gmetribin/build-tools
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
build-tools/.github/unused/v2-pr-workflow.yml
Sahil Ahuja f280a99559 Update
2025-02-05 19:38:45 +05:30

81 lines
2.4 KiB
YAML
Raw Blame History

name: Docker Image CI
on:
pull_request:
branches:
- main
env:
REPO: ${{ github.repository }}/temp #Add /temp for PR workflow
jobs:
lint-and-compile:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
registry-url: ${{ vars.NPM_REGISTRY }}
token: ${{ secrets.NPM_TOKEN }}
- name: Install npm dependencies
run: |
npm install -g pnpm
pnpm install
- run: pnpm lint
- run: pnpm check
image-vulnerability-scan:
runs-on: ubuntu-22.04
steps:
- id: get-id
name: Get a unique tag for this build
run: |
SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
BUILD_ID=$BRANCH_NAME-${SHA:0:8};
DOCKER_IMAGE=${{ vars.docker_repo2_registry }}/$REPO:$BUILD_ID;
echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";
- name: Print build id and image name
run: |
echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}";
echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- uses: actions/checkout@v4
- name: Login to docker container registry
uses: docker/login-action@v3
with:
registry: ${{ vars.docker_repo2_registry }}
username: ${{ vars.docker_repo2_username }}
password: ${{ vars.docker_repo2_password }}
- name: Build the container image (quick, without PUBLIC_BUILD_VERSION)
# Commenting this from docker build for speed: --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
run: |
docker build \
--file fab/d/actions-build.Dockerfile \
--tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
.;
- name: Container details
run: |
IMAGE_SIZE=`docker inspect -f "{{ .Size }}" ${{ steps.get-id.outputs.DOCKER_IMAGE }} | numfmt --to=si`;
echo "$IMAGE_SIZE container ${{ steps.get-id.outputs.DOCKER_IMAGE }}";
- name: Scan container image for vulnerabilities with grype
uses: anchore/scan-action@v6
with:
image: ${{ steps.get-id.outputs.DOCKER_IMAGE }}
cache-db: true #Cache Grype DB in Github Actions
output-format: table
only-fixed: true
severity-cutoff: critical
fail-build: true
Reference in New Issue View Git Blame Copy Permalink