From 456c4c1ce5cf7362090be9a0f8ee90c5fd63afcc Mon Sep 17 00:00:00 2001 From: Sergey Karmanov Date: Sun, 31 Aug 2025 15:28:02 +0300 Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8=D0=BB=20CI?= =?UTF-8?q?/CD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/gitea-push-docker.yml | 57 ++++++++++++++++++++++++++ SfeduSchedule/Dockerfile | 22 ++++++++++ 2 files changed, 79 insertions(+) create mode 100644 .gitea/workflows/gitea-push-docker.yml create mode 100644 SfeduSchedule/Dockerfile diff --git a/.gitea/workflows/gitea-push-docker.yml b/.gitea/workflows/gitea-push-docker.yml new file mode 100644 index 0000000..b534cdf --- /dev/null +++ b/.gitea/workflows/gitea-push-docker.yml @@ -0,0 +1,57 @@ +name: Create and publish a Docker image + +on: + push: + branches: ['main', 'staging'] + +env: + CONTEXT: src/SfeduSchedule + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + name: Publish image + container: catthehacker/ubuntu:act-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: https://github.com/docker/metadata-action@v4 + with: + images: ${{ vars.SERVER_DOMAIN }}/${{ gitea.repository }} + - name: Build an image from Dockerfile + run: | + cd ${{ env.CONTEXT }} && + docker build -t ${{ env.DOCKER_METADATA_OUTPUT_TAGS }} . + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.20.0 + with: + image-ref: '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Run dockle + uses: goodwithtech/dockle-action@main + with: + image: '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}' + format: 'list' + exit-code: '1' + exit-level: 'warn' + ignore: 'CIS-DI-0001,CIS-DI-0010,DKL-DI-0006' + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ vars.SERVER_DOMAIN }} + username: ${{ gitea.actor }} + password: ${{ secrets.TOKEN }} + - name: Push + run: | + docker push '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}' diff --git a/SfeduSchedule/Dockerfile b/SfeduSchedule/Dockerfile new file mode 100644 index 0000000..5bd42c1 --- /dev/null +++ b/SfeduSchedule/Dockerfile @@ -0,0 +1,22 @@ +FROM mcr.microsoft.com/dotnet/aspnet:9.0-alpine3.22 AS base +USER $APP_UID +WORKDIR /app +EXPOSE 8080 + +FROM mcr.microsoft.com/dotnet/sdk:9.0-alpine3.22 AS build +ARG BUILD_CONFIGURATION=Release +WORKDIR /src +COPY ["SfeduSchedule.csproj", "SfeduSchedule.csproj"] +RUN dotnet restore "SfeduSchedule.csproj" +COPY . . +WORKDIR "/src" +RUN dotnet build "SfeduSchedule.csproj" -c $BUILD_CONFIGURATION -o /app/build + +FROM build AS publish +ARG BUILD_CONFIGURATION=Release +RUN dotnet publish "SfeduSchedule.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false + +FROM base AS final +WORKDIR /app +COPY --from=publish /app/publish . +ENTRYPOINT ["dotnet", "SfeduSchedule.dll"] \ No newline at end of file