Configure Renovate #324
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| env: | |
| DOCKER_IMAGE: wyrihaximusnet/default-backend | |
| DOCKER_BUILDKIT: 1 | |
| DOCKER_IMAGE_REGISTRIES_SECRET_MAPPING: '{"ghcr.io":"GHCR_TOKEN","docker.io":"HUB_PASSCODE"}' | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| jobs: | |
| registry-matrix: | |
| name: Extract registries from registry secret mapping | |
| runs-on: ubuntu-latest | |
| outputs: | |
| registry: ${{ steps.registry-matrix.outputs.registry }} | |
| steps: | |
| - uses: actions/checkout@v1 | |
| - id: registry-matrix | |
| name: Extract registries from registry secret mapping | |
| run: | | |
| echo "::set-output name=registry::$(printenv DOCKER_IMAGE_REGISTRIES_SECRET_MAPPING | jq -c 'keys')" | |
| supported-arch-matrix: | |
| name: Supported processor architectures | |
| runs-on: ubuntu-latest | |
| outputs: | |
| arch: ${{ steps.supported-arch-matrix.outputs.arch }} | |
| steps: | |
| - uses: actions/checkout@v1 | |
| - id: supported-arch-matrix | |
| name: Generate Arch | |
| run: | | |
| echo "::set-output name=arch::[\"amd64\",\"arm64\",\"arm\"]" | |
| generate-image-strategy: | |
| name: Generate Image Strategy | |
| runs-on: ubuntu-latest | |
| outputs: | |
| images: ${{ steps.generate-image-strategy.outputs.images }} | |
| steps: | |
| - uses: actions/checkout@v1 | |
| - id: generate-image-strategy | |
| name: Generate Jobs | |
| run: | | |
| ls images | jq -csR '. | rtrimstr("\n") | split("\n")' > images.list | |
| cat images.list | |
| echo "::set-output name=images::$(shuf -n 1 images.list)" | |
| lint-dockerfile: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v1 | |
| - name: Lint Dockerfile | |
| uses: docker://hadolint/hadolint:latest-debian | |
| with: | |
| entrypoint: hadolint | |
| args: ./base/Dockerfile | |
| build-docker-image: | |
| strategy: | |
| matrix: | |
| image: ${{ fromJson(needs.generate-image-strategy.outputs.images) }} | |
| arch: ${{ fromJson(needs.supported-arch-matrix.outputs.arch) }} | |
| needs: | |
| - generate-image-strategy | |
| - lint-dockerfile | |
| - supported-arch-matrix | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v1 | |
| - uses: dbhi/qus/action@main | |
| - run: cp -R $(echo -e "./images/$(ls ./images/ | shuf -n 1)") ./images/random | |
| if: matrix.image == 'random' | |
| - run: cp ./images/${{ matrix.image }}/* ./base/public/ -Rf | |
| - run: docker image build --platform ${{ matrix.arch }} --build-arg BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` --build-arg VCS_REF=`git rev-parse --short HEAD` -t "${DOCKER_IMAGE}:${{ matrix.image }}-${{ matrix.arch }}" --no-cache --build-arg VERSION=$TAG_VERSION ./base/ | |
| - run: mkdir ./docker-image | |
| - run: docker save "${DOCKER_IMAGE}:${{ matrix.image }}-${{ matrix.arch }}" -o ./docker-image/docker_image.tar | |
| - uses: actions/upload-artifact@master | |
| with: | |
| name: docker-image-${{ matrix.image }}-${{ matrix.arch }} | |
| path: ./docker-image | |
| scan-vulnerability: | |
| strategy: | |
| matrix: | |
| image: ${{ fromJson(needs.generate-image-strategy.outputs.images) }} | |
| arch: ${{ fromJson(needs.supported-arch-matrix.outputs.arch) }} | |
| needs: | |
| - generate-image-strategy | |
| - build-docker-image | |
| - supported-arch-matrix | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v1 | |
| - uses: dbhi/qus/action@main | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: docker-image-${{ matrix.image }}-${{ matrix.arch }} | |
| path: ./docker-image | |
| - run: docker load --input ./docker-image/docker_image.tar | |
| - run: rm -Rf ./docker-image/ | |
| - run: echo -e "${DOCKER_IMAGE}:${{ matrix.image }}-${{ matrix.arch }}" | xargs -I % sh -c 'docker run -v /tmp/trivy:/var/lib/trivy -v /var/run/docker.sock:/var/run/docker.sock -t aquasec/trivy:latest --cache-dir /var/lib/trivy image --exit-code 1 --no-progress --format table %' | |
| tests: | |
| needs: | |
| - generate-image-strategy | |
| - scan-vulnerability | |
| - supported-arch-matrix | |
| strategy: | |
| matrix: | |
| image: ${{ fromJson(needs.generate-image-strategy.outputs.images) }} | |
| arch: ${{ fromJson(needs.supported-arch-matrix.outputs.arch) }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v1 | |
| - uses: dbhi/qus/action@main | |
| - uses: actions/download-artifact@master | |
| with: | |
| name: docker-image-${{ matrix.image }}-${{ matrix.arch }} | |
| path: ./docker-image | |
| - run: docker load --input ./docker-image/docker_image.tar | |
| - name: Start image ${{ matrix.image }} | |
| run: docker run -d --rm ${DOCKER_IMAGE}:${{ matrix.image }}-${{ matrix.arch }} | |
| env: | |
| IMAGE: ${{ steps.build.outputs.tag }} | |
| - name: Get running image ID | |
| id: ps | |
| run: printf "::set-output name=id::%s" $(docker ps --format "{{.ID}}") | |
| env: | |
| IMAGE: ${{ steps.build.outputs.tag }} | |
| - name: Get running image IP | |
| id: inspect | |
| run: printf "::set-output name=ip::%s" $(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${IMAGE_ID}) | |
| env: | |
| IMAGE_ID: ${{ steps.ps.outputs.id }} | |
| - name: Sleep 13 seconds before attempting to connect | |
| run: sleep 13 | |
| - name: Test that default backend port is reachable | |
| run: curl http://${IMAGE_IP}:6969/ | |
| env: | |
| IMAGE_IP: ${{ steps.inspect.outputs.ip }} | |
| - name: Test that metrics port is reachable | |
| run: curl http://${IMAGE_IP}:9696/ | |
| env: | |
| IMAGE_IP: ${{ steps.inspect.outputs.ip }} | |
| - name: Run unit tests ${{ matrix.rules }} against ${{ matrix.image }} | |
| run: docker run -i loadimpact/k6 run -u 1000 -d 10s -e IMAGE_IP=${IMAGE_IP} -< ${SCRIPT_FILEIMAGE} | |
| env: | |
| IMAGE: ${{ matrix.image }} | |
| IMAGE_IP: ${{ steps.inspect.outputs.ip }} | |
| IMAGE_ID: ${{ steps.ps.outputs.id }} | |
| SCRIPT_FILEIMAGE: ./tests/404.js | |
| - name: Docker logs for image ${{ matrix.image }} | |
| run: docker logs ${IMAGE_ID} | |
| env: | |
| IMAGE_ID: ${{ steps.ps.outputs.id }} | |
| push-image: | |
| name: Push ${{ matrix.image }} (${{ matrix.arch }}) to ${{ matrix.registry }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: ${{ fromJson(needs.generate-image-strategy.outputs.images) }} | |
| registry: ${{ fromJson(needs.registry-matrix.outputs.registry) }} | |
| arch: ${{ fromJson(needs.supported-arch-matrix.outputs.arch) }} | |
| needs: | |
| - generate-image-strategy | |
| - tests | |
| - registry-matrix | |
| - supported-arch-matrix | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/download-artifact@master | |
| if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
| with: | |
| name: docker-image-${{ matrix.image }}-${{ matrix.arch }} | |
| path: ./docker-image | |
| - run: docker load --input ./docker-image/docker_image.tar | |
| if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
| - run: rm -Rf ./docker-image/ | |
| if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
| - name: Login to ${{ matrix.registry }} | |
| if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
| run: | | |
| echo "${{ env.DOCKER_PASSWORD }}" | \ | |
| docker login ${{ matrix.registry }} \ | |
| --username "${{ env.DOCKER_USER }}" \ | |
| --password-stdin | |
| env: | |
| DOCKER_USER: ${{ secrets.HUB_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets[fromJson(env.DOCKER_IMAGE_REGISTRIES_SECRET_MAPPING)[matrix.registry]] }} | |
| - name: Docker info | |
| if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
| run: docker info | |
| - name: Retag image with registry | |
| if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
| run: docker tag ${DOCKER_IMAGE}:${{ matrix.image }}-${{ matrix.arch }} ${{ matrix.registry }}/${DOCKER_IMAGE}:${{ matrix.image }}-${{ matrix.arch }} | |
| - name: Echo full tag | |
| if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
| run: echo -e "${{ matrix.registry }}/${DOCKER_IMAGE}:${{ matrix.image }}-${{ matrix.arch }}" | |
| - name: Push image to Docker Hub | |
| if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
| run: docker push "${{ matrix.registry }}/${DOCKER_IMAGE}:${{ matrix.image }}-${{ matrix.arch }}" | |
| push-manifest: | |
| name: Push ${{ matrix.image }} manifest to ${{ matrix.registry }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: ${{ fromJson(needs.generate-image-strategy.outputs.images) }} | |
| registry: ${{ fromJson(needs.registry-matrix.outputs.registry) }} | |
| needs: | |
| - generate-image-strategy | |
| - push-image | |
| - registry-matrix | |
| - supported-arch-matrix | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: dbhi/qus/action@main | |
| - name: Login to ${{ matrix.registry }} | |
| if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
| run: | | |
| echo "${{ env.DOCKER_PASSWORD }}" | \ | |
| docker login ${{ matrix.registry }} \ | |
| --username "${{ env.DOCKER_USER }}" \ | |
| --password-stdin | |
| env: | |
| DOCKER_USER: ${{ secrets.HUB_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets[fromJson(env.DOCKER_IMAGE_REGISTRIES_SECRET_MAPPING)[matrix.registry]] }} | |
| - name: Docker info | |
| if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
| run: docker info | |
| - name: Push manifest to Docker Hub | |
| if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/master' | |
| run: | | |
| touch command.sh | |
| php -r 'file_put_contents("./command.sh", "docker manifest create \"${{ matrix.registry }}/${{ env.DOCKER_IMAGE }}:${{ matrix.image }}\"");' | |
| php -r 'foreach (json_decode(getenv("TARGET_ARCHS"), true) as $arch) { file_put_contents("./command.sh", " --amend ${{ matrix.registry }}/${{ env.DOCKER_IMAGE }}:${{ matrix.image }}-" . $arch, \FILE_APPEND); }' | |
| chmod +x command.sh | |
| cat ./command.sh | |
| ./command.sh | |
| docker manifest push "${{ matrix.registry }}/${DOCKER_IMAGE}:${{ matrix.image }}" | |
| env: | |
| TARGET_ARCHS: ${{ needs.supported-arch-matrix.outputs.arch }} |