serega404/Otchislator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d38b6088b232f749462600b22dcafce7051d6951
Otchislator/.gitea/workflows/gitea-push-docker.yml
Sergey Karmanov d38b6088b2
Some checks failed
Build and deploy / Publish image (push) Failing after 1m26s
Details
Docker + CI/CD
2025-01-02 16:07:47 +03:00

73 lines
2.4 KiB
YAML
Raw Blame History

name: Build and deploy
on:
push:
branches: ['main', 'staging']
env:
CONTEXT: src/Otchinslator
jobs:
build-and-push-image:
runs-on: ubuntu-latest
name: Publish image
container: catthehacker/ubuntu:act-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: https://github.com/docker/metadata-action@v4
with:
images: ${{ vars.SERVER_DOMAIN }}/${{ gitea.repository }}
- name: Build an image from Dockerfile
run: |
cd ${{ env.CONTEXT }} &&
docker build -t ${{ env.DOCKER_METADATA_OUTPUT_TAGS }} .
# - name: Run Trivy vulnerability scanner
# uses: aquasecurity/trivy-action@0.20.0
# with:
# image-ref: '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}'
# format: 'table'
# exit-code: '1'
# ignore-unfixed: true
# vuln-type: 'os,library'
# severity: 'CRITICAL,HIGH'
- name: Run dockle
uses: goodwithtech/dockle-action@main
with:
image: '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}'
format: 'list'
exit-code: '1'
exit-level: 'warn'
ignore: 'CIS-DI-0001,CIS-DI-0010,DKL-DI-0006'
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ${{ vars.SERVER_DOMAIN }}
username: ${{ gitea.actor }}
password: ${{ secrets.TOKEN }}
- name: Push
run: |
docker push '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}'
# deploy:
# needs: build-and-push-image
# runs-on: ubuntu-latest
# name: Deploy image
# container: catthehacker/ubuntu:act-latest
# steps:
# - name: install ssh keys
# # check this thread to understand why its needed:
# # <https://stackoverflow.com/a/70447517>
# run: |
# install -m 600 -D /dev/null ~/.ssh/id_rsa
# echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
# ssh-keyscan -H ${{ secrets.SSH_HOST }} > ~/.ssh/known_hosts
# - name: connect and pull
# run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ secrets.WORK_DIR }} && docker compose pull && docker compose up -d && docker image prune && exit"
# - name: cleanup
# run: rm -rf ~/.ssh
Reference in New Issue View Git Blame Copy Permalink