Skip to content

Merge pull request #2496 from IntersectMBO/develop #342

Merge pull request #2496 from IntersectMBO/develop

Merge pull request #2496 from IntersectMBO/develop #342

Workflow file for this run

name: Check,Build,Deploy
on:
push:
branches:
- develop
- test
- staging
- main
permissions:
contents: write
pull-requests: write
packages: write
env:
ENVIRONMENT: ${{ (github.ref_name == 'main' && 'prod-govtool') || (github.ref_name == 'staging' && 'pre-prod-govtool') || (github.ref_name == 'test' && 'qa-govtool') || (github.ref_name == 'develop' && 'dev-govtool') }}
jobs:
check-build-deploy:
environment: ${{ (github.ref_name == 'main' && 'prod-govtool') || (github.ref_name == 'staging' && 'pre-prod-govtool') || (github.ref_name == 'test' && 'qa-govtool') || (github.ref_name == 'develop' && 'dev-govtool') }}
strategy:
fail-fast: false
matrix:
include:
- workdir: ./govtool/backend
name: govtool-backend
dockerfile: ./govtool/backend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-govtool-backend
qovery_container_name: govtool-backend
- workdir: ./govtool/frontend
name: govtool-frontend
dockerfile: ./govtool/frontend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-govtool-frontend
qovery_container_name: govtool-frontend
- workdir: ./govtool/metadata-validation
name: govtool-metadata-validation
dockerfile: ./govtool/metadata-validation/Dockerfile
image: ghcr.io/${{ github.repository }}-govtool-metadata-validation
qovery_container_name: govtool-metadata-validation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set TAG Environment Variable
id: set_tag
run: |
if [ "${{ github.ref_name }}" = "main" ]; then
echo "TAG=${{ github.sha }}" >> $GITHUB_ENV
else
echo "TAG=${{ github.ref_name }}-${{ github.sha }}" >> $GITHUB_ENV
fi
- name: Lint Dockerfile
id: hadolint
uses: hadolint/hadolint-action@v3.1.0
with:
failure-threshold: error
format: json
dockerfile: ${{ matrix.dockerfile }}
# output-file: hadolint_output.json
- name: Save Hadolint output
id: save_hadolint_output
if: always()
run: cd ${{ matrix.workdir }} && echo "$HADOLINT_RESULTS" | jq '.' > hadolint_output.json
- name: Print Dockerfile lint output
run: |
cd ${{ matrix.workdir }}
echo "-----HADOLINT RESULT-----"
echo "Outcome: ${{ steps.hadolint.outcome }}"
echo "-----DETAILS--------"
cat hadolint_output.json
echo "--------------------"
- name: Code lint
id: code_lint
run: |
cd ${{ matrix.workdir }}
if [ ! -f lint.sh ]; then
echo "lint skipped" | tee code_lint_output.txt
exit 0
fi
set -o pipefail
sudo chmod +x lint.sh && ./lint.sh 2>&1 | tee code_lint_output.txt
- name: Unit tests
id: unit_tests
run: |
cd ${{ matrix.workdir }}
if [ ! -f unit-test.sh ]; then
echo "unit tests skipped" | tee code_lint_output.txt
exit 0
fi
set -o pipefail
sudo chmod +x unit-test.sh && ./unit-test.sh 2>&1 | tee unit_test_output.txt
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- id: image_lowercase
uses: ASzc/change-string-case-action@v6
with:
string: ${{ matrix.image }}
- name: Build Docker image
uses: docker/build-push-action@v5
with:
context: ${{ matrix.workdir }}
file: ${{ matrix.dockerfile }}
tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
load: false
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar
build-args: |
VITE_APP_ENV=${{ secrets.VITE_APP_ENV }}
VITE_BASE_URL=${{ secrets.VITE_BASE_URL }}
VITE_METADATA_API_URL=${{ secrets.VITE_METADATA_API_URL }}
VITE_GTM_ID=${{ secrets.VITE_GTM_ID }}
VITE_NETWORK_FLAG=${{ secrets.VITE_NETWORK_FLAG }}
VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }}
NPMRC_TOKEN=${{ secrets.NPMRC_TOKEN }}
VITE_USERSNAP_SPACE_API_KEY=${{ secrets.VITE_USERSNAP_SPACE_API_KEY }}
VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED=${{ secrets.VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED }}
VITE_PDF_API_URL=${{ secrets.VITE_PDF_API_URL }}
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Scan Docker image with Dockle
id: dockle
run: |
wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
tar zxf dockle_0.4.14_Linux-64bit.tar.gz
sudo mv dockle /usr/local/bin
dockle --exit-code 1 --exit-level fatal --format json -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --input '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json
echo " dockle exited w/ $?"
cat ${{ matrix.workdir }}/dockle_scan_output.json
echo "outcome=success" >> $GITHUB_OUTPUT
- name: Push Docker image to GHCR
run: |
docker load -i '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
rm -rf '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
docker push ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
- name: Add tag as a PR comment
uses: ubie-oss/comment-to-merged-pr-action@v0.3.3
id: comment-to-merged-pr
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
message: |-
This PR is in the tag: ${{ env.TAG }} , for ${{ matrix.name }} service