From 09a2a4f9e531b93684b0916a5146091a818501d3 Mon Sep 17 00:00:00 2001 From: bunkerity Date: Mon, 21 Jun 2021 15:32:13 +0200 Subject: [PATCH] github actions refactoring --- .../autotest-bunkerized-nginx-autoconf.yml | 26 -------- .../autotest-bunkerized-nginx-ui.yml | 26 -------- .../workflows/autotest-bunkerized-nginx.yml | 26 -------- .../build-bunkerized-nginx-autoconf.yml | 62 ++++++++++++++++++- .../workflows/build-bunkerized-nginx-ui.yml | 62 ++++++++++++++++++- .github/workflows/build-bunkerized-nginx.yml | 53 +++++++++++++++- tests/linux.sh | 0 7 files changed, 170 insertions(+), 85 deletions(-) delete mode 100644 .github/workflows/autotest-bunkerized-nginx-autoconf.yml delete mode 100644 .github/workflows/autotest-bunkerized-nginx-ui.yml delete mode 100644 .github/workflows/autotest-bunkerized-nginx.yml mode change 100644 => 100755 tests/linux.sh diff --git a/.github/workflows/autotest-bunkerized-nginx-autoconf.yml b/.github/workflows/autotest-bunkerized-nginx-autoconf.yml deleted file mode 100644 index fcc74b3..0000000 --- a/.github/workflows/autotest-bunkerized-nginx-autoconf.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: Automatic test on autoconf - -on: - push: - branches: [dev, master] - pull_request: - branches: [dev, master] - -jobs: - test: - runs-on: ubuntu-latest - steps: - - name: Checkout source code - uses: actions/checkout@v2 - - name: Build the image - run: docker build -t autotest-autoconf -f autoconf/Dockerfile . - - name: Run Trivy security scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: 'autotest-autoconf' - format: 'table' - exit-code: '1' - ignore-unfixed: true - severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' - - diff --git a/.github/workflows/autotest-bunkerized-nginx-ui.yml b/.github/workflows/autotest-bunkerized-nginx-ui.yml deleted file mode 100644 index 0ad629b..0000000 --- a/.github/workflows/autotest-bunkerized-nginx-ui.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: Automatic test on ui - -on: - push: - branches: [dev, master] - pull_request: - branches: [dev, master] - -jobs: - test: - runs-on: ubuntu-latest - steps: - - name: Checkout source code - uses: actions/checkout@v2 - - name: Build the image - run: docker build -t autotest-ui -f ui/Dockerfile . - - name: Run Trivy security scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: 'autotest-ui' - format: 'table' - exit-code: '1' - ignore-unfixed: true - severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' - - diff --git a/.github/workflows/autotest-bunkerized-nginx.yml b/.github/workflows/autotest-bunkerized-nginx.yml deleted file mode 100644 index f34c7d7..0000000 --- a/.github/workflows/autotest-bunkerized-nginx.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: Automatic test - -on: - push: - branches: [dev, master] - pull_request: - branches: [dev, master] - -jobs: - test: - runs-on: ubuntu-latest - steps: - - name: Checkout source code - uses: actions/checkout@v2 - - name: Build the image - run: docker build -t autotest . - - name: Run autotest - run: docker run autotest test - - name: Run Trivy security scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: 'autotest' - format: 'table' - exit-code: '1' - ignore-unfixed: true - severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' diff --git a/.github/workflows/build-bunkerized-nginx-autoconf.yml b/.github/workflows/build-bunkerized-nginx-autoconf.yml index 39c4cb7..6f4724c 100644 --- a/.github/workflows/build-bunkerized-nginx-autoconf.yml +++ b/.github/workflows/build-bunkerized-nginx-autoconf.yml @@ -23,13 +23,70 @@ jobs: - name: Setup Buildx uses: docker/setup-buildx-action@v1 + - name: Setup Docker cache + uses: actions/cache@v2 + if: github.ref == 'refs/heads/dev' + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + - name: Login to Docker Hub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - - name: Build and push (dev) + - name: Build (dev) + uses: docker/build-push-action@v2 + if: github.ref == 'refs/heads/dev' + with: + context: . + file: autoconf/Dockerfile + platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 + push: false + tags: bunkerity/bunkerized-nginx-autoconf:dev + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + + - name: Move Docker cache + if: github.ref == 'refs/heads/dev' + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + - name: Build (master) + uses: docker/build-push-action@v2 + if: github.ref == 'refs/heads/master' + with: + context: . + file: autoconf/Dockerfile + platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 + push: false + tags: bunkerity/bunkerized-nginx-autoconf:latest,bunkerity/bunkerized-nginx-autoconf:${{ env.VERSION }} + + - name: Run Trivy security scanner (dev) + if: github.ref == 'refs/heads/dev' + uses: aquasecurity/trivy-action@master + with: + image-ref: 'bunkerity/bunkerized-nginx-autoconf:dev' + format: 'table' + exit-code: '1' + ignore-unfixed: true + severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' + + - name: Run Trivy security scanner (master) + if: github.ref == 'refs/heads/master' + uses: aquasecurity/trivy-action@master + with: + image-ref: 'bunkerity/bunkerized-nginx-autoconf' + format: 'table' + exit-code: '1' + ignore-unfixed: true + severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' + + - name: Push (dev) uses: docker/build-push-action@v2 if: github.ref == 'refs/heads/dev' with: @@ -38,8 +95,9 @@ jobs: platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 push: true tags: bunkerity/bunkerized-nginx-autoconf:dev + cache-from: type=local,src=/tmp/.buildx-cache - - name: Build and push (master) + - name: Push (master) uses: docker/build-push-action@v2 if: github.ref == 'refs/heads/master' with: diff --git a/.github/workflows/build-bunkerized-nginx-ui.yml b/.github/workflows/build-bunkerized-nginx-ui.yml index ad7c177..0098b19 100644 --- a/.github/workflows/build-bunkerized-nginx-ui.yml +++ b/.github/workflows/build-bunkerized-nginx-ui.yml @@ -23,13 +23,70 @@ jobs: - name: Setup Buildx uses: docker/setup-buildx-action@v1 + - name: Setup Docker cache + uses: actions/cache@v2 + if: github.ref == 'refs/heads/dev' + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + - name: Login to Docker Hub uses: docker/login-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - - name: Build and push (dev) + - name: Build (dev) + uses: docker/build-push-action@v2 + if: github.ref == 'refs/heads/dev' + with: + context: . + file: ui/Dockerfile + platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 + push: false + tags: bunkerity/bunkerized-nginx-ui:dev + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + + - name: Move Docker cache + if: github.ref == 'refs/heads/dev' + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + - name: Build (master) + uses: docker/build-push-action@v2 + if: github.ref == 'refs/heads/master' + with: + context: . + file: ui/Dockerfile + platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 + push: false + tags: bunkerity/bunkerized-nginx-ui:latest,bunkerity/bunkerized-nginx-ui:${{ env.VERSION }} + + - name: Run Trivy security scanner (dev) + if: github.ref == 'refs/heads/dev' + uses: aquasecurity/trivy-action@master + with: + image-ref: 'bunkerity/bunkerized-nginx-ui:dev' + format: 'table' + exit-code: '1' + ignore-unfixed: true + severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' + + - name: Run Trivy security scanner (master) + if: github.ref == 'refs/heads/master' + uses: aquasecurity/trivy-action@master + with: + image-ref: 'bunkerity/bunkerized-nginx-ui' + format: 'table' + exit-code: '1' + ignore-unfixed: true + severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' + + - name: Push (dev) uses: docker/build-push-action@v2 if: github.ref == 'refs/heads/dev' with: @@ -38,8 +95,9 @@ jobs: platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 push: true tags: bunkerity/bunkerized-nginx-ui:dev + cache-from: type=local,src=/tmp/.buildx-cache - - name: Build and push (master) + - name: Push (master) uses: docker/build-push-action@v2 if: github.ref == 'refs/heads/master' with: diff --git a/.github/workflows/build-bunkerized-nginx.yml b/.github/workflows/build-bunkerized-nginx.yml index 35312a7..be8fc55 100644 --- a/.github/workflows/build-bunkerized-nginx.yml +++ b/.github/workflows/build-bunkerized-nginx.yml @@ -38,13 +38,13 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - - name: Build and push (dev) + - name: Build (dev) uses: docker/build-push-action@v2 if: github.ref == 'refs/heads/dev' with: context: . platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 - push: true + push: false tags: bunkerity/bunkerized-nginx:dev cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new @@ -55,7 +55,54 @@ jobs: rm -rf /tmp/.buildx-cache mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - name: Build and push (master) + - name: Build (master) + uses: docker/build-push-action@v2 + if: github.ref == 'refs/heads/master' + with: + context: . + platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 + push: false + tags: bunkerity/bunkerized-nginx:latest,bunkerity/bunkerized-nginx:${{ env.VERSION }} + + - name: Run autotest (dev) + if: github.ref == 'refs/heads/dev' + run: docker run bunkerity/bunkerized-nginx:dev test + + - name: Run autotest (master) + if: github.ref == 'refs/heads/master' + run: docker run bunkerity/bunkerized-nginx test + + - name: Run Trivy security scanner (dev) + if: github.ref == 'refs/heads/dev' + uses: aquasecurity/trivy-action@master + with: + image-ref: 'bunkerity/bunkerized-nginx:dev' + format: 'table' + exit-code: '1' + ignore-unfixed: true + severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' + + - name: Run Trivy security scanner (master) + if: github.ref == 'refs/heads/master' + uses: aquasecurity/trivy-action@master + with: + image-ref: 'bunkerity/bunkerized-nginx' + format: 'table' + exit-code: '1' + ignore-unfixed: true + severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' + + - name: Push (dev) + uses: docker/build-push-action@v2 + if: github.ref == 'refs/heads/dev' + with: + context: . + platforms: linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 + push: true + tags: bunkerity/bunkerized-nginx:dev + cache-from: type=local,src=/tmp/.buildx-cache + + - name: Push (master) uses: docker/build-push-action@v2 if: github.ref == 'refs/heads/master' with: diff --git a/tests/linux.sh b/tests/linux.sh old mode 100644 new mode 100755