Merge pull request #38 from aminvakil/alpine #121
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI/CD | |
'on': | |
pull_request: | |
push: | |
branches: | |
- master | |
jobs: | |
hadolint: | |
name: Test dockerfile syntax | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the codebase. | |
uses: actions/checkout@v3 | |
- name: Install hadolint. | |
run: | | |
sudo curl -L https://github.com/hadolint/hadolint/releases/download/v$HADOLINT_VERSION/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint | |
sudo chmod 755 /usr/local/bin/hadolint | |
env: | |
HADOLINT_VERSION: 2.12.0 | |
- name: Run hadolint. | |
run: hadolint Dockerfile | |
build: | |
name: Build and test docker | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the codebase. | |
uses: actions/checkout@v3 | |
- name: Find an open port. | |
run: | | |
CLIENT_PORT=$(cat /dev/urandom | od -N2 -An -i | awk -v f=10000 -v r=19999 '{printf "%i\n", f + r * $1 / 65536}') | |
[ $(netstat -an | grep LISTEN | grep :$CLIENT_PORT | wc -l) -eq 0 ] || { ./$0 && exit 0 || exit 1; } | |
echo "CLIENT_PORT=$CLIENT_PORT" >> $GITHUB_ENV | |
- name: Build docker image. | |
run: docker build --no-cache --tag ${GITHUB_REPOSITORY}:${GITHUB_RUN_ID} . | |
- name: Run a container of created image. | |
run: | | |
DOCKERCONTAINER=$(docker run -d -p 127.0.0.1:${CLIENT_PORT}:2049 --privileged -v /tmp:/nfsshare -e SHARED_DIRECTORY=/nfsshare ${GITHUB_REPOSITORY}:${GITHUB_RUN_ID}) | |
sleep 5 | |
echo "DOCKERCONTAINER=$DOCKERCONTAINER" >> $GITHUB_ENV | |
- name: Check if container is still running. | |
run: docker ps -f id=${DOCKERCONTAINER} | |
- name: Check if the port is responding. | |
run: nc 127.0.0.1 ${CLIENT_PORT} < /dev/urandom | |
- name: Check if the container is correctly stopped and removed. | |
run: docker stop ${DOCKERCONTAINER} && docker rm -fv ${DOCKERCONTAINER} | |
- name: Run Trivy vulnerability scanner. | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: ${{ github.repository }}:${{ github.run_id }} | |
exit-code: '1' | |
deploy: | |
if: ${{ github.ref == 'refs/heads/master' }} | |
needs: [hadolint, build] | |
name: Push to Quay | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_PASSWORD }} | |
- name: Push to Quay | |
uses: docker/build-push-action@v3 | |
with: | |
file: ./Dockerfile | |
pull: true | |
push: true | |
tags: quay.io/aminvakil/alpine-nfs-server:latest |