Skip to content

Merge FEGA related components from pipeline into SDA #370

Merge FEGA related components from pipeline into SDA

Merge FEGA related components from pipeline into SDA #370

name: Build PR container
on:
pull_request:
paths-ignore:
- ".github/**"
- ".gitignore"
- "**/README.md"
env:
PR_NUMBER: ${{ github.event.number }}
jobs:
build_go_images:
name: Build PR image (golang)
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Log in to the Github Container registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build container for sda-auth
uses: docker/build-push-action@v4
with:
context: ./sda-auth
push: true
tags: |
ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-auth
ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-auth
labels: |
org.opencontainers.image.source=${{ github.event.repository.clone_url }}
org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
org.opencontainers.image.revision=${{ github.sha }}
- name: Build container for sda-download
uses: docker/build-push-action@v4
with:
context: ./sda-download
push: true
tags: |
ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-download
ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-download
labels: |
org.opencontainers.image.source=${{ github.event.repository.clone_url }}
org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
org.opencontainers.image.revision=${{ github.sha }}
- name: Build container for sda-pipeline
uses: docker/build-push-action@v4
with:
context: ./sda-pipeline
push: true
tags: |
ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-pipeline
ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-pipeline
labels: |
org.opencontainers.image.source=${{ github.event.repository.clone_url }}
org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
org.opencontainers.image.revision=${{ github.sha }}
- name: Build container for sensitive-data-archive
uses: docker/build-push-action@v4
with:
context: ./sda
push: true
tags: |
ghcr.io/${{ github.repository }}:sha-${{ github.sha }}
ghcr.io/${{ github.repository }}:PR${{ github.event.number }}
labels: |
org.opencontainers.image.source=${{ github.event.repository.clone_url }}
org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
org.opencontainers.image.revision=${{ github.sha }}
build_server_images:
name: Build PR image (servers)
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Log in to the Github Container registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build container for postgres
uses: docker/build-push-action@v4
with:
context: ./postgresql
push: true
tags: |
ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-postgres
ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-postgres
labels: |
org.opencontainers.image.source=${{ github.event.repository.clone_url }}
org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
org.opencontainers.image.revision=${{ github.sha }}
- name: Build container for rabbitmq
uses: docker/build-push-action@v4
with:
context: ./rabbitmq
push: true
tags: |
ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-rabbitmq
ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-rabbitmq
labels: |
org.opencontainers.image.source=${{ github.event.repository.clone_url }}
org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
org.opencontainers.image.revision=${{ github.sha }}
- name: Run Trivy vulnerability scanner on postgres
uses: aquasecurity/[email protected]
with:
image-ref: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-postgres
format: "sarif"
hide-progress: true
ignore-unfixed: true
output: 'postgres-results.sarif'
severity: "CRITICAL,HIGH"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'postgres-results.sarif'
category: postgres
- name: Run Trivy vulnerability scanner on rabbitmq
uses: aquasecurity/[email protected]
with:
image-ref: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-rabbitmq
format: "sarif"
hide-progress: true
ignore-unfixed: true
output: 'rabbitmq-results.sarif'
severity: "CRITICAL,HIGH"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'rabbitmq-results.sarif'
category: rabbitmq
build_java_images:
name: Build PR image (java)
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Log in to the Github Container registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build container for sda-sftp-inbox
uses: docker/build-push-action@v4
with:
context: ./sda-sftp-inbox
push: true
tags: |
ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-sftp-inbox
ghcr.io/${{ github.repository }}:PR${{ github.event.number }}-sftp-inbox
labels: |
org.opencontainers.image.source=${{ github.event.repository.clone_url }}
org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
org.opencontainers.image.revision=${{ github.sha }}
- name: Run Trivy vulnerability scanner on sftp-inbox
uses: aquasecurity/[email protected]
with:
image-ref: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-sftp-inbox
format: "sarif"
hide-progress: true
ignore-unfixed: true
output: 'inbox-results.sarif'
severity: "CRITICAL,HIGH"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'inbox-results.sarif'
category: sftp-inbox
rabbitmq:
needs:
- build_go_images
- build_server_images
name: rabbitmq-federation-test
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Test rabbitmq federation
run: docker compose -f .github/integration/rabbitmq-federation.yml run federation_test
postgres:
needs:
- build_server_images
name: postgres-test-suite
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Test postgres
run: docker compose -f .github/integration/postgres.yml run tests
sda:
needs:
- build_go_images
- build_server_images
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Test sensitive-data-archive
run: docker compose -f .github/integration/sda-integration.yml run integration_test