.github/workflows/ci.yml

# Qserv operator CI workflow
---
name: "CI"
on:
  push:
  pull_request:
    branches:
      - main
jobs:
  build:
    name: Build image
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: Declare Variables
        id: vars
        shell: bash
        run: |
          DIR="$PWD"
          . ./conf.sh
          echo "IMAGE=${IMAGE}" >> $GITHUB_ENV
          echo "IMAGE=${IMAGE}"
      - name: Download and install Spark binaries
        run: |
          ./prereq-install.sh
      - name: Build spark-py image for k8s
        run: |
          ./build.sh
      - name: Export image
        run: |
          docker images
          echo "${{ env.IMAGE }}"
          mkdir -p artifacts
          docker save "${{ env.IMAGE }}" > artifacts/image.tar
          echo "${{ env.IMAGE }}" > artifacts/image-tag
      - uses: actions/upload-artifact@v2
        with:
          name: docker-artifact
          path: artifacts
  image-analysis:
    name: Analyze image
    runs-on: ubuntu-22.04
    permissions:
      security-events: write
    needs: build
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Download image
        uses: actions/download-artifact@v3
        with:
          name: docker-artifact
          path: artifacts
      - name: Load image in local registry
        run: |
          docker load --input artifacts/image.tar
          echo "IMAGE=$(cat artifacts/artifacts/image-tag)" >> $GITHUB_ENV
      - name: Scan Fink image
        uses: anchore/scan-action@v3
        id: scan
        with:
          image: "${{ env.IMAGE }}"
          fail-build: false
      - name: Display SARIF report
        run: |
          cat ${{ steps.scan.outputs.sarif }}
      - name: upload Anchore scan SARIF report
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: ${{ steps.scan.outputs.sarif }}
  push:
    name: Push image to registry
    runs-on: ubuntu-22.04
    needs: build
    steps:
      - name: Download image
        uses: actions/download-artifact@v3
        with:
          name: docker-artifact
          path: artifacts
      - name: Load image in local registry
        run: |
          docker load --input artifacts/image.tar
          echo "IMAGE=$(cat artifacts/image-tag)" >> $GITHUB_ENV
      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          registry: gitlab-registry.in2p3.fr
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_TOKEN }}
      - name: Push image to container registry
        run: |
          docker push ${{ env.IMAGE }}