Merge pull request #5 from matusso/sonarcloud-ghauri #34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: assetnote/kiterunner | |
| on: | |
| push: | |
| branches: | |
| - main # Change to your default branch if not main | |
| - sonarcloud-kiterunner | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| permissions: | |
| contents: read | |
| packages: write | |
| security-events: write | |
| env: | |
| RELEASE_VERSION: "v1.0.2" | |
| KR_DIR: "/usr/local/kiterunner" | |
| jobs: | |
| build-and-push: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: snyk/actions/setup@master | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ github.workspace }}/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Build and push Docker image | |
| run: | | |
| docker buildx build --push \ | |
| --build-arg "KR_DIR=${{ env.KR_DIR }}" --build-arg "RELEASE_VERSION=${{ env.RELEASE_VERSION }}" \ | |
| --tag ghcr.io/${{ github.repository_owner }}/kiterunner:${{ env.RELEASE_VERSION }} \ | |
| --tag ghcr.io/${{ github.repository_owner }}/kiterunner:latest \ | |
| --platform linux/amd64,linux/arm64 ./files/kiterunner | |
| - name: Logout from Docker Hub | |
| run: docker logout | |
| - name: Check ghcr.io/${{ github.repository_owner }}/kiterunner:${{ env.RELEASE_VERSION }} image | |
| uses: snyk/actions/docker@master | |
| continue-on-error: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| image: ghcr.io/${{ github.repository_owner }}/kiterunner:${{ env.RELEASE_VERSION }} | |
| args: --file=./files/kiterunner/Dockerfile | |
| json: true | |
| - uses: garethr/snyk-to-sarif@master | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: SARIF | |
| path: snyk.sarif | |
| - name: Upload SARIF Report to GitHub Code Scanning | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: snyk.sarif | |
| sonarcloud-kiterunner: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| steps: | |
| # Checkout the kiterunner repository | |
| - name: Checkout kiterunner Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: assetnote/kiterunner | |
| path: kiterunner # Optional: Clone into a specific directory | |
| ref: ${{ env.RELEASE_VERSION }} | |
| # Install dependencies | |
| - name: Install dependencies | |
| run: | | |
| cd kiterunner | |
| sudo apt update && sudo apt install -y \ | |
| build-essential \ | |
| git \ | |
| autoconf \ | |
| automake \ | |
| libtool-bin \ | |
| pkg-config \ | |
| libcurl4-openssl-dev \ | |
| libusb-1.0-0-dev \ | |
| libssl-dev \ | |
| udev \ | |
| && sudo rm -rf /var/lib/apt/lists/* | |
| # SonarCloud Scan | |
| - name: SonarCloud Scan | |
| uses: sonarsource/sonarqube-scan-action@v4 | |
| continue-on-error: true | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| with: | |
| args: > | |
| -Dsonar.organization=matusso | |
| -Dsonar.projectKey=docker-builds:kiterunner | |
| -Dsonar.verbose=true | |
| -Dsonar.projectName=kiterunner | |
| -Dsonar.sources=kiterunner |