diff --git a/.github/workflows/merge.yaml b/.github/workflows/merge.yaml index 29a7969d7..d89b4ee3f 100644 --- a/.github/workflows/merge.yaml +++ b/.github/workflows/merge.yaml @@ -20,6 +20,7 @@ jobs: check-build-deploy: environment: ${{ (github.ref_name == 'main' && 'prod-govtool') || (github.ref_name == 'staging' && 'pre-prod-govtool') || (github.ref_name == 'test' && 'qa-govtool') || (github.ref_name == 'develop' && 'dev-govtool') }} strategy: + fail-fast: false matrix: include: - workdir: ./govtool/backend @@ -120,9 +121,10 @@ jobs: context: ${{ matrix.workdir }} file: ${{ matrix.dockerfile }} tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} - load: true + load: false cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache + outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar build-args: | VITE_APP_ENV=${{ secrets.VITE_APP_ENV }} VITE_BASE_URL=${{ secrets.VITE_BASE_URL }} @@ -145,11 +147,11 @@ jobs: - name: Scan Docker image with Dockle id: dockle run: | - wget https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz - tar zxvf dockle_0.4.14_Linux-64bit.tar.gz + wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz + tar zxf dockle_0.4.14_Linux-64bit.tar.gz sudo mv dockle /usr/local/bin - dockle --exit-level fatal --format json --output ${{ matrix.workdir }}/dockle_scan_output.json ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} + dockle --exit-code 1 --exit-level fatal --format json -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --input '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json echo " dockle exited w/ $?" cat ${{ matrix.workdir }}/dockle_scan_output.json @@ -157,30 +159,6 @@ jobs: - name: Push Docker image to GHCR run: | + docker load -i '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' + rm -rf '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' docker push ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} - - - name: Deploy with Qovery - if: github.ref == 'refs/heads/develop' - env: - QOVERY_CLI_ACCESS_TOKEN: ${{secrets.QOVERY_CLI_ACCESS_TOKEN }} - run: | - - echo "Deploying on $ENVIRONMENT" - echo "Organization - ${{ vars.ORGANIZATION }}" - echo "Project - ${{ vars.PROJECT }}" - - # Download and install Qovery CLI - curl -s https://get.qovery.com | bash - - qovery container list \ - --organization ${{ vars.ORGANIZATION }} \ - --project ${{ vars.PROJECT }} \ - --environment $ENVIRONMENT - - qovery container deploy \ - --organization ${{ vars.ORGANIZATION }} \ - --project ${{ vars.PROJECT }} \ - --environment $ENVIRONMENT \ - --container ${{ matrix.qovery_container_name }} \ - --tag ${{ env.TAG }} \ - --watch diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 44601ee2c..7b5c56857 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -16,6 +16,7 @@ permissions: jobs: static-checks: strategy: + fail-fast: false matrix: include: - workdir: ./govtool/backend @@ -107,9 +108,10 @@ jobs: context: ${{ matrix.workdir }} file: ${{ matrix.dockerfile }} tags: ${{ steps.image_lowercase.outputs.lowercase }} - load: true - # cache-from: type=local,src=/tmp/.buildx-cache - # cache-to: type=local,dest=/tmp/.buildx-cache + load: false + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar build-args: | VITE_APP_ENV=${{ secrets.VITE_APP_ENV }} VITE_BASE_URL=${{ secrets.VITE_BASE_URL }} @@ -125,17 +127,12 @@ jobs: - name: Scan Docker image with Dockle id: dockle run: | - set -ex - wget https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz - tar zxvf dockle_0.4.14_Linux-64bit.tar.gz + wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz + tar zxf dockle_0.4.14_Linux-64bit.tar.gz sudo mv dockle /usr/local/bin - docker images - docker image prune -af --filter "until=1h" - docker save ${{ steps.image_lowercase.outputs.lowercase }} -o image.tar || : - touch ${{ matrix.workdir }}/dockle_scan_output.json - dockle --input image.tar --exit-level fatal --format json --output ${{ matrix.workdir }}/dockle_scan_output.json || : - rm -rf image.tar - echo " dockle exited w/ $?" + + dockle --exit-code 1 --exit-level fatal -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --format json --input '/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json + rm -rf '/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar' cat ${{ matrix.workdir }}/dockle_scan_output.json echo "outcome=success" >> $GITHUB_OUTPUT