Update yarn #63
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pipeline using GHA | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- '*' | |
pull_request: | |
workflow_dispatch: | |
env: | |
DOCKERHUB_ORG_NAME: dockerdevrel | |
IMAGE_NAME: catalog-service-node-gha | |
jobs: | |
prettier: | |
name: "Validate code formatting" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
- name: Install dependencies | |
run: yarn install | |
- name: Run Prettier | |
run: yarn run prettier-check | |
unit-test: | |
name: "Run tests" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
cache: yarn | |
- name: Install dependencies | |
run: yarn install | |
- name: Run unit tests | |
run: yarn unit-test | |
integration-test: | |
name: "Run integration tests" | |
needs: [ prettier, unit-test ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
cache: yarn | |
- name: Install dependencies | |
run: yarn install | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Run integration tests | |
run: yarn run integration-test | |
build: | |
name: Build and push image | |
needs: [unit-test, integration-test] | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
outputs: | |
IMAGE_TAGS: ${{ toJSON( fromJSON(steps.meta.outputs.json).tags ) }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up containerd | |
uses: docker/setup-docker-action@v4 | |
with: | |
set-host: true | |
daemon-config: | | |
{ | |
"features": { | |
"containerd-snapshotter": true | |
} | |
} | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Determine image tags and labels | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.DOCKERHUB_ORG_NAME }}/${{ env.IMAGE_NAME }} | |
tags: | | |
type=ref,enable=true,event=branch,suffix=--{{sha}} | |
type=ref,enable=true,event=branch,suffix=--latest | |
type=ref,event=tag | |
type=ref,event=pr | |
type=raw,value=latest,enable={{is_default_branch}} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
platforms: ${{ github.event_name == 'pull_request' && 'linux/amd64' || 'linux/amd64,linux/arm64' }} | |
provenance: mode=max | |
sbom: true | |
push: ${{ github.event_name != 'pull_request' }} | |
load: ${{ github.event_name == 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Analyze and compare image against production | |
uses: docker/scout-action@v1 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
command: quickview,compare | |
image: ${{ steps.meta.outputs.tags }} | |
to-env: production | |
write-comment: false # Disabling this one since this is a duplicate workflow | |
organization: ${{ env.DOCKERHUB_ORG_NAME }} | |
# TODO Update this to include policy once DBC image loading includes attestations | |
exit-on: vulnerability | |
stage-deploy: | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
name: Deploy to stage environment | |
needs: [build] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Do the deploy | |
run: | | |
echo "Do the staging deployment here. Would deploy image ${IMAGE_TAG}" | |
env: | |
IMAGE_TAG: ${{ fromJSON( needs.build.outputs.IMAGE_TAGS )[0] }} | |
- name: Update Scout environment | |
id: docker-scout-environment | |
uses: docker/scout-action@v1 | |
with: | |
command: environment | |
image: ${{ fromJSON( needs.build.outputs.IMAGE_TAGS )[0] }} | |
environment: stage | |
organization: ${{ env.DOCKERHUB_ORG_NAME }} | |
prod-deploy: | |
if: github.ref_type == 'tag' | |
name: Deploy to production environment | |
needs: [build] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Do the deploy | |
run: | | |
echo "Do the production deployment here. Would deploy image ${IMAGE_TAG}" | |
env: | |
IMAGE_TAG: ${{ fromJSON( needs.build.outputs.IMAGE_TAGS )[0] }} | |
- name: Update Scout environment | |
id: docker-scout-environment | |
uses: docker/scout-action@v1 | |
with: | |
command: environment | |
image: ${{ fromJSON( needs.build.outputs.IMAGE_TAGS )[0] }} | |
environment: production | |
organization: ${{ env.DOCKERHUB_ORG_NAME }} |