Move Trivy DB mirror workflow to cli (#185) #89
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and deploy to Atlas with Dockerfile on Google Cloud | |
on: | |
push: | |
branches: [trunk] | |
## Adding a path filter will only trigger the workflow if the files in the path are modified. | |
## This is very useful if you have a monorepo structure. | |
## See https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore for more information. | |
## | |
# paths: | |
# - 'applications/my-app/**' | |
## | |
# pull_request: | |
# branches: [trunk] | |
env: | |
SYSTEM_NAME: 'core' | |
APPLICATION_NAME: 'demo-api-go' | |
PROJECT_FILE: 'applications/demo-api-go/Dockerfile' | |
HELM_VALUES_FILE: '.github/deploy/values-demo-api-go.yml' | |
jobs: | |
build-scan: | |
name: Build and Scan | |
runs-on: elvia-runner | |
permissions: | |
actions: read | |
contents: write | |
id-token: write | |
pull-requests: write | |
security-events: write | |
# Limits the number of concurrent runs of this job to one, and cancels any in progress. | |
concurrency: | |
group: '${{ github.workflow }}-${{ github.ref }}-build-scan' | |
cancel-in-progress: true | |
environment: build | |
steps: | |
# START REMOVE FROM EXAMPLE | |
- name: Get GitHub App token | |
uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ vars.GH_APP_ID }} | |
owner: ${{ github.repository_owner }} | |
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
repositories: 'core' | |
- name: Checkout core repository | |
uses: actions/checkout@v4 | |
with: | |
repository: '3lvia/core' | |
token: ${{ steps.app-token.outputs.token }} | |
# END REMOVE FROM EXAMPLE | |
- uses: 3lvia/core-github-actions-templates/build@trunk | |
with: | |
name: ${{ env.APPLICATION_NAME }} | |
namespace: ${{ env.SYSTEM_NAME }} | |
project-file: ${{ env.PROJECT_FILE }} | |
trivy-upload-report: 'false' | |
trivy-post-comment: 'true' | |
AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }} | |
# START REMOVE FROM EXAMPLE | |
checkout: 'false' | |
# END REMOVE FROM EXAMPLE | |
deploy-dev: | |
name: Deploy Dev | |
# Require all jobs below to be successful before running this job. | |
# Any of these can be commented out or removed if you want to deploy anyway. | |
needs: | |
- build-scan | |
runs-on: elvia-runner | |
permissions: | |
contents: read | |
id-token: write | |
# Limits the number of concurrent runs of this job to one, and cancels any in progress. | |
concurrency: | |
group: 'dev-google--this-group-is-replaced-in-final-example-needs-this-to-not-deploy-demo-api-go-simultaneously-in-two-examples' | |
environment: dev | |
steps: | |
# START REMOVE FROM EXAMPLE | |
- name: Get GitHub App token | |
uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ vars.GH_APP_ID }} | |
owner: ${{ github.repository_owner }} | |
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
repositories: 'core' | |
- name: Checkout core repository | |
uses: actions/checkout@v4 | |
with: | |
repository: '3lvia/core' | |
token: ${{ steps.app-token.outputs.token }} | |
# END REMOVE FROM EXAMPLE | |
- uses: 3lvia/core-github-actions-templates/deploy@trunk | |
with: | |
name: ${{ env.APPLICATION_NAME }} | |
namespace: ${{ env.SYSTEM_NAME }} | |
environment: 'dev' | |
helm-values-file: ${{ env.HELM_VALUES_FILE }} | |
runtime-cloud-provider: 'GKE' | |
# Will post to the Slack channel of your system if the deployment fails. | |
# Can be commented out if you don't want this. | |
slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts' | |
GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }} | |
GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }} | |
# START REMOVE FROM EXAMPLE | |
checkout: 'false' | |
# END REMOVE FROM EXAMPLE | |
deploy-test: | |
name: Deploy Test | |
# Only deploy to test after dev | |
needs: [deploy-dev] | |
runs-on: elvia-runner | |
permissions: | |
contents: read | |
id-token: write | |
# Limits the number of concurrent runs of this job to one, and cancels any in progress. | |
concurrency: | |
group: 'test-google--this-group-is-replaced-in-final-example-needs-this-to-not-deploy-demo-api-go-simultaneously-in-two-examples' | |
environment: test | |
# Only on push to trunk | |
if: github.ref == 'refs/heads/trunk' | |
steps: | |
# START REMOVE FROM EXAMPLE | |
- name: Get GitHub App token | |
uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ vars.GH_APP_ID }} | |
owner: ${{ github.repository_owner }} | |
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
repositories: 'core' | |
- name: Checkout core repository | |
uses: actions/checkout@v4 | |
with: | |
repository: '3lvia/core' | |
token: ${{ steps.app-token.outputs.token }} | |
# END REMOVE FROM EXAMPLE | |
- uses: 3lvia/core-github-actions-templates/deploy@trunk | |
with: | |
name: ${{ env.APPLICATION_NAME }} | |
namespace: ${{ env.SYSTEM_NAME }} | |
environment: 'test' | |
helm-values-file: ${{ env.HELM_VALUES_FILE }} | |
runtime-cloud-provider: 'GKE' | |
# Will post to the Slack channel of your system if the deployment fails. | |
# Can be commented out if you don't want this. | |
slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts' | |
GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }} | |
GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }} | |
# START REMOVE FROM EXAMPLE | |
checkout: 'false' | |
# END REMOVE FROM EXAMPLE | |
deploy-prod: | |
name: Deploy Prod | |
# Only deploy to prod after test | |
needs: [deploy-test] | |
runs-on: elvia-runner | |
permissions: | |
contents: read | |
id-token: write | |
# Limits the number of concurrent runs of this job to one, and cancels any in progress. | |
concurrency: | |
group: 'prod-google--this-group-is-replaced-in-final-example-needs-this-to-not-deploy-demo-api-go-simultaneously-in-two-examples' | |
environment: prod | |
# Only on push to trunk | |
if: github.ref == 'refs/heads/trunk' | |
steps: | |
# START REMOVE FROM EXAMPLE | |
- name: Get GitHub App token | |
uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ vars.GH_APP_ID }} | |
owner: ${{ github.repository_owner }} | |
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
repositories: 'core' | |
- name: Checkout core repository | |
uses: actions/checkout@v4 | |
with: | |
repository: '3lvia/core' | |
token: ${{ steps.app-token.outputs.token }} | |
# END REMOVE FROM EXAMPLE | |
- uses: 3lvia/core-github-actions-templates/deploy@trunk | |
with: | |
name: ${{ env.APPLICATION_NAME }} | |
namespace: ${{ env.SYSTEM_NAME }} | |
environment: 'prod' | |
helm-values-file: ${{ env.HELM_VALUES_FILE }} | |
runtime-cloud-provider: 'GKE' | |
# Will post to the Slack channel of your system if the deployment fails. | |
# Can be commented out if you don't want this. | |
slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts' | |
GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }} | |
GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }} | |
# START REMOVE FROM EXAMPLE | |
checkout: 'false' | |
# END REMOVE FROM EXAMPLE |