-
Notifications
You must be signed in to change notification settings - Fork 79
159 lines (150 loc) · 4.74 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: Continuous Integration
on:
push:
branches:
- 'main'
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
paths-ignore:
- '**.md'
pull_request:
branches:
- main
types:
- opened
- reopened
- synchronize
paths-ignore:
- '**.md'
defaults:
run:
shell: bash
env:
DOCKER_BUILDKIT: 1
GOLANGCI_TIMEOUT: 10m0s
jobs:
vars:
name: Get variables
runs-on: ubuntu-20.04
outputs:
sha: ${{ steps.vars.outputs.sha }}
go_version: ${{ steps.vars.outputs.go_version }}
git_tag: ${{ steps.vars.outputs.git_tag }}
version: ${{ steps.vars.outputs.version }}
date: ${{ steps.vars.outputs.date }}
steps:
- name: Cancel Previous Runs
uses: styfle/cancel-workflow-action@0.9.1
with:
access_token: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout Repository
uses: actions/checkout@v3
- name: Output Variables
id: vars
run: |
echo "::set-output name=sha::$(echo ${GITHUB_SHA} | cut -c1-7)"
echo "::set-output name=go_version::$(grep "go 1." go.mod | cut -d " " -f 2)"
echo "::set-output name=git_tag::$(echo ${GITHUB_REF/refs\/tags\//} | tr -d v)"
echo "::set-output name=version::$(grep "VERSION = " Makefile | cut -d " " -f 3)"
echo "::set-output name=date::$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
lint:
name: Lint
runs-on: ubuntu-20.04
needs: vars
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Setup Golang Environment
uses: actions/setup-go@v3
with:
go-version: ${{ needs.vars.outputs.go_version }}
- name: Lint Code
uses: golangci/golangci-lint-action@v3.1.0
with:
args: --timeout ${{ env.GOLANGCI_TIMEOUT }}
unit-tests:
name: Unit Tests
runs-on: ubuntu-20.04
needs: vars
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Setup Golang Environment
uses: actions/setup-go@v3
with:
go-version: ${{ needs.vars.outputs.go_version }}
- name: Run Tests
run: make unit-test
- name: Upload Coverage Report
uses: actions/upload-artifact@v3
with:
name: cover-${{ needs.vars.outputs.sha }}.html
path: ${{ github.workspace }}/cover.html
if: always()
binary:
name: Build Binary
runs-on: ubuntu-20.04
needs: [vars, lint]
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Setup Golang Environment
uses: actions/setup-go@v3
with:
go-version: ${{ needs.vars.outputs.go_version }}
- name: Build Binary
run: make build
- name: Cache Artifacts
uses: actions/cache@v3
with:
path: ${{ github.workspace }}/build/.out/gateway
key: nginx-kubernetes-gateway-${{ github.run_id }}-${{ github.run_number }}
build:
name: Build Image
runs-on: ubuntu-20.04
needs: [vars, binary]
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Fetch Cached Artifacts
uses: actions/cache@v3
with:
path: ${{ github.workspace }}/build/.out/gateway
key: nginx-kubernetes-gateway-${{ github.run_id }}-${{ github.run_number }}
- name: Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Build Image Debian
uses: docker/build-push-action@v2
with:
file: build/Dockerfile
context: '.'
target: local
load: true
cache-from: type=gha
cache-to: type=gha,mode=max
tags: nginx/nginx-kubernetes-gateway:${{ needs.vars.outputs.sha }}
build-args: |
VERSION=${{ needs.vars.outputs.version }}
GIT_COMMIT=${{ needs.vars.outputs.sha }}
DATE=${{ needs.vars.outputs.date }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.2.2
continue-on-error: true
with:
image-ref: nginx/nginx-kubernetes-gateway:${{ needs.vars.outputs.sha }}
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results-nginx-kubernetes-gateway.sarif'
ignore-unfixed: 'true'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
continue-on-error: true
with:
sarif_file: 'trivy-results-nginx-kubernetes-gateway.sarif'
- name: Upload Scan Results
uses: actions/upload-artifact@v3
continue-on-error: true
with:
name: 'trivy-results-nginx-kubernetes-gateway.sarif'
path: 'trivy-results-nginx-kubernetes-gateway.sarif'
if: always()