Skip to content

Commit cf055ef

Browse files
[CI] Deploy CI
1 parent ec6f7cb commit cf055ef

1 file changed

Lines changed: 4 additions & 144 deletions

File tree

Lines changed: 4 additions & 144 deletions
Original file line numberDiff line numberDiff line change
@@ -1,152 +1,12 @@
11
name: "[Push] Build dev"
22

33
on:
4-
push:
5-
branches:
6-
- master
7-
paths-ignore:
8-
- '.github/**'
9-
- 'src/VERSION'
10-
- 'docs/**'
114
workflow_dispatch:
125

13-
env:
14-
SLACK_WEBHOOK_URL: ${{secrets.SLACK_WEBHOOK_URL}}
15-
166
jobs:
17-
versioning:
18-
runs-on: ubuntu-latest
19-
outputs:
20-
version: ${{ steps.versioning.outputs.VERSION }}
21-
steps:
22-
- uses: actions/checkout@v2
23-
- name: get current date
24-
run: |
25-
sudo ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime
26-
echo "TIME=$(date +'%Y%m%d.%H%M%S')" >> $GITHUB_ENV
27-
- name: set version with current date
28-
id: versioning
29-
run: |
30-
echo "::set-output name=VERSION::$(cat src/VERSION | cut -c 2-).${{ env.TIME }}"
31-
- name: Notice when job fails
32-
if: failure()
33-
uses: 8398a7/action-slack@v3.2.0
34-
with:
35-
status: ${{job.status}}
36-
fields: repo,workflow,job
37-
author_name: Github Action Slack
38-
39-
docker:
40-
if: github.repository_owner == 'cloudforet-io'
41-
needs: versioning
42-
runs-on: ubuntu-latest
43-
env:
44-
VERSION: ${{ needs.versioning.outputs.version }}
45-
steps:
46-
- uses: actions/checkout@v2
47-
- name: get service name
48-
run: |
49-
echo "SERVICE=$(echo ${{ github.repository }} | cut -d '/' -f2)" >> $GITHUB_ENV
50-
- name: Upload docker
51-
uses: docker/build-push-action@v1
52-
with:
53-
path: .
54-
repository: pyengine/${{ env.SERVICE }}
55-
username: ${{ secrets.DOCKER_USERNAME }}
56-
password: ${{ secrets.DOCKER_PASSWORD }}
57-
tags: ${{ env.VERSION }}
58-
- name: Notice when job fails
59-
if: failure()
60-
uses: 8398a7/action-slack@v3.2.0
61-
with:
62-
status: ${{job.status}}
63-
fields: repo,workflow,job
64-
author_name: Github Action Slack
65-
66-
scan:
67-
needs: docker
68-
runs-on: ubuntu-20.04
7+
none:
8+
run-on: ubuntu-latest
699
steps:
70-
- name: Run Trivy vulnerability scanner
71-
id: trivy-scan
72-
uses: aquasecurity/trivy-action@master
73-
with:
74-
image-ref: pyengine/${{ github.event.repository.name }}:${{ env.VERSION }}
75-
format: 'sarif'
76-
output: 'trivy-results.sarif'
77-
ignore-unfixed: true
78-
vuln-type: 'os,library'
79-
severity: 'CRITICAL,HIGH'
80-
81-
- name: Upload Trivy scan results to GitHub Security tab
82-
uses: github/codeql-action/upload-sarif@v2
83-
with:
84-
sarif_file: 'trivy-results.sarif'
10+
- name: none
8511

86-
- name: Count vulnerabilities
87-
id: vulnerabilities
88-
run: |
89-
count=$(jq '.runs[].results[].ruleId' ./trivy-results.sarif | wc -c)
90-
echo "result_count=$count" >> $GITHUB_OUTPUT
91-
echo "$count"
92-
93-
- name: slack
94-
if: ${{ steps.vulnerabilities.outputs.result_count != 0 }}
95-
uses: 8398a7/action-slack@v3
96-
with:
97-
status: custom
98-
fields: workflowRun
99-
custom_payload: |
100-
{
101-
"blocks": [
102-
{
103-
"type": "section",
104-
"text": {
105-
"type": "mrkdwn",
106-
"text": ":warning: Image vulnerability detected"
107-
}
108-
},
109-
{
110-
"type": "section",
111-
"fields": [
112-
{
113-
"type": "mrkdwn",
114-
"text": "*Image:*\n$pyengine/${{ github.event.repository.name }}:${{ env.VERSION }}"
115-
},
116-
{
117-
"type": "mrkdwn",
118-
"text": "*Repo name:*\n${{ github.repository }}"
119-
}
120-
]
121-
},
122-
{
123-
"type": "actions",
124-
"elements": [
125-
{
126-
"type": "button",
127-
"text": {
128-
"type": "plain_text",
129-
"emoji": true,
130-
"text": "View Detail"
131-
},
132-
"style": "danger",
133-
"url": "https://github.com/${{ github.repository }}/security/code-scanning"
134-
}
135-
]
136-
}
137-
]
138-
}
139-
env:
140-
SLACK_WEBHOOK_URL: ${{secrets.VULNERABILITY_SLACK_WEBHOOK_URL}}
141-
142-
notification:
143-
runs-on: ubuntu-latest
144-
needs: docker
145-
steps:
146-
- name: Slack
147-
if: always()
148-
uses: 8398a7/action-slack@v3.2.0
149-
with:
150-
status: ${{job.status}}
151-
fields: repo,message,commit,author,action,ref,workflow,job
152-
author_name: Github Action Slack
12+
# deprecated workflow

0 commit comments

Comments
 (0)