Add Scout compare step to workflow on pull requests #36
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pipeline using GHA | |
| on: | |
| push: | |
| pull_request: | |
| workflow_dispatch: | |
| env: | |
| DOCKERHUB_ORG_NAME: dockerdevrel | |
| IMAGE_NAME: catalog-service-node-gha | |
| jobs: | |
| prettier: | |
| name: "Validate code formatting" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: lts/* | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Run Prettier | |
| run: yarn run prettier-check | |
| unit-test: | |
| name: "Run tests" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: lts/* | |
| cache: yarn | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Run unit tests | |
| run: yarn test | |
| integration-test: | |
| name: "Run integration tests" | |
| needs: [ prettier, unit-test ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: lts/* | |
| cache: yarn | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Run integration tests | |
| run: yarn run integration-test | |
| build: | |
| name: Build and push image | |
| needs: [unit-test, integration-test] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| outputs: | |
| IMAGE_TAGS: ${{ toJSON( fromJSON(steps.meta.outputs.json).tags ) }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Determine image tags and labels | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.DOCKERHUB_ORG_NAME }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,enable=true,event=branch,suffix=--{{sha}} | |
| type=ref,enable=true,event=branch,suffix=--latest | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: ${{ github.event_name == 'pull_request' && 'linux/amd64' || 'linux/amd64,linux/arm64' }} | |
| provenance: mode=max | |
| sbom: true | |
| push: ${{ github.event_name != 'pull_request' }} | |
| load: ${{ github.event_name == 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| - name: Analyze and compare image against production | |
| uses: docker/scout-action@v1 | |
| if: ${{ github.event_name == 'pull_request' }} | |
| with: | |
| command: quickview,compare | |
| image: ${{ steps.meta.outputs.tags }} | |
| to-env: production | |
| write-comment: true | |
| organization: ${{ env.DOCKERHUB_ORG_NAME }} | |
| branch-deploy: | |
| if: github.event_name == 'push' && github.ref != 'refs/heads/main' && github.ref_type != 'tag' | |
| name: Deploy to branch environment | |
| needs: [build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Do the deploy | |
| run: | | |
| echo "Do the deployment here. Would deploy image ${IMAGE_TAG}" | |
| env: | |
| IMAGE_TAG: ${{ fromJSON( needs.build.outputs.IMAGE_TAGS )[0] }} | |
| stage-deploy: | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| name: Deploy to stage environment | |
| needs: [build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Do the deploy | |
| run: | | |
| echo "Do the staging deployment here. Would deploy image ${IMAGE_TAG}" | |
| env: | |
| IMAGE_TAG: ${{ fromJSON( needs.build.outputs.IMAGE_TAGS )[0] }} | |
| - name: Update Scout environment | |
| id: docker-scout-environment | |
| uses: docker/scout-action@v1 | |
| with: | |
| command: environment | |
| image: ${{ fromJSON( needs.build.outputs.IMAGE_TAGS )[0] }} | |
| environment: stage | |
| organization: ${{ env.DOCKERHUB_ORG_NAME }} | |
| prod-deploy: | |
| if: github.ref_type == 'tag' | |
| name: Deploy to production environment | |
| needs: [build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Do the deploy | |
| run: | | |
| echo "Do the production deployment here. Would deploy image ${IMAGE_TAG}" | |
| env: | |
| IMAGE_TAG: ${{ fromJSON( needs.build.outputs.IMAGE_TAGS )[0] }} | |
| - name: Update Scout environment | |
| id: docker-scout-environment | |
| uses: docker/scout-action@v1 | |
| with: | |
| command: environment | |
| image: ${{ fromJSON( needs.build.outputs.IMAGE_TAGS )[0] }} | |
| environment: production | |
| organization: ${{ env.DOCKERHUB_ORG_NAME }} |