78 lines
2.2 KiB
YAML
78 lines
2.2 KiB
YAML
name: Build and Publish Docker Image
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
tags: ["v*"]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
env:
|
|
REGISTRY: ${{ forgejo.server_url }}
|
|
IMAGE_NAME: ${{ forgejo.repository }}
|
|
|
|
jobs:
|
|
test:
|
|
runs-on: docker
|
|
container:
|
|
image: rust:1.88
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: https://code.forgejo.org/actions/checkout@v4
|
|
|
|
- name: Install components
|
|
run: rustup component add rustfmt clippy
|
|
|
|
- name: Cache cargo registry
|
|
uses: https://code.forgejo.org/actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cargo/registry
|
|
~/.cargo/git
|
|
target
|
|
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
|
|
|
|
- name: Run tests
|
|
run: cargo test --verbose
|
|
|
|
- name: Run clippy
|
|
run: cargo clippy -- -D warnings
|
|
|
|
- name: Check formatting
|
|
run: cargo fmt -- --check
|
|
|
|
build-and-push:
|
|
needs: test
|
|
runs-on: docker
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: https://code.forgejo.org/actions/checkout@v4
|
|
|
|
- name: Build and publish image
|
|
uses: http://forgejo:3000/andras/ci-actions/docker-publish@main
|
|
with:
|
|
context: .
|
|
push: ${{ github.event_name != 'pull_request' }}
|
|
token: ${{ secrets.FORGEJO_TOKEN }}
|
|
|
|
security-scan:
|
|
needs: build-and-push
|
|
runs-on: docker
|
|
if: github.event_name != 'pull_request'
|
|
steps:
|
|
- name: Resolve registry host
|
|
id: registry
|
|
run: |
|
|
host="$(echo '${{ github.server_url }}' | sed -E 's|https?://||; s|/$||')"
|
|
[ "$host" = "forgejo:3000" ] && host="127.0.0.1:13000"
|
|
echo "image=${host}/$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Run Trivy vulnerability scanner
|
|
# Pinned to the commit behind trivy-action v0.36.0 for a reproducible,
|
|
# supply-chain-safe reference instead of the moving @master branch.
|
|
uses: https://github.com/aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25
|
|
with:
|
|
image-ref: ${{ steps.registry.outputs.image }}:latest
|
|
format: "table"
|
|
exit-code: "1"
|
|
severity: "CRITICAL,HIGH"
|