HackathonPreparing/Backend
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Backend/.gitea/workflows/gitea-push-docker.yml

65 lines
2.2 KiB
YAML
Raw Blame History

name: Create and publish a Docker image
on:
push:
branches: ['main']
env:
CONTEXT: HackathonPreparing/HackathonPreparing.ApiService
jobs:
build-and-push-image:
runs-on: ubuntu-latest
name: Publish image
container: catthehacker/ubuntu:act-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: https://github.com/docker/metadata-action@v4
with:
images: ${{ env.GITHUB_SERVER_URL }}/${{ gitea.repository }}
- name: Build an image from Dockerfile
run: |
cd ${{ env.CONTEXT }} &&
docker build -t ${{ env.DOCKER_METADATA_OUTPUT_TAGS }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ${{ env.GITHUB_SERVER_URL }}
username: ${{ gitea.actor }}
password: ${{ secrets.TOKEN }}
- name: Push
run: |
docker push '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}'
deploy:
needs: build-and-push-image
runs-on: ubuntu-latest
name: Deploy image
container: catthehacker/ubuntu:act-latest
steps:
- name: install ssh keys
# check this thread to understand why its needed:
# <https://stackoverflow.com/a/70447517>
run: |
install -m 600 -D /dev/null ~/.ssh/id_rsa
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
ssh-keyscan -H ${{ secrets.SSH_HOST }} > ~/.ssh/known_hosts
- name: connect and pull
run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ secrets.WORK_DIR }} && docker compose pull && docker compose up -d && docker image prune && exit"
- name: cleanup
run: rm -rf ~/.ssh
Reference in New Issue View Git Blame Copy Permalink