Change build.yaml #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD | |
| on: push | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the repository | |
| uses: actions/checkout@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push the Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| tags: | | |
| tomacgg/devops-security-app:latest | |
| scan: | |
| name: Scan | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Docker Scout CVEs | |
| uses: docker/[email protected] | |
| with: | |
| command: cves | |
| image: tomacgg/devops-security-app:latest | |
| # only-fixed: true | |
| only-severities: critical,high | |
| ignore-base: false | |
| ignore-unchanged: false | |
| write-comment: true | |
| github-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} | |
| exit-code: false | |
| exit-on: vulnerability | |
| test: | |
| name: Test | |
| needs: [ scan ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the repository | |
| uses: actions/checkout@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: test | |
| run: | | |
| docker run -d -p 80:5000 tomacgg/devops-security-app:latest | |
| sleep 10s | |
| curl http://localhost | |
| docker ps -aq | xargs docker stop | xargs docker rm | |
| deploy: | |
| name: Deploy | |
| needs: [ test ] | |
| runs-on: self-hosted | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@v4 | |
| - run: | | |
| sudo kubectl delete deployment --all | |
| sudo kubectl apply -f ${{ github.workspace }}/kubernetes/deployment.yaml --force | |
| sudo kubectl apply -f ${{ github.workspace }}/kubernetes/nginx-service.yaml --force |