CI/CD #191
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
on: | |
push: | |
tags: | |
- "[0-9]+.[0-9]+.[0-9]+" | |
schedule: | |
- cron: "0 5 * * 0" | |
workflow_dispatch: | |
env: | |
USER: loganmarchione | |
REPO: docker-postfixrelay | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the codebase | |
uses: actions/checkout@v4 | |
- name: Lint Dockerfile with Hadolint | |
uses: hadolint/hadolint-action@v3.1.0 | |
with: | |
failure-threshold: error | |
ignore: DL3008,DL3018 | |
ci: | |
name: Build and test | |
needs: lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the codebase | |
uses: actions/checkout@v4 | |
- name: Set variables | |
run: | | |
VER=$(cat VERSION) | |
echo "VERSION=$VER" >> $GITHUB_ENV | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build Docker Image | |
uses: docker/build-push-action@v6 | |
with: | |
push: false | |
context: . | |
file: Dockerfile | |
load: true | |
tags: | | |
${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }} | |
${{ env.USER }}/${{ env.REPO }}:latest | |
- name: Test image | |
run: | | |
docker images | |
docker run --name test-container --detach --env TZ=America/New_York --env RELAY_HOST=smtp.domain.com --env RELAY_PORT=587 --volume 'postfixrelay_data:/var/spool/postfix' ${USER}/${REPO}:${VERSION} | |
docker ps -a | |
docker exec --tty test-container /bin/sh -c "which postfix && postconf -d mail_version" | |
# - name: Container scan with Dockle | |
# uses: goodwithtech/dockle-action@v0.1.2 | |
# with: | |
# image: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}' | |
# format: 'list' | |
# exit-code: '1' | |
# exit-level: 'warn' | |
# ignore: 'CIS-DI-0001,CIS-DI-0010' | |
- name: Container scan with Trivy | |
uses: aquasecurity/trivy-action@0.24.0 | |
with: | |
scan-type: 'image' | |
image-ref: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}' | |
trivy-config: ./github/trivy.yaml | |
cd: | |
name: Deploy | |
needs: ci | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the codebase | |
uses: actions/checkout@v4 | |
- name: Set variables | |
run: | | |
VER=$(cat VERSION) | |
echo "VERSION=$VER" >> $GITHUB_ENV | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USER }} | |
password: ${{ secrets.DOCKER_HUB_PASS }} | |
logout: true | |
- name: Build Docker Image | |
uses: docker/build-push-action@v6 | |
with: | |
push: true | |
context: . | |
file: Dockerfile | |
platforms: linux/amd64,linux/arm64,linux/arm/v7 | |
tags: | | |
${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }} | |
${{ env.USER }}/${{ env.REPO }}:latest |