CI/CD #182
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
on: | |
push: | |
tags: | |
- "[0-9]+.[0-9]+.[0-9]+" | |
schedule: | |
- cron: "0 5 * * 0" | |
workflow_dispatch: | |
env: | |
USER: loganmarchione | |
REPO: docker-php-startpage | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the codebase | |
uses: actions/checkout@v4 | |
- name: Setup PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: '8.2' | |
- name: Install dependencies | |
run: composer install --no-interaction --no-plugins --no-scripts --no-dev --prefer-dist --no-ansi --no-progress | |
- name: Lint PHP | |
uses: docker://ghcr.io/phpstan/phpstan | |
with: | |
args: analyse --level 7 index.php | |
- name: Lint Dockerfile with Hadolint | |
uses: hadolint/[email protected] | |
with: | |
failure-threshold: error | |
ignore: DL3008,DL3018 | |
# - name: PHP Compatibility | |
# uses: pantheon-systems/phpcompatibility-action@v1 | |
# with: | |
# skip-php-setup: true | |
# test-versions: 7.4- | |
# paths: ${{ github.workspace }} | |
ci: | |
name: Build and test | |
needs: lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the codebase | |
uses: actions/checkout@v4 | |
- name: Set variables | |
run: | | |
VER=$(cat VERSION) | |
echo "VERSION=$VER" >> $GITHUB_ENV | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build Docker Image | |
uses: docker/build-push-action@v5 | |
with: | |
push: false | |
context: . | |
file: Dockerfile | |
load: true | |
tags: | | |
${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }} | |
${{ env.USER }}/${{ env.REPO }}:latest | |
- name: Test image | |
run: | | |
docker images | |
docker run --name test-container --detach ${USER}/${REPO}:${VERSION} | |
docker ps -a | |
- name: Container scan with Dockle | |
uses: goodwithtech/[email protected] | |
with: | |
image: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}' | |
format: 'list' | |
exit-code: '1' | |
exit-level: 'warn' | |
ignore: 'CIS-DI-0001,CIS-DI-0010' | |
- name: Container scan with Trivy | |
uses: aquasecurity/[email protected] | |
with: | |
scan-type: 'image' | |
image-ref: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}' | |
trivy-config: ./github/trivy.yaml | |
cd: | |
name: Deploy | |
needs: ci | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the codebase | |
uses: actions/checkout@v4 | |
- name: Set variables | |
run: | | |
VER=$(cat VERSION) | |
echo "VERSION=$VER" >> $GITHUB_ENV | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USER }} | |
password: ${{ secrets.DOCKER_HUB_PASS }} | |
logout: true | |
- name: Build Docker Image | |
uses: docker/build-push-action@v5 | |
with: | |
push: true | |
context: . | |
file: Dockerfile | |
platforms: linux/amd64,linux/arm64,linux/arm/v7 | |
tags: | | |
${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }} | |
${{ env.USER }}/${{ env.REPO }}:latest |