Skip to content

Commit cb1620a

Browse files
author
Gonzalo Diaz
committed
[CONFIG] [Gihub Actions] Docker running in splitted jobs.
1 parent af70628 commit cb1620a

File tree

1 file changed

+50
-35
lines changed

1 file changed

+50
-35
lines changed

.github/workflows/docker-image.yml

Lines changed: 50 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -10,29 +10,9 @@ on: # yamllint disable-line rule:truthy
1010

1111
env:
1212
IMAGE_NAME: algorithm-exercises-js
13+
ARTIFACT_NAME: algorithm-exercises-js_${{ github.sha }}
1314

1415
jobs:
15-
security:
16-
name: "Snyk Container"
17-
runs-on: ubuntu-latest
18-
steps:
19-
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
20-
21-
- name: Run Snyk to check Docker image for vulnerabilities
22-
# Snyk can be used to break the build when it detects vulnerabilities.
23-
# In this case we want to upload the issues to GitHub Code Scanning
24-
continue-on-error: true
25-
uses: snyk/actions/docker@master
26-
env:
27-
# yamllint disable rule:line-length
28-
# In order to use the Snyk Action you will need to have a Snyk API token.
29-
# See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
30-
# or you can sign up for free at https://snyk.io/login
31-
# yamllint enable rule:line-length
32-
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
33-
with:
34-
image: ${{ env.IMAGE_NAME }}:${{ github.sha }}
35-
args: --file=Dockerfile
3616

3717
build:
3818
name: "Build & Test in Docker"
@@ -60,65 +40,100 @@ jobs:
6040
context: .
6141
target: lint
6242
outputs: |
63-
type=docker,dest=/tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_lint.tar
43+
type=docker,dest=/tmp/${{ env.ARTIFACT_NAME }}_lint.tar
6444
tags: |
6545
${{ env.IMAGE_NAME }}:lint
6646
- name: "LINT: Upload artifact"
6747
uses: actions/upload-artifact@v4
6848
with:
69-
name: ${{ env.IMAGE_NAME }}_${{ github.sha }}_lint
70-
path: /tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_lint.tar
49+
name: ${{ env.ARTIFACT_NAME }}_lint
50+
path: /tmp/${{ env.ARTIFACT_NAME }}_lint.tar
7151

7252
- name: "TEST: Build and push"
7353
uses: docker/build-push-action@v6
7454
with:
7555
context: .
7656
target: testing
7757
outputs: |
78-
type=docker,dest=/tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_test.tar
58+
type=docker,dest=/tmp/${{ env.ARTIFACT_NAME }}_test.tar
7959
tags: |
8060
${{ env.IMAGE_NAME }}:test
8161
- name: "TEST: Upload artifact"
8262
uses: actions/upload-artifact@v4
8363
with:
84-
name: ${{ env.IMAGE_NAME }}_${{ github.sha }}_test
85-
path: /tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_test.tar
64+
name: ${{ env.ARTIFACT_NAME }}_test
65+
path: /tmp/${{ env.ARTIFACT_NAME }}_test.tar
8666

8767
- name: "PRODUCTION: Build and push"
8868
uses: docker/build-push-action@v6
8969
with:
9070
context: .
9171
target: production
9272
outputs: |
93-
type=docker,dest=/tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_prod.tar
73+
type=docker,dest=/tmp/${{ env.ARTIFACT_NAME }}_prod.tar
9474
tags: |
9575
${{ env.IMAGE_NAME }}:latest
9676
${{ env.IMAGE_NAME }}:${{ github.sha }}
9777
- name: "PRODUCTION: Upload artifact"
9878
uses: actions/upload-artifact@v4
9979
with:
100-
name: ${{ env.IMAGE_NAME }}_${{ github.sha }}_prod
101-
path: /tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_prod.tar
80+
name: ${{ env.ARTIFACT_NAME }}_prod
81+
path: /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
10282

10383
lint:
10484
name: "Run in docker: LINT"
10585
runs-on: ubuntu-latest
10686
needs: build
10787
steps:
88+
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
89+
10890
- name: Download artifact
10991
uses: actions/download-artifact@v4
11092
with:
111-
name: ${{ env.IMAGE_NAME }}_${{ github.sha }}_prod
93+
name: ${{ env.ARTIFACT_NAME }}_lint
11294
path: /tmp/
11395

11496
- name: Load image
11597
run: |
116-
docker load --input /tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_prod.tar
98+
docker load --input /tmp/${{ env.ARTIFACT_NAME }}_lint.tar
11799
docker image ls -a
118100
119101
- name: Run lint
120102
run: |
121-
make compose/lint
103+
docker run --rm -it ${{ env.IMAGE_NAME }}:lint make lint
104+
105+
security:
106+
name: "Snyk Container"
107+
runs-on: ubuntu-latest
108+
needs: build
109+
steps:
110+
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
111+
- name: Download artifact
112+
uses: actions/download-artifact@v4
113+
with:
114+
name: ${{ env.ARTIFACT_NAME }}_prod
115+
path: /tmp/
116+
117+
- name: Load image
118+
run: |
119+
docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
120+
docker image ls -a
121+
122+
- name: Run Snyk to check Docker image for vulnerabilities
123+
# Snyk can be used to break the build when it detects vulnerabilities.
124+
# In this case we want to upload the issues to GitHub Code Scanning
125+
continue-on-error: true
126+
uses: snyk/actions/docker@master
127+
env:
128+
# yamllint disable rule:line-length
129+
# In order to use the Snyk Action you will need to have a Snyk API token.
130+
# See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
131+
# or you can sign up for free at https://snyk.io/login
132+
# yamllint enable rule:line-length
133+
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
134+
with:
135+
image: ${{ env.IMAGE_NAME }}:${{ github.sha }}
136+
args: --file=Dockerfile
122137

123138
scan:
124139
name: "Trivy"
@@ -128,12 +143,12 @@ jobs:
128143
- name: Download artifact
129144
uses: actions/download-artifact@v4
130145
with:
131-
name: ${{ env.IMAGE_NAME }}_${{ github.sha }}_prod
146+
name: ${{ env.ARTIFACT_NAME }}_prod
132147
path: /tmp/
133148

134149
- name: Load image
135150
run: |
136-
docker load --input /tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_prod.tar
151+
docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
137152
docker image ls -a
138153
139154
- name: Run Trivy vulnerability scanner

0 commit comments

Comments
 (0)