Merge pull request 'ci: migrate to 4-job pipeline with SHA-pinned actions' (#3) from feat/gitea-actions-v2 into master
Reviewed-on: #3
This commit was merged in pull request #3.
This commit is contained in:
@@ -2,45 +2,69 @@ name: Docker Build and Push
|
|||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
pull_request:
|
||||||
branches: [master]
|
|
||||||
push:
|
push:
|
||||||
branches: [master]
|
|
||||||
schedule:
|
schedule:
|
||||||
- cron: '0 0 * * *'
|
- cron: '30 3 * * 3'
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
lint:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v6
|
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10
|
||||||
|
- name: Hadolint
|
||||||
|
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf
|
||||||
|
|
||||||
- name: Set up Docker Buildx
|
build:
|
||||||
uses: docker/setup-buildx-action@v4
|
runs-on: ubuntu-latest
|
||||||
|
needs: lint
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10
|
||||||
|
- name: Build image
|
||||||
|
run: docker build -t ci-image:${{ github.sha }} .
|
||||||
|
- name: Save image
|
||||||
|
run: docker save ci-image:${{ github.sha }} > image.tar
|
||||||
|
- name: Upload artifact
|
||||||
|
uses: ChristopherHX/gitea-upload-artifact@62ac910c5d3dfa85c7cb2df15afe2e342b2407c2
|
||||||
|
with:
|
||||||
|
name: docker-image
|
||||||
|
path: image.tar
|
||||||
|
|
||||||
- name: Login to Docker Hub
|
test:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
needs: build
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10
|
||||||
|
- name: Download artifact
|
||||||
|
uses: ChristopherHX/gitea-download-artifact@75635f32b4c1c41c4b3d64e8f85210112ed4c9c7
|
||||||
|
with:
|
||||||
|
name: docker-image
|
||||||
|
- name: Load image
|
||||||
|
run: docker load < image.tar
|
||||||
|
- name: Run tests
|
||||||
|
run: bash tests/test.sh ci-image:${{ github.sha }}
|
||||||
|
|
||||||
|
push:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
if: github.event_name != 'pull_request'
|
if: github.event_name != 'pull_request'
|
||||||
uses: docker/login-action@v4
|
needs: test
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10
|
||||||
|
- name: Download artifact
|
||||||
|
uses: ChristopherHX/gitea-download-artifact@75635f32b4c1c41c4b3d64e8f85210112ed4c9c7
|
||||||
|
with:
|
||||||
|
name: docker-image
|
||||||
|
- name: Load image
|
||||||
|
run: docker load < image.tar
|
||||||
|
- name: Login to Docker Hub
|
||||||
|
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee
|
||||||
with:
|
with:
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
- name: Tag and push
|
||||||
- name: Docker metadata
|
run: |
|
||||||
id: meta
|
docker tag ci-image:${{ github.sha }} jcabillot/htpasswd:latest
|
||||||
uses: docker/metadata-action@v6
|
docker push jcabillot/htpasswd:latest
|
||||||
with:
|
|
||||||
images: jcabillot/htpasswd
|
|
||||||
tags: |
|
|
||||||
#type=ref,event=branch
|
|
||||||
#type=ref,event=pr
|
|
||||||
#type=sha
|
|
||||||
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
|
|
||||||
|
|
||||||
- name: Build and push
|
|
||||||
uses: docker/build-push-action@v7
|
|
||||||
with:
|
|
||||||
context: .
|
|
||||||
push: ${{ github.event_name != 'pull_request' }}
|
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
|
||||||
pull: true
|
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
FROM alpine:3.23
|
FROM alpine:3.23
|
||||||
LABEL maintainer="Cabillot Julien <dockerimages@cabillot.eu>"
|
LABEL maintainer="Cabillot Julien <dockerimages@cabillot.eu>"
|
||||||
|
|
||||||
|
# hadolint ignore=DL3018
|
||||||
RUN apk add --no-cache apache2-utils
|
RUN apk add --no-cache apache2-utils
|
||||||
|
|
||||||
USER "nobody"
|
USER "nobody"
|
||||||
|
|||||||
@@ -0,0 +1,30 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
IMAGE="$1"
|
||||||
|
FAILED=0
|
||||||
|
PASSED=0
|
||||||
|
|
||||||
|
assert_contains() {
|
||||||
|
local desc="$1" pattern="$2" file="$3"
|
||||||
|
if grep -qEi "$pattern" "$file"; then
|
||||||
|
echo "PASS: $desc"
|
||||||
|
PASSED=$((PASSED + 1))
|
||||||
|
else
|
||||||
|
echo "FAIL: $desc"
|
||||||
|
FAILED=$((FAILED + 1))
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
TMPDIR="$(mktemp -d)"
|
||||||
|
trap 'rm -rf "$TMPDIR"' EXIT
|
||||||
|
|
||||||
|
# Test 1: Container runs without error
|
||||||
|
docker run --rm "$IMAGE" -nb user pass > "$TMPDIR/output" 2>&1 || true
|
||||||
|
assert_contains "Command produces output" "apr1|sha" "$TMPDIR/output"
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "$PASSED/$((PASSED + FAILED)) tests passed"
|
||||||
|
if [ "$FAILED" -gt 0 ]; then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
Reference in New Issue
Block a user