alfred/.gitea/workflows/ci.yml at 56a3c1257d62f8e625032f127380e758be32bbe7

francwa/alfred

Fork 0

Files

Francwa 56a3c1257d

CI/CD Awesome Pipeline / Test (push) Successful in 1m36s

Details

CI/CD Awesome Pipeline / Build & Push to Registry (push) Failing after 7m10s

Details

infra: added trivy vulnerability scanner to CI/CD

2025-12-22 10:01:52 +01:00

84 lines

2.3 KiB

YAML

Raw Blame History

 name: CI/CD Awesome Pipeline
 on:
   push:
     branches: [main]
     tags:
       - 'v*.*.*'
   pull_request:
     branches: [main]
 env:
   REGISTRY_URL: ${{ vars.REGISTRY_URL || 'gitea.iswearihadsomethingforthis.net' }}
   REGISTRY_USER: ${{ vars.REGISTRY_USER || 'francwa' }}
 jobs:
   test:
     name: Test
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Build and run tests
         env:
           DEEPSEEK_API_KEY: ${{ secrets.DEEPSEEK_API_KEY }}
           TMDB_API_KEY: ${{ secrets.TMDB_API_KEY }}
         run: make _ci-run-tests
   build-and-push:
     name: Build & Push to Registry
     runs-on: ubuntu-latest
     needs: test
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Load config from Makefile
         id: config
         run: make -s _ci-dump-config >> $GITHUB_OUTPUT
       - name: 🏷️ Docker Metadata (Tags & Labels)
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: gitea.iswearihadsomethingforthis.net/francwa/${{ steps.config.outputs.image_name }}
           tags: |
             # Case 1 - Git Tag (v1.2.3)
             type=semver,pattern={{ version }}
             # Case 2 - Push on main
             type=raw,value=latest,enable={{ is_default_branch }}
             # Both case - Commit sha
             type=sha
       - name: Login to Gitea Registry
         uses: docker/login-action@v3
         with:
           registry: gitea.iswearihadsomethingforthis.net
           username: ${{ gitea.actor }}
           password: ${{ secrets.G1T34_TOKEN }}
       - name: Build and push
         id: docker_build
         uses: docker/build-push-action@v5
         with:
           context: .
           file: ./brain/Dockerfile
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
             PYTHON_VERSION=${{ steps.config.outputs.python_version }}
             PYTHON_VERSION_SHORT=${{ steps.config.outputs.python_version_short }}
             RUNNER=${{ steps.config.outputs.runner }}
       - name: 🛡️ Run Trivy Vulnerability Scanner
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: ${{ steps.meta.outputs.tags }}
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
           severity: 'CRITAL, HIGH'

84 lines 2.3 KiB YAML Raw Blame History

84 lines

2.3 KiB

YAML

Raw Blame History