Skip to content
CI pipeline admin server

PILOT-5954: Remove trivy scan results #14

Sign in to view logs

PILOT-5954: Remove trivy scan results

PILOT-5954: Remove trivy scan results #14

Workflow file for this run

.github/workflows/pilot-pipeline-admin-server.yml at 66f2541
name: CI pipeline admin server
on:
push:
branches:
- pilot_develop
paths:
- 'modules/admin/**'
pull_request:
branches:
- pilot_develop
paths:
- 'modules/admin/**'
jobs:
extract-branch-name:
runs-on: ubuntu-20.04
outputs:
branch: ${{steps.extract_branch.outputs.branch}}
steps:
- name: Extract Branch Name
id: extract_branch
shell: bash
run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT
get-version:
runs-on: ubuntu-20.04
outputs:
app_version: ${{steps.get-version.outputs.app_version}}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Get Version
id: get-version
shell: bash
run: |
BRANCH=${GITHUB_REF#refs/heads/}
BASE_VERSION=`sed -n 's/^ *"version":.*"\([^"]*\)".*/\1/p' modules/admin/package.json`
echo "app_version=$BASE_VERSION" >> $GITHUB_OUTPUT
build-and-push-admin-server-image:
needs: [extract-branch-name, get-version]
name: Build admin server Docker image and push to repositories
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
- name: Login to Github Packages
uses: docker/login-action@v2
with:
registry: indocpilot.azurecr.io
username: ${{ secrets.ACR_CLIENT }}
password: ${{ secrets.ACR_SECRET }}
- name: Docker metadata
id: meta
uses: docker/metadata-action@v4
with:
# list of Docker images to use as base name for tags
images: |
indocpilot.azurecr.io/arranger/arranger-admin-server
# generate Docker tags based on the following events/attributes
sep-tags: ','
tags: |
type=raw,prefix=arranger-admin-server-,suffix=,value=${{needs.get-version.outputs.app_version}}
# - name: Image digest
# run: echo ${{ steps.meta.outputs.tags }}
- name: Image digest
run: echo ${{ steps.meta.outputs.tags }}
- name: Check if Docker image tags exist
shell: bash
run: |
image_tag=$(echo "${{ steps.meta.outputs.tags }}")
if docker manifest inspect $image_tag >/dev/null; then
echo "Docker image with tag already exists. Please update the version."
exit 1
else
echo "Image tags do not exist, proceeding..."
fi
- name: Build image and push to GitHub Container Registry
uses: docker/build-push-action@v4
with:
# relative path to the place where source code with Dockerfile is located
context: .
# Note: tags has to be all lower-case
tags: ${{ steps.meta.outputs.tags }}
# build on feature branches, push only on main branch
push: ${{ github.event_name != 'pull_request' }}
# Sets the target stage to build
target: arranger-admin-server
load: true
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
image-ref: '${{ steps.meta.outputs.tags }}'
format: 'table'
severity: 'CRITICAL'
exit-code: '1'
trivyignores: .github/.trivyignore
env:
TRIVY_IGNORE_STATUS: 'will_not_fix'
trigger_pilot_dev_deployment:
needs: [build-and-push-admin-server-image, get-version]
runs-on: ubuntu-20.04
if: github.event_name != 'pull_request'
steps:
- name: Checkout helmfile repo
uses: actions/checkout@v2
with:
repository: PilotDataPlatform/pilot-helmfile
ref: 'main' #always checkout main branch
ssh-key: ${{ secrets.PILOT_HELMFILE_REPO_DEPLOYMENT_KEY }}
- name: Update service version
run: |
git config user.name "GitHub Actions"
git config user.email "[email protected]"
BASE_FILE='./helmfile.d/values/shared/lab/shared-services-values.yaml'
pattern="arranger_admin_server"
current_version=$(grep -m 1 $pattern $BASE_FILE)
echo "current version is $current_version"
sed -i "/$pattern/,/charts/ s/$current_version/ $pattern: ${{needs.get-version.outputs.app_version}}/" $BASE_FILE
git add $BASE_FILE
git commit -m "Deploy arranger-admin-server ${{needs.get-version.outputs.app_version}} [app_name:arranger-admin-server, app_version:${{needs.get-version.outputs.app_version}}]"
git push origin main