CI #868
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| schedule: | |
| - cron: "13 13 * * *" | |
| push: | |
| branches: [master] | |
| paths: | |
| - ".github/workflows/**" | |
| - "src/**" | |
| - "theme/**" | |
| - "book.toml" | |
| - "Dockerfile" | |
| pull_request: | |
| branches: [master] | |
| paths: | |
| - ".github/workflows/**" | |
| - "src/**" | |
| - "theme/**" | |
| - "book.toml" | |
| - "Dockerfile" | |
| env: | |
| IMAGE_NAME: nikasproject/documentation | |
| REGISTRY: ghcr.io | |
| GITHUB_IMAGE_NAME: ${{ github.repository }}/documentation:latest | |
| MDBOOK_VERSION: 0.4.21 | |
| jobs: | |
| Pages: | |
| name: Pages | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Cancel previous workflow | |
| uses: styfle/[email protected] | |
| with: | |
| access_token: ${{ github.token }} | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Install Rust | |
| run: | | |
| rustup set profile minimal | |
| rustup toolchain install stable | |
| rustup default stable | |
| - name: Install mdbook | |
| run: | | |
| mkdir bin | |
| curl -sSL https://github.com/rust-lang/mdBook/releases/download/v0.4.15/mdbook-v0.4.15-x86_64-unknown-linux-gnu.tar.gz | tar -xz --directory=bin | |
| echo "$(pwd)/bin" >> $GITHUB_PATH | |
| - name: Run tests | |
| run: | | |
| mdbook build | |
| mdbook test | |
| - name: Deploy GitHub Pages | |
| if: github.event_name != 'pull_request' | |
| uses: JamesIves/[email protected] | |
| with: | |
| branch: gh-pages | |
| folder: book | |
| Docker: | |
| name: Docker | |
| needs: Pages | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Get Current Date | |
| id: date | |
| run: echo "::set-output name=date::$(date +'%Y-%m-%d')" | |
| - name: Create image name | |
| id: github-image | |
| uses: ASzc/change-string-case-action@v5 | |
| with: | |
| string: ${{ env.REGISTRY }}/${{ env.GITHUB_IMAGE_NAME }} | |
| - name: Build image | |
| run: docker build -t ${{ env.IMAGE_NAME }}:latest -t ${{ steps.github-image.outputs.lowercase }} --build-arg DATE_CREATED=${{ steps.date.outputs.date }} --build-arg MDBOOK_VERSION=${{ env.MDBOOK_VERSION }} . | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ steps.github-image.outputs.lowercase }} | |
| exit-code: "0" | |
| ignore-unfixed: true | |
| vuln-type: "os,library" | |
| severity: "CRITICAL,HIGH" | |
| format: "template" | |
| template: "@/contrib/sarif.tpl" | |
| output: "trivy-results.sarif" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: "trivy-results.sarif" | |
| - name: Push to Dockerhub | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| docker login -u hatamiarash7 -p "${{ secrets.DOCKERHUB_TOKEN }}" | |
| docker push ${{ env.IMAGE_NAME }}:latest | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| if: github.event_name != 'pull_request' | |
| uses: docker/[email protected] | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GB_TOKEN }} | |
| - name: Push to ${{ env.REGISTRY }} | |
| if: github.event_name != 'pull_request' | |
| run: docker push ${{ steps.github-image.outputs.lowercase }} |