-
Notifications
You must be signed in to change notification settings - Fork 66
133 lines (131 loc) · 6.13 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
on: [push]
env:
REGISTRY_DOMAIN: ${{ secrets.REGISTRY_DOMAIN }}
SERVICE_DOMAIN: localhost
jobs:
build:
name: Build/test and push
runs-on: ubuntu-latest
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
steps:
- name: Checkout source code
uses: actions/checkout@master
- name: Set inotify
run: |
echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p
- name: Login DockerHub
run: |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin $REGISTRY_DOMAIN
- name: Build api dev image
run: |
cd api
docker build . --target dev-stage -t $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:api-dev
docker push $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:api-dev
docker build . --target production-stage -t $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:api-latest
- name: Build backend dev image
run: |
cd backend
docker build . --target build-stage --build-arg NODE_ENV=development --build-arg BASE_URL=/backend/ -t $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:backend-dev
docker push $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:backend-dev
docker build . --target production-stage --build-arg NODE_ENV=production --build-arg BASE_URL=/backend/ -t $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:backend-latest
- name: Build frontend nuxt dev image
run: |
cd frontend-nuxt
docker build . --target build-stage --build-arg BASE_URL=/frontend-nuxt/ -t $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:frontend-nuxt-dev
docker push $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:frontend-nuxt-dev
docker build . --target production-stage --build-arg BASE_URL=/frontend-nuxt/ -t $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:frontend-nuxt-latest
- name: Build frontend vue dev image
run: |
cd frontend-vue
docker build . --target build-stage --build-arg NODE_ENV=development --build-arg BASE_URL=/frontend-vue/ -t $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:frontend-vue-dev
docker push $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:frontend-vue-dev
docker build . --target production-stage --build-arg NODE_ENV=production --build-arg BASE_URL=/frontend-vue/ -t $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:frontend-vue-latest
- name: Lint Dockerfile for api
uses: hadolint/[email protected]
with:
dockerfile: api/Dockerfile
- name: Lint Dockerfile for backend
uses: hadolint/[email protected]
with:
dockerfile: backend/Dockerfile
- name: Lint Dockerfile for frontend-nuxt
uses: hadolint/[email protected]
with:
dockerfile: frontend-nuxt/Dockerfile
- name: Lint Dockerfile for vue
uses: hadolint/[email protected]
with:
dockerfile: frontend-vue/Dockerfile
- name: Run Trivy vulnerability scanner API
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ secrets.REGISTRY_DOMAIN }}/chrisleekr/nodejs-vuejs-mysql-boilerplate:api-latest"
exit-code: "1"
severity: "CRITICAL,HIGH"
- name: Run Trivy vulnerability scanner backend
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ secrets.REGISTRY_DOMAIN }}/chrisleekr/nodejs-vuejs-mysql-boilerplate:backend-latest"
exit-code: "1"
severity: "CRITICAL,HIGH"
- name: Run Trivy vulnerability scanner frontend-nuxt
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ secrets.REGISTRY_DOMAIN }}/chrisleekr/nodejs-vuejs-mysql-boilerplate:frontend-nuxt-latest"
exit-code: "1"
severity: "CRITICAL,HIGH"
- name: Run Trivy vulnerability scanner frontend-vue
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ secrets.REGISTRY_DOMAIN }}/chrisleekr/nodejs-vuejs-mysql-boilerplate:frontend-vue-latest"
exit-code: "1"
severity: "CRITICAL,HIGH"
- name: Run docker compose for dev
run: |
docker-compose -f docker-compose.actions.yml pull
docker-compose -f docker-compose.actions.yml up -d
- name: Lint API
run: |
docker exec api npm run lint
- name: Test API
run: |
docker exec api npm run test
- name: Lint backend
run: |
docker exec backend npm run lint
- name: Unit test backend
run: |
docker exec backend npm run test:unit
- name: E2E test backend
run: |
docker exec backend npm run test:e2e -- --headless
- name: Lint frontend vue
run: |
docker exec frontend-vue npm run lint
- name: Unit test frontend vue
run: |
docker exec frontend-vue npm run test:unit
- name: E2E test frontend vue
run: |
docker exec frontend-vue npm run test:e2e -- --headless
- name: Unit test frontend nuxt
run: |
docker exec frontend-nuxt npm run test
- name: Build api latest image
if: github.ref == 'refs/heads/master'
run: |
docker push $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:api-latest
- name: Build frontend vue latest image
if: github.ref == 'refs/heads/master'
run: |
docker push $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:frontend-vue-latest
- name: Build frontend nuxt latest image
if: github.ref == 'refs/heads/master'
run: |
docker push $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:frontend-nuxt-latest
- name: Build backend latest image
if: github.ref == 'refs/heads/master'
run: |
docker push $REGISTRY_DOMAIN/chrisleekr/nodejs-vuejs-mysql-boilerplate:backend-latest