=${IMAGE}" | |
| - name: Build finkctl image | |
| run: | | |
| ./build.sh | |
| - name: Export finkctl image | |
| run: | | |
| docker images | |
| echo "${{ env.IMAGE }}" | |
| mkdir -p artifacts | |
| docker save "${{ env.IMAGE }}" > artifacts/image.tar | |
| echo "${{ env.IMAGE }}" > artifacts/image-tag | |
| - uses: actions/upload-artifact@v2 | |
| with: | |
| name: docker-artifact | |
| path: artifacts | |
| image-analysis: | |
| name: Analyze image | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| security-events: write | |
| needs: build | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Download image | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: docker-artifact | |
| path: artifacts | |
| - name: Load image in local registry | |
| run: | | |
| docker load --input artifacts/image.tar | |
| echo "IMAGE=$(cat artifacts/artifacts/image-tag)" >> $GITHUB_ENV | |
| - name: Scan finkctl image | |
| uses: anchore/scan-action@v3 | |
| id: scan | |
| with: | |
| image: "${{ env.IMAGE }}" | |
| fail-build: false | |
| - name: Display SARIF report | |
| run: | | |
| cat ${{ steps.scan.outputs.sarif }} | |
| - name: upload Anchore scan SARIF report | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: ${{ steps.scan.outputs.sarif }} | |
| push: | |
| name: Push image to registry | |
| runs-on: ubuntu-22.04 | |
| needs: build | |
| steps: | |
| - name: Download image | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: docker-artifact | |
| path: artifacts | |
| - name: Load image in local registry | |
| run: | | |
| docker load --input artifacts/image.tar | |
| echo "IMAGE=$(cat artifacts/image-tag)" >> $GITHUB_ENV | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: gitlab-registry.in2p3.fr | |
| username: ${{ secrets.REGISTRY_USERNAME }} | |
| password: ${{ secrets.REGISTRY_TOKEN }} | |
| - name: Push image to container registry | |
| run: | | |
| docker push ${{ env.IMAGE }} | |