gitea/devops
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Improved Pipeline manifest
Some checks failed
Build and Deploy Demo App / test (push) Successful in 12s
Details
Build and Deploy Demo App / build_scan_deploy (push) Failing after 10m42s
Details

Browse Source
This commit is contained in:
gitea
2025-11-26 12:24:05 +03:30
parent 717b059670
commit 340d3ed95c
1 changed files with 10 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
.gitea/workflows/cicd.yaml
View File

@@ -6,6 +6,7 @@ on:
- main - main
jobs: jobs:
# 1) Run tests first
test: test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@@ -27,7 +28,8 @@ jobs:
DB_NAME: '' DB_NAME: ''
run: pytest run: pytest
build: # 2) Build image, scan it, and deploy (all on the same runner)
build_scan_deploy:
needs: test needs: test
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@@ -47,28 +49,13 @@ jobs:
- name: Build Docker image - name: Build Docker image
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
load: true load: true # load image into local Docker
tags: demo-app:latest tags: demo-app:latest
cache-from: type=local,src=/tmp/.buildx-cache cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
- name: Save Docker image to tar # --- Security scan happens on the same runner as the build ---
run: docker save demo-app:latest > demo-app.tar - name: Scan image with Trivy
# demo-app.tar now lives in the shared workspace for later jobs
scan:
needs: build
runs-on: ubuntu-latest
steps:
- name: Checkout code (keep demo-app.tar)
uses: actions/checkout@v4
with:
clean: false # do NOT git clean; preserves demo-app.tar
- name: Load image from tar
run: docker load -i demo-app.tar
- name: Scan Image
uses: aquasecurity/trivy-action@master uses: aquasecurity/trivy-action@master
with: with:
image-ref: demo-app:latest image-ref: demo-app:latest
@@ -76,14 +63,11 @@ jobs:
exit-code: 1 exit-code: 1
severity: CRITICAL,HIGH severity: CRITICAL,HIGH
deploy: # If Trivy finds HIGH/CRITICAL vulns, the step above fails and
needs: [build, scan] # nothing below (including deploy) will run.
runs-on: ubuntu-latest
steps:
# no checkout here so we don't accidentally clean demo-app.tar
- name: Verify image tar exists - name: Save Docker image to tar
run: ls -lh demo-app.tar run: docker save demo-app:latest > demo-app.tar
- name: Set up SSH - name: Set up SSH
run: | run: |