Merge pull request #43 from ispeakc0de/fix-release-pipeline

ispeakc0de · web-flow · commit 221dfdb42f5b · 2024-10-15T23:47:29.000+05:30
(chore): Fix the build, push, and release pipeline
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,109 +1,90 @@
 ---
-name: litmus-ansible-ci
+name: Build
 on:
   pull_request:
-    branches:
-      - master    
-  push:
-    branches:
-      - master
-    tags-ignore:
-      - '**'
+    branches: [master]
+    types: [opened, synchronize, reopened]
 
 env:
   DOCKER_REPO: litmuschaos
   DOCKER_IMAGE: ansible-runner
   DOCKER_TAG: ci
 
-defaults:
-  run:
-    shell: bash
-
 jobs:
-
-  build:
+  pre-checks:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v2
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
 
-      - name: Build Image
-        env:
-          SAVE_PATH: ${{ github.workspace }}        
-        run: |
-          make build
-          make save
-          chmod +x ${{ github.workspace }}/image.tar
+      - name: checking dependencies are installed
+        run: make deps
 
-      - name: Upload artifact
-        uses: actions/upload-artifact@v2
+      - name: Running ansible syntax-checks
+        run: make syntax-checks
+
+      - name: Running ansible lint-checks
+        run: make lint-checks
+
+  gitleaks-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
         with:
-          name: myimage
-          path: |
-            ${{ github.workspace }}/image.tar
-            ${{ github.workspace }}/tag.txt     
+          fetch-depth: 0
+      - name: Run GitLeaks
+        run: |
+          wget https://github.com/gitleaks/gitleaks/releases/download/v8.18.2/gitleaks_8.18.2_linux_x64.tar.gz && \
+          tar -zxvf gitleaks_8.18.2_linux_x64.tar.gz && \
+          sudo mv gitleaks /usr/local/bin && gitleaks detect --source . -v
+
 
-  image-checks: 
+  build:
+    needs: pre-checks
     runs-on: ubuntu-latest
-    needs: build
     steps:
-      - name: Checkout
-        uses: actions/checkout@v2
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
 
-      - name: Download artifact
-        uses: actions/download-artifact@v2
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
         with:
-          name: myimage
-          path: ${{ github.workspace }}
-          
-      - name: Load Docker image
-        run: |
-          docker load --input ${{ github.workspace }}/image.tar        
+          platforms: all
 
-      - name: checking dependencies are installed
-        run: make deps
-                  
-      - name: Running ansible syntax-checks
-        run: make syntax-checks
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          version: latest
 
-      - name: Running ansible lint-checks
-        run: make lint-checks   
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          push: false
+          file: build/ansible-runner/Dockerfile
+          platforms: linux/amd64
+          tags: litmuschaos/ansible-runner:ci
 
+  trivy:
+    needs: pre-checks
+    runs-on: ubuntu-latest
+    steps:
       - uses: actions/checkout@v2
         with:
-          ref: ${{ github.event.pull_request.head.sha }}  
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Build an image from Dockerfile
+        run: |
+          docker build -f build/ansible-runner/Dockerfile -t docker.io/litmuschaos/ansible-runner:${{ github.sha }} . --build-arg TARGETARCH=amd64
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: 'litmuschaos/ansible-runner:ci'
+          image-ref: 'docker.io/litmuschaos/ansible-runner:${{ github.sha }}'
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
           vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'                                                      
-         
-  push:
-    runs-on: ubuntu-latest
-    needs: [build,image-checks]
-    if: github.event_name == 'push'
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2      
-      
-      - name: Download artifact
-        uses: actions/download-artifact@v2
-        with:
-          name: myimage
-          path: ${{ github.workspace }}
-          
-      - name: Load Docker image
-        run: |
-          docker load --input ${{ github.workspace }}/image.tar
-
-      - name: Push Image
-        env:
-          DNAME: ${{ secrets.DNAME }}
-          DPASS: ${{ secrets.DPASS }}          
-        run: |
-          make push
+          severity: 'CRITICAL,HIGH'
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -0,0 +1,59 @@
+---
+name: Push
+on:
+  push:
+    branches:
+      - master
+    tags-ignore:
+      - '**'
+
+env:
+  DOCKER_REPO: litmuschaos
+  DOCKER_IMAGE: ansible-runner
+  DOCKER_TAG: ci
+
+jobs:
+  pre-checks:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: checking dependencies are installed
+        run: make deps
+
+      - name: Running ansible syntax-checks
+        run: make syntax-checks
+
+      - name: Running ansible lint-checks
+        run: make lint-checks
+
+  push:
+    needs: pre-checks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          version: latest
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DNAME }}
+          password: ${{ secrets.DPASS }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          file: build/ansible-runner/Dockerfile
+          platforms: linux/amd64
+          tags: litmuschaos/ansible-runner:ci
diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml
@@ -12,14 +12,13 @@ env:
 
 defaults:
   run:
-    shell: bash  
+    shell: bash
 
 jobs:
-  release-build:
+  push:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v2
+      - uses: actions/checkout@v2
 
       - name: Set Tag
         run: |
@@ -32,46 +31,29 @@ jobs:
           echo "RELEASE TAG: ${RELEASE_TAG}"
           echo "${RELEASE_TAG}" > ${{ github.workspace }}/tag.txt
 
-      - name: Build Image
-        env:
-          DOCKER_TAG: ${RELEASE_TAG}
-          SAVE_PATH: ${{ github.workspace }}
-        run: |
-          make build
-          make save
-          chmod +x ${{ github.workspace }}/image.tar
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        with:
+          platforms: all
 
-      - name: Upload artifact
-        uses: actions/upload-artifact@v2
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
         with:
-          name: myimage
-          path: |
-            ${{ github.workspace }}/image.tar
-            ${{ github.workspace }}/tag.txt
-                 
-  release-push:
-    runs-on: ubuntu-latest
-    needs: [release-build]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2      
-      
-      - name: Download artifact
-        uses: actions/download-artifact@v2
+          version: latest
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
         with:
-          name: myimage
-          path: ${{ github.workspace }}
-          
-      - name: Load Docker image
-        run: |
-          docker load --input ${{ github.workspace }}/image.tar
-          RELEASE_TAG=`cat ${{ github.workspace }}/tag.txt`
-          echo "RELEASE_TAG=${RELEASE_TAG}" >> $GITHUB_ENV
+          username: ${{ secrets.DNAME }}
+          password: ${{ secrets.DPASS }}
 
-      - name: Push Image
+      - name: Build and push
+        uses: docker/build-push-action@v2
         env:
-          DOCKER_TAG: ${RELEASE_TAG}
-          DNAME: ${{ secrets.DNAME }}
-          DPASS: ${{ secrets.DPASS }}          
-        run: |
-          make push
+          RELEASE_TAG: ${{ env.RELEASE_TAG }}
+        with:
+          push: true
+          file: build/ansible-runner/Dockerfile
+          platforms: linux/amd64
+          tags: litmuschaos/ansible-runner:${{ env.RELEASE_TAG }},litmuschaos/ansible-runner:latest
