feat: Build and release pipelines (#1)

* feat: Build and release pipelins * feat: Build and release pipelins * feat: replaced the pipeline
pagopa · Oct 11, 2022 · 71d414b · 71d414b
1 parent 94b1444
commit 71d414b
Show file tree

Hide file tree

Showing 6 changed files with 136 additions and 6 deletions.
diff --git a/src/.dockerignore → .dockerignore b/src/.dockerignore → .dockerignore
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
@@ -0,0 +1,55 @@
+name: "Validate PR title"
+
+on:
+ pull_request_target:
+ types:
+ - opened
+ - edited
+ - synchronize
+
+jobs:
+ main:
+ name: Validate PR title
+ runs-on: ubuntu-latest
+ steps:
+ # Please look up the latest version from
+ # https://github.com/amannn/action-semantic-pull-request/releases
+ - uses: amannn/[email protected]
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ # Configure which types are allowed.
+ # Default: https://github.com/commitizen/conventional-commit-types
+ types: |
+ fix
+ feat
+ docs
+ chore
+ breaking
+ # Configure that a scope must always be provided.
+ requireScope: false
+ # Configure additional validation for the subject based on a regex.
+ # This example ensures the subject starts with an uppercase character.
+ subjectPattern: ^[A-Z].+$
+ # If `subjectPattern` is configured, you can use this property to override
+ # the default error message that is shown when the pattern doesn't match.
+ # The variables `subject` and `title` can be used within the message.
+ subjectPatternError: |
+ The subject "{subject}" found in the pull request title "{title}"
+ didn't match the configured pattern. Please ensure that the subject
+ starts with an uppercase character.
+ # For work-in-progress PRs you can typically use draft pull requests
+ # from Github. However, private repositories on the free plan don't have
+ # this option and therefore this action allows you to opt-in to using the
+ # special "[WIP]" prefix to indicate this state. This will avoid the
+ # validation of the PR title and the pull request checks remain pending.
+ # Note that a second check will be reported if this is enabled.
+ wip: true
+ # When using "Squash and merge" on a PR with only one commit, GitHub
+ # will suggest using that commit message instead of the PR title for the
+ # merge commit, and it's easy to commit this by mistake. Enable this option
+ # to also validate the commit message for one commit PRs.
+ validateSingleCommit: false
+ # Related to `validateSingleCommit` you can opt-in to validate that the PR
+ # title matches a single commit to avoid confusion.
+ validateSingleCommitMatchesPrTitle: false
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,60 @@
+name: Release
+
+on:
+ # Trigger the workflow on push or pull request,
+ # but only for the main branch
+ push:
+ branches:
+ - main
+ paths-ignore:
+ - 'CODEOWNERS'
+ - '**.md'
+ - '.**'
+ - 'pagopa_it/**'
+
+jobs:
+ release:
+ name: Release
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout
+ id: checkout
+ uses: actions/checkout@v2
+ with:
+ persist-credentials: false
+ fetch-depth: 0
+
+ - name: Release
+ id: release
+ uses: cycjimmy/semantic-release-action@v2
+ with:
+ semantic_version: 18.0.0
+ extra_plugins: |
+ @semantic-release/[email protected]
+ @semantic-release/[email protected]
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Log in to the Container registry
+ id: docker_login
+ if: steps.release.outputs.new_release_published == 'true'
+ uses: docker/login-action@v2
+ with:
+ registry: ghcr.io
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Build and push Docker image
+ id: docker_build_push
+ if: steps.release.outputs.new_release_published == 'true'
+ uses: docker/build-push-action@v3
+ with:
+ context: .
+ push: true
+ tags: |
+ ghcr.io/${{ github.repository }}:latest
+ ghcr.io/${{ github.repository }}:v${{ steps.release.outputs.new_release_version }}
+ labels: |
+ maintainer=https://pagopa.it
+ org.opencontainers.image.source=https://github.com/${{ github.repository }}
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -3,16 +3,16 @@
 # separate terms of service, privacy policy, and support
 # documentation.
 
-name: build
+name: docker-security-scan
 
 on:
  push:
- branches: [ "main" ]
+ branches: [ "main", "master" ]
  pull_request:
  # The branches below must be a subset of the branches above
- branches: [ "main" ]
+ branches: [ "main", "master" ]
  schedule:
- - cron: '38 5 * * 5'
+ - cron: '24 5 * * 6'
 
 permissions:
  contents: read
@@ -45,4 +45,4 @@ jobs:
  - name: Upload Trivy scan results to GitHub Security tab
  uses: github/codeql-action/upload-sarif@v2
  with:
- sarif_file: 'trivy-results.sarif'
+ sarif_file: 'trivy-results.sarif'
diff --git a/.releaserc.json b/.releaserc.json
@@ -0,0 +1,15 @@
+{
+ "branches": ["main", "master"],
+ "ci": false,
+ "plugins": [
+ [
+ "@semantic-release/commit-analyzer",
+ {
+ "preset": "angular",
+ "releaseRules": [{ "type": "breaking", "release": "major" }]
+ }
+ ],
+ "@semantic-release/release-notes-generator",
+ "@semantic-release/github"
+ ]
+ }
diff --git a/src/Dockerfile → Dockerfile b/src/Dockerfile → Dockerfile
@@ -8,7 +8,7 @@ WORKDIR /app
 #ENV NODE_ENV=production
 
 # Copy the required files
-COPY app .
+COPY src/app .
 
 # Install dependencies and run build
 RUN yarn --frozen-lockfile