Clean up
This commit is contained in:
parent
3f60b72c3b
commit
b414c05400
18 changed files with 905 additions and 985 deletions
78
.forgejo/workflows/docker-publish.yml
Normal file
78
.forgejo/workflows/docker-publish.yml
Normal file
|
|
@ -0,0 +1,78 @@
|
|||
name: Build and Publish Docker Image
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
tags: ["v*"]
|
||||
pull_request:
|
||||
branches: [main]
|
||||
|
||||
env:
|
||||
REGISTRY: ${{ forgejo.server_url }}
|
||||
IMAGE_NAME: ${{ forgejo.repository }}
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: docker
|
||||
container:
|
||||
image: rust:1.88
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: https://code.forgejo.org/actions/checkout@v4
|
||||
|
||||
- name: Install components
|
||||
run: rustup component add rustfmt clippy
|
||||
|
||||
- name: Cache cargo registry
|
||||
uses: https://code.forgejo.org/actions/cache@v4
|
||||
with:
|
||||
path: |
|
||||
~/.cargo/registry
|
||||
~/.cargo/git
|
||||
target
|
||||
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
|
||||
|
||||
- name: Run tests
|
||||
run: cargo test --verbose
|
||||
|
||||
- name: Run clippy
|
||||
run: cargo clippy -- -D warnings
|
||||
|
||||
- name: Check formatting
|
||||
run: cargo fmt -- --check
|
||||
|
||||
build-and-push:
|
||||
needs: test
|
||||
runs-on: docker
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: https://code.forgejo.org/actions/checkout@v4
|
||||
|
||||
- name: Build and publish image
|
||||
uses: http://forgejo:3000/andras/ci-actions/docker-publish@main
|
||||
with:
|
||||
context: .
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
token: ${{ secrets.FORGEJO_TOKEN }}
|
||||
|
||||
security-scan:
|
||||
needs: build-and-push
|
||||
runs-on: docker
|
||||
if: github.event_name != 'pull_request'
|
||||
steps:
|
||||
- name: Resolve registry host
|
||||
id: registry
|
||||
run: |
|
||||
host="$(echo '${{ github.server_url }}' | sed -E 's|https?://||; s|/$||')"
|
||||
[ "$host" = "forgejo:3000" ] && host="127.0.0.1:13000"
|
||||
echo "image=${host}/$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Run Trivy vulnerability scanner
|
||||
# Pinned to the commit behind trivy-action v0.36.0 for a reproducible,
|
||||
# supply-chain-safe reference instead of the moving @master branch.
|
||||
uses: https://github.com/aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25
|
||||
with:
|
||||
image-ref: ${{ steps.registry.outputs.image }}:latest
|
||||
format: "table"
|
||||
exit-code: "1"
|
||||
severity: "CRITICAL,HIGH"
|
||||
Loading…
Add table
Add a link
Reference in a new issue