-
Notifications
You must be signed in to change notification settings - Fork 1
126 lines (109 loc) · 4.15 KB
/
dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
name: Deploy to Development
on:
push:
tags:
- '*'
paths-ignore:
- 'README.md'
env:
COMPOSER_MEMORY_LIMIT: -1
CONTAINER_IMAGE_NAME: mfin-data-catalogue
CONTAINER_REGISTRY: ${{ secrets.CONTAINER_REGISTRY }}
CONTAINER_REGISTRY_USERNAME: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
CONTAINER_REGISTRY_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }}
jobs:
build:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@master
- name: Export github reference var
run: echo "GITHUB_REFERENCE=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_ENV
- name: Update Data Catalogue version
uses: mikefarah/[email protected]
with:
cmd: |
yq eval '.version = strenv(GITHUB_REFERENCE)' -i html/modules/custom/bc_dc/bc_dc.info.yml
- name: Build out the Drupal infrastructure
run: |
export DB_TYPE=mysql
export DB_PORT=3306
git clone --branch 10.2.x-php8.2 https://github.com/drupalwxt/docker-scaffold.git docker
make build
docker compose -f docker-compose.ci.yml up -d
docker ps -a
sleep 10
- name: Run installation
run: |
export DB_TYPE=mysql
export DB_PORT=3306
make drupal_install
- name: Run tests
run: |
export DB_TYPE=mysql
export DB_PORT=3306
./docker/bin/phpcs --standard=/var/www/html/core/phpcs.xml \
--extensions=php,module,inc,install,test,profile,theme \
--report=full \
--colors \
/var/www/html/modules/contrib/bcbb \
/var/www/html/modules/custom/bc_dc \
/var/www/html/themes/contrib/bcbb_theme \
/var/www/html/themes/custom/dc_theme
- name: Scan PHP-FPM image for vulnerabilities
uses: aquasecurity/[email protected]
with:
image-ref: 'mfin-data-catalogue-web:latest'
format: 'table'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Scan Nginx image for vulnerabilities
uses: aquasecurity/[email protected]
with:
image-ref: 'mfin-data-catalogue-nginx:latest'
format: 'table'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Login to Container Registry 🐸
uses: docker/login-action@v2
with:
registry: ${{ env.CONTAINER_REGISTRY }}
username: ${{ env.CONTAINER_REGISTRY_USERNAME }}
password: ${{ env.CONTAINER_REGISTRY_PASSWORD }}
- name: Build and push PHP-FPM 🐳
run: |
docker tag mfin-data-catalogue-web:latest ${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}:${{ env.GITHUB_REFERENCE }}
docker push ${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}:${{ env.GITHUB_REFERENCE }}
- name: Build and push Nginx 🐳
run: |
docker tag mfin-data-catalogue-nginx:latest ${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}-nginx:${{ env.GITHUB_REFERENCE }}
docker push ${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}-nginx:${{ env.GITHUB_REFERENCE }}
- name: Checkout Tenant GitOps Repo
uses: actions/checkout@v4
with:
repository: bcgov-c/tenant-gitops-ea352d
path: tenant-gitops
ssh-key: ${{ secrets.SSH_KEY }}
persist-credentials: true
- name: Update Argo CD
uses: mikefarah/[email protected]
with:
cmd: |
yq -i '.drupal.tag = strenv(GITHUB_REFERENCE) |
.nginx.tag = strenv(GITHUB_REFERENCE) ' tenant-gitops/helm-drupal/charts/drupal/values-mfin-data-catalogue-dev.yaml
- name: Commit files
run: |
cd tenant-gitops
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git commit -a -m "feat(helm): Update container images to ${{ env.GITHUB_REFERENCE }}"
- name: Push changes
uses: ad-m/github-push-action@master
with:
ssh: true
branch: main
directory: tenant-gitops
repository: bcgov-c/tenant-gitops-ea352d