Skip to content

Build and Deploy

Build and Deploy #506

Workflow file for this run

name: Build and Deploy
on:
push:
branches: ["master"]
pull_request:
branches: ["master"]
schedule:
- cron: '0 6 * * *'
env:
TARGET: linux/amd64
BUILD_FLAGS: --no-cache
jobs:
build:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
with:
# Need tags for Makefile logic to work
fetch-depth: 0
- name: Build the Docker images
run: make images
scan:
needs: [ "build" ]
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
with:
# Need tags for Makefile logic to work
fetch-depth: 0
- name: Build the Docker image
env:
# amd build so that local 'docker images' can access images
TARGET: linux/amd64
BUILD_FLAGS: --load --no-cache
run: make images
- name: Scan image
id: scan
uses: anchore/scan-action@v3
with:
image: "pegasystems/k8s-wait-for:latest"
fail-build: true
severity-cutoff: "high"
output-format: sarif
- name: Log Scan Results
if: always()
run: |
echo "Failures:"
cat ${{ steps.scan.outputs.sarif }} | jq 'if .runs[0].tool.driver.rules != null then .runs[0].tool.driver.rules[].shortDescription.text else "" end' | grep -i "critical" || true
cat ${{ steps.scan.outputs.sarif }} | jq 'if .runs[0].tool.driver.rules != null then .runs[0].tool.driver.rules[].shortDescription.text else "" end' | grep -i "high" || true
echo "Warnings:"
cat ${{ steps.scan.outputs.sarif }} | jq 'if .runs[0].tool.driver.rules != null then .runs[0].tool.driver.rules[].shortDescription.text else "" end' | grep -i "medium" || true
cat ${{ steps.scan.outputs.sarif }} | jq 'if .runs[0].tool.driver.rules != null then .runs[0].tool.driver.rules[].shortDescription.text else "" end' | grep -i "low" || true
cat ${{ steps.scan.outputs.sarif }} | jq 'if .runs[0].tool.driver.rules != null then .runs[0].tool.driver.rules[].shortDescription.text else "" end' | grep -iv "critical\|high\|medium\|low" || true
- name: Publish Scan Results as Artifact
if: always()
uses: actions/upload-artifact@v4
with:
name: docker-scan-results
path: ${{ steps.scan.outputs.sarif }}
- name: View sarif file
if: always()
run: |
cat ${{ steps.scan.outputs.sarif }}
- name: Upload Anchore Scan SARIF Report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
deploy:
name: Push to DockerHub
if: ${{ github.ref == 'refs/heads/master' && github.repository == 'pegasystems/k8s-wait-for' }}
runs-on: ubuntu-latest
needs: [scan, test]
steps:
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Check out working repository
uses: actions/checkout@v2
- name: Push image to dockerhub
run: make push
test:
name: Container Tests
runs-on: ubuntu-latest
if: always()
needs: [build, scan]
env:
CHANGE_MINIKUBE_NONE_USER: true
MINIKUBE_WANTUPDATENOTIFICATION: false
MINIKUBE_WANTREPORTERRORPROMPT: false
steps:
#- name: Login to Docker Hub
# uses: docker/login-action@v1
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_TOKEN }}
#- name: Check out working repository
# uses: actions/checkout@v2
- uses: actions/checkout@v3
with:
# Need tags for Makefile logic to work
fetch-depth: 0
- name: Setup environment variables
run: |
echo "MINIKUBE_HOME=$HOME" >> $GITHUB_ENV
echo "KUBECONFIG=$HOME/.kube/config" >> $GITHUB_ENV
- name: Build the Docker image
env:
# amd build so that local 'docker images' can access images
TARGET: linux/amd64
BUILD_FLAGS: --load --no-cache
run: make test
- name: Run Container Tests
run: |
curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64
chmod +x container-structure-test-linux-amd64
sudo mv container-structure-test-linux-amd64 /usr/local/bin/container-structure-test
- name: Install prerequisites
run: |
curl -o bash_unit "https://raw.githubusercontent.com/pgrange/bash_unit/master/bash_unit"
chmod +x bash_unit
curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/v1.23.15/bin/linux/amd64/kubectl && chmod +x kubectl && sudo mv kubectl /usr/local/bin/
curl -Lo minikube https://storage.googleapis.com/minikube/releases/v1.28.0/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/
mkdir -p $HOME/.kube $HOME/.minikube
touch $KUBECONFIG
sudo apt-get install -y conntrack
minikube start --vm-driver=none --kubernetes-version=v1.23.15
echo "minikube startup complete."
docker save -o k8s-wait-for-test pegasystems/k8s-wait-for:test
minikube image load k8s-wait-for-test
echo "Sleeping for 10s..."
sleep 10
- name: Ensure kubernetes is ready
run: |
kubectl cluster-info
JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}'; until kubectl -n kube-system get pods -lk8s-app=kube-dns -o jsonpath="$JSONPATH" 2>&1 | grep -q "Ready=True"; do sleep 1;echo "waiting for kube-dns to be available"; kubectl get pods --all-namespaces; done
- name: Run functional tests
run: |
kubectl apply -f tests/kubernetes-role-access.yaml
./bash_unit tests/test_*