francwa/alfred
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Packages Projects Releases Wiki Activity
Files
c256b266014318feb52092bff1fbd5f697ec3c0d
alfred/.gitea/workflows/ci.yml
Francwa c256b26601
Some checks failed
CI/CD Awesome Pipeline / Test (push) Successful in 48s
Details
CI/CD Awesome Pipeline / Build & Push to Registry (push) Failing after 6m18s
Details
fix: fixed vulnerability scanner issue in CI/CD pipeline
2025-12-22 10:59:34 +01:00

87 lines
2.4 KiB
YAML
Raw Blame History

name: CI/CD Awesome Pipeline
on:
push:
branches: [main]
tags:
- 'v*.*.*'
pull_request:
branches: [main]
env:
REGISTRY_URL: ${{ vars.REGISTRY_URL || 'gitea.iswearihadsomethingforthis.net' }}
REGISTRY_USER: ${{ vars.REGISTRY_USER || 'francwa' }}
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build and run tests
env:
DEEPSEEK_API_KEY: ${{ secrets.DEEPSEEK_API_KEY }}
TMDB_API_KEY: ${{ secrets.TMDB_API_KEY }}
run: make _ci-run-tests
build-and-push:
name: Build & Push to Registry
runs-on: ubuntu-latest
needs: test
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Load config from Makefile
id: config
run: make -s _ci-dump-config >> $GITHUB_OUTPUT
- name: 🏷️ Docker Metadata (Tags & Labels)
id: meta
uses: docker/metadata-action@v5
with:
images: gitea.iswearihadsomethingforthis.net/francwa/${{ steps.config.outputs.image_name }}
tags: |
# Case 1 - Git Tag (v1.2.3)
type=semver,pattern={{ version }}
# Case 2 - Push on main
type=raw,value=latest,enable={{ is_default_branch }}
# Both case - Commit sha
type=sha
- name: Login to Gitea Registry
uses: docker/login-action@v3
with:
registry: gitea.iswearihadsomethingforthis.net
username: ${{ gitea.actor }}
password: ${{ secrets.G1T34_TOKEN }}
- name: Build and push
id: docker_build
uses: docker/build-push-action@v5
with:
context: .
file: ./brain/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
PYTHON_VERSION=${{ steps.config.outputs.python_version }}
PYTHON_VERSION_SHORT=${{ steps.config.outputs.python_version_short }}
RUNNER=${{ steps.config.outputs.runner }}
- name: 🛡️ Run Trivy Vulnerability Scanner
uses: aquasecurity/trivy-action@master
env:
# Unset the fake GITHUB_TOKEN injected by Gitea
GITHUB_TOKEN: ""
with:
image-ref: ${{ steps.meta.outputs.tags }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITAL, HIGH'
Reference in New Issue View Git Blame Copy Permalink