Merge remote-tracking branch 'origin/develop' into HEAD #4

Workflow file for this run

	name: Check,Build,Deploy

	on:
	push:
	branches:
	- develop
	- test
	- staging
	- main

	permissions:
	contents: write
	pull-requests: write
	packages: write

	env:
	ENVIRONMENT: ${{ (github.ref_name == 'main' && 'prod-govtool') \|\| (github.ref_name == 'staging' && 'pre-prod-govtool') \|\| (github.ref_name == 'test' && 'qa-govtool') \|\| (github.ref_name == 'develop' && 'dev-govtool') }}

	jobs:
	check-build-deploy:
	environment: ${{ (github.ref_name == 'main' && 'prod-govtool') \|\| (github.ref_name == 'staging' && 'pre-prod-govtool') \|\| (github.ref_name == 'test' && 'qa-govtool') \|\| (github.ref_name == 'develop' && 'dev-govtool') }}
	strategy:
	fail-fast: false
	matrix:
	include:
	- workdir: ./govtool/backend
	name: govtool-backend
	dockerfile: ./govtool/backend/Dockerfile.qovery
	image: ghcr.io/${{ github.repository }}-govtool-backend
	qovery_container_name: govtool-backend
	- workdir: ./govtool/frontend
	name: govtool-frontend
	dockerfile: ./govtool/frontend/Dockerfile.qovery
	image: ghcr.io/${{ github.repository }}-govtool-frontend
	qovery_container_name: govtool-frontend
	- workdir: ./govtool/metadata-validation
	name: govtool-metadata-validation
	dockerfile: ./govtool/metadata-validation/Dockerfile
	image: ghcr.io/${{ github.repository }}-govtool-metadata-validation
	qovery_container_name: govtool-metadata-validation

	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Set TAG Environment Variable
	id: set_tag
	run: \|
	if [ "${{ github.ref_name }}" = "main" ]; then
	echo "TAG=${{ github.sha }}" >> $GITHUB_ENV
	else
	echo "TAG=${{ github.ref_name }}-${{ github.sha }}" >> $GITHUB_ENV
	fi

	- name: Lint Dockerfile
	id: hadolint
	uses: hadolint/[email protected]
	with:
	failure-threshold: error
	format: json
	dockerfile: ${{ matrix.dockerfile }}
	# output-file: hadolint_output.json

	- name: Save Hadolint output
	id: save_hadolint_output
	if: always()
	run: cd ${{ matrix.workdir }} && echo "$HADOLINT_RESULTS" \| jq '.' > hadolint_output.json

	- name: Print Dockerfile lint output
	run: \|
	cd ${{ matrix.workdir }}
	echo "-----HADOLINT RESULT-----"
	echo "Outcome: ${{ steps.hadolint.outcome }}"
	echo "-----DETAILS--------"
	cat hadolint_output.json
	echo "--------------------"

	- name: Code lint
	id: code_lint
	run: \|
	cd ${{ matrix.workdir }}
	if [ ! -f lint.sh ]; then
	echo "lint skipped" \| tee code_lint_output.txt
	exit 0
	fi
	set -o pipefail
	sudo chmod +x lint.sh && ./lint.sh 2>&1 \| tee code_lint_output.txt


	- name: Unit tests
	id: unit_tests
	run: \|
	cd ${{ matrix.workdir }}
	if [ ! -f unit-test.sh ]; then
	echo "unit tests skipped" \| tee code_lint_output.txt
	exit 0
	fi
	set -o pipefail
	sudo chmod +x unit-test.sh && ./unit-test.sh 2>&1 \| tee unit_test_output.txt

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Cache Docker layers
	uses: actions/cache@v3
	with:
	path: /tmp/.buildx-cache
	key: ${{ runner.os }}-buildx-${{ github.sha }}
	restore-keys: \|
	${{ runner.os }}-buildx-

	- id: image_lowercase
	uses: ASzc/change-string-case-action@v6
	with:
	string: ${{ matrix.image }}

	- name: Build Docker image
	uses: docker/build-push-action@v5
	with:
	context: ${{ matrix.workdir }}
	file: ${{ matrix.dockerfile }}
	tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
	load: false
	cache-from: type=local,src=/tmp/.buildx-cache
	cache-to: type=local,dest=/tmp/.buildx-cache
	outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar
	build-args: \|
	VITE_APP_ENV=${{ secrets.VITE_APP_ENV }}
	VITE_BASE_URL=${{ secrets.VITE_BASE_URL }}
	VITE_METADATA_API_URL=${{ secrets.VITE_METADATA_API_URL }}
	VITE_GTM_ID=${{ secrets.VITE_GTM_ID }}
	VITE_NETWORK_FLAG=${{ secrets.VITE_NETWORK_FLAG }}
	VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }}
	NPMRC_TOKEN=${{ secrets.NPMRC_TOKEN }}
	VITE_USERSNAP_SPACE_API_KEY=${{ secrets.VITE_USERSNAP_SPACE_API_KEY }}
	VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED=${{ secrets.VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED }}
	VITE_PDF_API_URL=${{ secrets.VITE_PDF_API_URL }}

	- name: Login to GHCR
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Scan Docker image with Dockle
	id: dockle
	run: \|
	wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
	tar zxf dockle_0.4.14_Linux-64bit.tar.gz
	sudo mv dockle /usr/local/bin

	dockle --exit-code 1 --exit-level fatal --format json -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --input '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json
	echo " dockle exited w/ $?"
	cat ${{ matrix.workdir }}/dockle_scan_output.json

	echo "outcome=success" >> $GITHUB_OUTPUT

	- name: Push Docker image to GHCR
	run: \|
	docker load -i '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
	rm -rf '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
	docker push ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge remote-tracking branch 'origin/develop' into HEAD #4

Workflow file

Merge remote-tracking branch 'origin/develop' into HEAD #4

Jobs

Run details

Workflow file for this run