-
-
Notifications
You must be signed in to change notification settings - Fork 5
140 lines (115 loc) · 4.05 KB
/
docker-image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: CI
on:
push:
branches:
- master
pull_request:
permissions:
contents: write
packages: write
pull-requests: write
jobs:
changelog:
name: Changelog
if: github.event_name != 'pull_request'
runs-on: ubuntu-latest
outputs:
skipped: ${{ steps.changelog.outputs.skipped }}
tag: ${{ steps.changelog.outputs.tag }}
clean_changelog: ${{ steps.changelog.outputs.clean_changelog }}
version: ${{ steps.changelog.outputs.version }}
steps:
- uses: actions/checkout@v4
- name: Conventional Changelog Action
id: changelog
uses: TriPSs/conventional-changelog-action@v5
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Create Release
uses: softprops/action-gh-release@v2
if: ${{ steps.changelog.outputs.skipped == 'false' }}
with:
name: ${{ steps.changelog.outputs.tag }}
tag_name: ${{ steps.changelog.outputs.tag }}
body: ${{ steps.changelog.outputs.clean_changelog }}
token: ${{ secrets.GITHUB_TOKEN }}
bandit:
name: SAST with Bandit
needs: changelog
if: github.event_name != 'pull_request' && needs.changelog.outputs.skipped == 'false'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: Install Bandit
run: pip install bandit
- name: Run Bandit
run: bandit -r linkedindumper.py --severity-level medium
deploy:
name: Deploy Image
needs: [changelog, bandit]
if: github.event_name != 'pull_request' && needs.changelog.outputs.skipped == 'false'
runs-on: ubuntu-latest
steps:
- name: Get repository name
id: get_repo
run: echo "REPO_NAME=$(echo ${{ github.repository }} | cut -d'/' -f2 | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: Login to Dockerhub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Extract version parts
id: extract_version
run: |
VERSION=${{ needs.changelog.outputs.version }}
MAJOR_MINOR=$(echo $VERSION | cut -d'.' -f1,2)
echo "MAJOR_MINOR_TAG=${MAJOR_MINOR}.x" >> $GITHUB_ENV
- name: Setup Docker Metadata
uses: docker/metadata-action@v5
id: meta
with:
images: |
docker.io/${{ secrets.DOCKER_HUB_USERNAME }}/${{ env.REPO_NAME }}
tags: |
latest
${{ needs.changelog.outputs.version }}
${{ env.MAJOR_MINOR_TAG }}
- name: Build and Push Docker Image
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5
with:
context: .
file: Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
release:
name: Release
needs: [changelog, bandit]
if: github.event_name != 'pull_request' && needs.changelog.outputs.skipped == 'false'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: Debug Changelog Outputs
run: echo ${{ needs.changelog.outputs.tag }}
- name: Create Release
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
tag_name: ${{ needs.changelog.outputs.tag }}
prerelease: false
draft: false
generate_release_notes: true
name: ${{ needs.changelog.outputs.tag }}
body: |
<details>
<summary>🤖 Autogenerated Conventional Changelog</summary>
${{ needs.changelog.outputs.clean_changelog }}
</details>