HackathonPreparing/Backend
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Backend/.gitea/workflows/gitea-push-docker.yml
Sergey Karmanov 4ea6543545
Some checks failed
Lint / Run linters (push) Successful in 38s
Details
Create and publish a Docker image / Publish image (push) Successful in 30s
Details
Create and publish a Docker image / Deploy image (push) Failing after 10s
Details
Перенастроил анализатор докер контейнеров
2024-06-21 11:23:34 +03:00

66 lines
2.2 KiB
YAML
Raw Blame History

name: Create and publish a Docker image
on:
push:
branches: ['main']
env:
CONTEXT: HackathonPreparing/HackathonPreparing.ApiService
jobs:
build-and-push-image:
runs-on: ubuntu-latest
name: Publish image
container: catthehacker/ubuntu:act-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: https://github.com/docker/metadata-action@v4
with:
images: ${{ vars.SERVER_DOMAIN }}/${{ gitea.repository }}
- name: Build an image from Dockerfile
run: |
cd ${{ env.CONTEXT }} &&
docker build -t ${{ env.DOCKER_METADATA_OUTPUT_TAGS }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ${{ vars.SERVER_DOMAIN }}
username: ${{ gitea.actor }}
password: ${{ secrets.TOKEN }}
- name: Push
run: |
docker push '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}'
deploy:
needs: build-and-push-image
runs-on: ubuntu-latest
name: Deploy image
container: catthehacker/ubuntu:act-latest
steps:
- name: install ssh keys
# check this thread to understand why its needed:
# <https://stackoverflow.com/a/70447517>
run: |
install -m 600 -D /dev/null ~/.ssh/id_rsa
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
ssh-keyscan -H ${{ secrets.SSH_HOST }} > ~/.ssh/known_hosts
- name: connect and pull
run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ secrets.WORK_DIR }} && docker compose pull && docker compose up -d && docker image prune && exit"
- name: cleanup
run: rm -rf ~/.ssh
Reference in New Issue View Git Blame Copy Permalink