Version 0.19.4 #203
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Pull requests: master' | |
| on: | |
| pull_request: | |
| branches: | |
| - master | |
| jobs: | |
| skip: | |
| name: Check release skip | |
| runs-on: ubuntu-latest | |
| if: "! contains(github.event.pull_request.title, '[release skip]')" | |
| steps: | |
| - run: echo "${{ github.event.pull_request.title }}" | |
| check_release_name: | |
| name: Check release name | |
| runs-on: ubuntu-latest | |
| needs: [skip] | |
| steps: | |
| - uses: actions/checkout@master | |
| - shell: bash | |
| id: validate | |
| run: | | |
| VERSION='${{github.event.pull_request.title}}' | |
| if [[ $VERSION =~ ([0-9]+\.[0-9]+\.[0-9]+) ]]; then | |
| echo "::set-output name=version::${BASH_REMATCH[1]}" | |
| else | |
| exit 1 | |
| fi | |
| - shell: bash | |
| name: Make tag test. | |
| run: | | |
| git tag ${{steps.validate.outputs.version}} | |
| git tag -d ${{steps.validate.outputs.version}} | |
| - uses: thollander/actions-comment-pull-request@main | |
| with: | |
| message: | | |
| **Merging this request will create release:** | |
| Release name: Release ${{steps.validate.outputs.version}} | |
| Tag: `${{steps.validate.outputs.version}}` | |
| _Don't edit the merge commit message._ | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: thollander/actions-comment-pull-request@main | |
| with: | |
| message: | | |
| Failed. The possible causes are as: | |
| 1) Pull requests name is incorrect. Please include `[(\d+\.\d+\.\d+)]`. | |
| 2) Tag already exists. | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| if: failure() | |
| dockle: | |
| name: Dockle scan | |
| runs-on: ubuntu-latest | |
| needs: [skip] | |
| steps: | |
| - uses: actions/checkout@master | |
| - run: docker login --username ${{ secrets.DOCKER_HUB_USER }} --password ${{ secrets.DOCKER_HUB_TOKEN }} | |
| - name: Build docker image | |
| run: docker build ./ -t ${IMAGE_NAME} --file Dockerfile | |
| - name: Install dockle | |
| run: | | |
| VERSION=$(curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | \ | |
| grep '"tag_name":' | \ | |
| sed -E 's/.*"v([^"]+)".*/\1/' \ | |
| ) | |
| curl -L -o dockle.deb https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.deb | |
| sudo dpkg -i dockle.deb | |
| rm dockle.deb | |
| - name: Check image with dockle | |
| # CIS-DI-0001: Create a user for the container | |
| # DKL-DI-0006: Avoid latest tag | |
| run: dockle --exit-code 1 --exit-level warn -i CIS-DI-0001 -i DKL-DI-0006 ${IMAGE_NAME} | |
| - name: Slack Notification | |
| uses: 8398a7/action-slack@v2 | |
| if: cancelled() || failure() | |
| with: | |
| status: ${{ job.status }} | |
| author_name: ProjectPrimera/ongeki-score | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TEST }} | |
| env: | |
| IMAGE_NAME: projectprimera/ongeki-score | |
| trivy: | |
| name: Trivy scan | |
| runs-on: ubuntu-latest | |
| needs: [skip] | |
| steps: | |
| - uses: actions/checkout@master | |
| - run: docker login --username ${{ secrets.DOCKER_HUB_USER }} --password ${{ secrets.DOCKER_HUB_TOKEN }} | |
| - name: Build docker image | |
| run: docker build ./ -t ${IMAGE_NAME} --file Dockerfile | |
| - name: Install trivy | |
| run: | | |
| sudo apt-get install apt-transport-https gnupg | |
| wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - | |
| echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -cs) main | sudo tee -a /etc/apt/sources.list.d/trivy.list | |
| sudo apt-get update | |
| sudo apt-get install trivy | |
| - name: Vulnerability scan with trivy | |
| run: trivy -q image ${IMAGE_NAME} | |
| # run: trivy -q --severity HIGH,CRITICAL --exit-code 1 ${IMAGE_NAME} | |
| - name: Slack Notification | |
| uses: 8398a7/action-slack@v2 | |
| if: cancelled() || failure() | |
| with: | |
| status: ${{ job.status }} | |
| author_name: ProjectPrimera/ongeki-score | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TEST }} | |
| env: | |
| IMAGE_NAME: projectprimera/ongeki-score | |
| slack: | |
| name: Slack Notification | |
| runs-on: ubuntu-latest | |
| needs: [skip, check_release_name, dockle, trivy] | |
| steps: | |
| - name: Slack Notification | |
| uses: 8398a7/action-slack@v2 | |
| if: always() | |
| with: | |
| status: ${{ job.status }} | |
| author_name: ProjectPrimera/ongeki-score | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TEST }} | |
| labeler: | |
| name: Set label | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/labeler@v2 | |
| with: | |
| repo-token: "${{ secrets.GITHUB_TOKEN }}" | |
| configuration-path: ".github/labeler-master.yml" |