artifacts implemented in cicd
Some checks failed
Build and Deploy Demo App (Artifacts) / test (push) Successful in 11s
Build and Deploy Demo App (Artifacts) / build (push) Failing after 29s
Build and Deploy Demo App (Artifacts) / scan (push) Has been skipped
Build and Deploy Demo App (Artifacts) / deploy (push) Has been skipped
Some checks failed
Build and Deploy Demo App (Artifacts) / test (push) Successful in 11s
Build and Deploy Demo App (Artifacts) / build (push) Failing after 29s
Build and Deploy Demo App (Artifacts) / scan (push) Has been skipped
Build and Deploy Demo App (Artifacts) / deploy (push) Has been skipped
This commit is contained in:
@@ -1,4 +1,5 @@
|
||||
name: Build and Deploy Demo App
|
||||
# .gitea/workflows/cicd.yaml
|
||||
name: Build and Deploy Demo App (Artifacts)
|
||||
|
||||
on:
|
||||
push:
|
||||
@@ -21,7 +22,7 @@ jobs:
|
||||
- name: Install deps
|
||||
run: pip install -r requirements.txt
|
||||
|
||||
- name: Run tests
|
||||
- name: Run tests (SQLite fallback)
|
||||
env:
|
||||
DB_USER: "" # force SQLite fallback in app.py
|
||||
DB_PASS: ""
|
||||
@@ -39,6 +40,17 @@ jobs:
|
||||
- name: Build Docker image
|
||||
run: docker build -t demo-app:latest .
|
||||
|
||||
- name: Save Docker image to tar
|
||||
run: docker save demo-app:latest > demo-app.tar
|
||||
|
||||
- name: Upload image artifact
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: demo-image
|
||||
path: demo-app.tar
|
||||
if-no-files-found: error
|
||||
# retention-days: 7 # optional; depends on your Gitea settings
|
||||
|
||||
# ---------- SCAN ----------
|
||||
scan:
|
||||
needs: build
|
||||
@@ -47,11 +59,16 @@ jobs:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
# Rebuild image in this job so it's available locally
|
||||
- name: Build Docker image for scan
|
||||
run: docker build -t demo-app:latest .
|
||||
- name: Download image artifact
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
name: demo-image
|
||||
path: .
|
||||
|
||||
# Trivy via Docker (no GitHub/Gitea action)
|
||||
- name: Load Docker image from artifact
|
||||
run: docker load -i demo-app.tar
|
||||
|
||||
# Trivy via Docker (no marketplace action needed)
|
||||
- name: Scan image with Trivy
|
||||
run: |
|
||||
docker run --rm \
|
||||
@@ -67,12 +84,11 @@ jobs:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
# Rebuild image for deployment
|
||||
- name: Build Docker image for deploy
|
||||
run: docker build -t demo-app:latest .
|
||||
|
||||
- name: Save Docker image to tar
|
||||
run: docker save demo-app:latest > demo-app.tar
|
||||
- name: Download image artifact
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
name: demo-image
|
||||
path: .
|
||||
|
||||
- name: Set up SSH
|
||||
run: |
|
||||
@@ -115,7 +131,7 @@ jobs:
|
||||
echo "DB_NAME=${{ secrets.DB_NAME }}" >> .env
|
||||
|
||||
# Load the new image from the tarball
|
||||
docker load -i demo-app.tar
|
||||
docker load -I demo-app.tar || docker load -i demo-app.tar # compatibility
|
||||
|
||||
# Make sure we actually have a compose file here
|
||||
if [ ! -f docker-compose.yml ]; then
|
||||
@@ -129,6 +145,5 @@ jobs:
|
||||
docker compose -f docker-compose.yml --env-file .env up -d --remove-orphans
|
||||
|
||||
# Clean up
|
||||
rm demo-app.tar
|
||||
rm -f demo-app.tar
|
||||
EOF
|
||||
|
||||
|
||||
Reference in New Issue
Block a user