This repository has been archived by the owner on Mar 4, 2024. It is now read-only.
Build and push dev-latest image #651
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and push dev-latest image | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| NODE_OPTIONS: "--max_old_space_size=4096" | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Configure git for private modules | |
| env: | |
| ROBOT_TOKEN: ${{ secrets.ROBOT_TOKEN }} | |
| run: git config --global url."https://percona-platform-robot:${ROBOT_TOKEN}@github.com".insteadOf "https://github.com" | |
| - name: Check out frontend repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: percona/percona-everest-frontend | |
| ref: 'main' | |
| path: percona-everest-frontend | |
| token: ${{ secrets.ROBOT_TOKEN }} | |
| - uses: pnpm/action-setup@v2 | |
| with: | |
| version: 8 | |
| - name: Run with Node 16 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'pnpm' | |
| cache-dependency-path: percona-everest-frontend/pnpm-lock.yaml | |
| - name: Build Everest Frontend app | |
| run: | | |
| cd percona-everest-frontend | |
| pnpm install | |
| EVEREST_OUT_DIR=build pnpm build | |
| mkdir ${GITHUB_WORKSPACE}/front | |
| cp -rvf ./build/* ${GITHUB_WORKSPACE}/front/ | |
| - name: Check out Everest Backend | |
| uses: actions/checkout@v4 | |
| with: | |
| path: ./backend | |
| fetch-depth: 0 | |
| - name: Embed Everest Frontend app into backend | |
| run: | | |
| cp -rf ${GITHUB_WORKSPACE}/front/* ${GITHUB_WORKSPACE}/backend/public/dist/ | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: './backend/go.mod' | |
| - name: Build Everest | |
| run: | | |
| cd ${GITHUB_WORKSPACE}/backend | |
| CGO_ENABLED=0 GOOS=linux GOARCH=amd64 make build | |
| - name: Setup docker build metadata | |
| uses: docker/metadata-action@v5 | |
| id: meta | |
| with: | |
| images: perconalab/everest | |
| tags: 0.0.0 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and Push everest dev image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: backend | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| scan: | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| steps: | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: 'docker.io/perconalab/everest:0.0.0' | |
| format: 'table' | |
| exit-code: '1' | |
| severity: 'CRITICAL,HIGH' |