small update :) #22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Pipeline | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| env: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| BACKEND_IMAGE: abrhman/simple-go-backend | |
| FRONTEND_IMAGE: abrhman/simple-go-frontend | |
| jobs: | |
| test-and-coverage: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.21' | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '18' | |
| - name: Install dependencies | |
| run: | | |
| cd backend && go mod download | |
| cd ../frontend && npm install | |
| - name: Run backend tests with coverage | |
| run: | | |
| cd backend | |
| go test -v -coverprofile=coverage.out ./... | |
| go tool cover -func=coverage.out | |
| build-and-scan: | |
| needs: test-and-coverage | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build backend image | |
| run: | | |
| docker build -t ${{ env.BACKEND_IMAGE }}:${{ github.sha }} -t ${{ env.BACKEND_IMAGE }}:latest ./backend | |
| - name: Build frontend image | |
| run: | | |
| docker build -t ${{ env.FRONTEND_IMAGE }}:${{ github.sha }} -t ${{ env.FRONTEND_IMAGE }}:latest ./frontend | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ env.BACKEND_IMAGE }}:${{ github.sha }} | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Run Trivy vulnerability scanner on frontend | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ env.FRONTEND_IMAGE }}:${{ github.sha }} | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Push backend image | |
| run: | | |
| docker push ${{ env.BACKEND_IMAGE }}:${{ github.sha }} | |
| docker push ${{ env.BACKEND_IMAGE }}:latest | |
| - name: Push frontend image | |
| run: | | |
| docker push ${{ env.FRONTEND_IMAGE }}:${{ github.sha }} | |
| docker push ${{ env.FRONTEND_IMAGE }}:latest | |
| - name: Notify Slack about new release | |
| uses: slackapi/slack-github-action@v1.24.0 | |
| with: | |
| channel-id: 'deployments' | |
| slack-message: | | |
| 🚀 New Release Ready for Deployment! | |
| • All tests passed successfully | |
| • Docker images built and pushed | |
| • Backend Image: ${{ env.BACKEND_IMAGE }}:${{ github.sha }} | |
| • Frontend Image: ${{ env.FRONTEND_IMAGE }}:${{ github.sha }} | |
| • Commit: ${{ github.sha }} | |
| • Branch: ${{ github.ref }} | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} |