Update .github-ci.yaml #62

Summary
Jobs
- build
- deploy
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/.github-ci.yaml at 859ec7b

	name: Build, Test, and Deploy Docker Image

	on:
	push:
	branches: [eoepca-beta01]

	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	# Step 1: Checkout repository
	- uses: actions/checkout@v4

	# Step 2: Install Trivy
	- name: Install Trivy
	run: \|
	sudo apt-get update -y
	sudo apt-get install -y wget apt-transport-https gnupg lsb-release
	wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key \| sudo apt-key add -
	echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main \| sudo tee -a /etc/apt/sources.list.d/trivy.list
	sudo apt-get update -y
	sudo apt-get install -y trivy

	# Step 3: Read image name
	- name: Read docker name
	id: yaml-docker-name
	uses: jbutcher5/read-yaml@main
	with:
	file: 'build.yml'
	key-path: '["docker_image_name"]'

	# Step 4: Read image version
	- name: Read docker version
	id: yaml-docker-version
	uses: jbutcher5/read-yaml@main
	with:
	file: 'build.yml'
	key-path: '["docker_image_version"]'

	# Step 5: Generate Docker tag
	- name: Generate docker tag
	env:
	GITHUB_BRANCH: ${{ github.ref }}
	docker_image_name: ${{ steps.yaml-docker-name.outputs.data }}
	docker_image_version: ${{ steps.yaml-docker-version.outputs.data }}
	run: \|
	branch_name=${GITHUB_BRANCH#refs/heads/}
	echo "branch_name=${GITHUB_BRANCH#refs/heads/}" >> $GITHUB_ENV
	if [[ "$branch_name" = "main" ]]
	then
	mType=""
	else
	mType="dev"
	fi
	echo "docker_tag=$docker_image_name:$docker_image_version" >> $GITHUB_ENV
	echo "docker_tag_latest=$docker_image_name:latest" >> $GITHUB_ENV
	docker_image_application=(${docker_image_name#*/})
	echo "docker_image_application=$docker_image_application" >> $GITHUB_ENV
	echo "docker_image_version=$docker_image_version" >> $GITHUB_ENV

	# Step 6: Build Docker image to inspect it with Trivy
	- name: Build Docker image
	run: \|
	tag="${docker_image_application}:${docker_image_version}"
	echo "${{ secrets.CR_PASSWORD }}" \| docker login -u "${{ secrets.CR_USERNAME }}" --password-stdin "${{ secrets.CR_REGISTRY }}"
	docker build -t "${{ secrets.CR_REGISTRY }}/${{ secrets.CR_REPO }}"/"${tag}" --file Dockerfile .

	# Step 7: Save Docker image as tar.gz
	- name: Save Docker Image as tar.gz
	run: \|
	tag="${docker_image_application}:${docker_image_version}"
	docker save "${{ secrets.CR_REGISTRY }}/${{ secrets.CR_REPO }}/${tag}" -o "${docker_image_application}_${docker_image_version}.tar"
	tar -czf "${docker_image_application}_${docker_image_version}.tar.gz" "${docker_image_application}_${docker_image_version}.tar"

	# Step 8: Upload Docker Image tar.gz as an artifact
	- name: Upload Docker Image Artifact
	uses: actions/upload-artifact@v3
	with:
	name: docker-image-tar
	path: ${{ env.docker_image_application }}_${{ env.docker_image_version }}.tar.gz


	# Step 9: Scan Docker Image with Trivy
	- name: Scan Docker Image with Trivy
	run: \|
	tag="${docker_image_application}:${docker_image_version}"
	echo "${{ secrets.CR_PASSWORD }}" \| docker login -u "${{ secrets.CR_USERNAME }}" --password-stdin "${{ secrets.CR_REGISTRY }}"
	trivy image --no-progress --exit-code 1 --severity HIGH,CRITICAL,UNKNOWN --format table "${{ secrets.CR_REGISTRY }}/${{ secrets.CR_REPO }}/${tag}"


	# Step 10: Login Docker Hub
	- name: Login to Docker Hub
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}

	# Step 11: Build and push to Docker Hub
	- name: Build and push to Docker Hub
	uses: docker/build-push-action@v4
	with:
	context: .
	push: true
	no-cache: true
	tags: \|
	${{ env.docker_tag }}
	${{ env.docker_tag_latest }}

	deploy:
	needs: build
	runs-on: ubuntu-latest
	steps:
	# Step 1: Checkout repository
	- uses: actions/checkout@v4

	# Step 2: Read image name
	- name: Read docker name
	id: yaml-docker-name
	uses: jbutcher5/read-yaml@main
	with:
	file: 'build.yml'
	key-path: '["docker_image_name"]'

	# Step 3: Read image version
	- name: Read docker version
	id: yaml-docker-version
	uses: jbutcher5/read-yaml@main
	with:
	file: 'build.yml'
	key-path: '["docker_image_version"]'

	# Step 4: Generate Docker tag
	- name: Generate docker tag
	env:
	GITHUB_BRANCH: ${{ github.ref }}
	docker_image_name: ${{ steps.yaml-docker-name.outputs.data }}
	docker_image_version: ${{ steps.yaml-docker-version.outputs.data }}
	run: \|
	branch_name=${GITHUB_BRANCH#refs/heads/}
	echo "branch_name=${GITHUB_BRANCH#refs/heads/}" >> $GITHUB_ENV
	echo "docker_tag=$docker_image_name:$docker_image_version" >> $GITHUB_ENV
	echo "docker_tag_latest=$docker_image_name:latest" >> $GITHUB_ENV
	docker_image_application=(${docker_image_name#*/})
	echo "docker_image_application=$docker_image_application" >> $GITHUB_ENV
	echo "docker_image_version=$docker_image_version" >> $GITHUB_ENV

	# Step 5: Download Docker Image tar.gz Artifact
	- name: Download Docker Image Artifact
	uses: actions/download-artifact@v3
	with:
	name: docker-image-tar

	# Step 6: Extract the Docker Image tar.gz
	- name: Extract Docker Image tar.gz
	run: \|
	tar -xzf "${docker_image_application}_${docker_image_version}.tar.gz"

	# Step 7: Load Docker Image
	- name: Load Docker Image
	run: \|
	docker load -i "${docker_image_application}_${docker_image_version}.tar"

	# Step 8: Log in to Docker Registry (use GitHub secrets for security)
	- name: Login to Docker Registry
	run: \|
	echo "${{ secrets.CR_PASSWORD }}" \| docker login -u "${{ secrets.CR_USERNAME }}" --password-stdin "${{ secrets.CR_REGISTRY }}"

	# Step 9: Push Docker Image to Registry
	- name: Push Docker Image to Registry
	run: \|
	tag="${docker_image_application}:${docker_image_version}"
	docker push "${{ secrets.CR_REGISTRY }}"/"${{ secrets.CR_REPO }}"/"${tag}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update .github-ci.yaml #62

Workflow file

Update .github-ci.yaml #62

Jobs

Run details

Workflow file for this run