docker-php-nginx/.github/workflows/deploy.yaml

59 lines
1.6 KiB
YAML
Raw Permalink Normal View History

2021-07-25 13:43:59 +08:00
name: Test & build Docker image
on:
push:
branches: [ master ]
pull_request:
env:
IMAGE_NAME: trafex/php-nginx
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Build image
run: |-
docker build -t $IMAGE_NAME .
docker tag $IMAGE_NAME:latest $IMAGE_NAME:${{ github.sha }}
- name: Smoke test image
run: |-
docker-compose -f docker-compose.test.yml up -d app
sleep 2
docker-compose -f docker-compose.test.yml run sut
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.IMAGE_NAME }}:${{ github.sha }}'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results.sarif'
- name: Login to Docker Hub
if: github.ref == 'refs/heads/master' && github.event_name == 'push'
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push latest image
if: github.ref == 'refs/heads/master' && github.event_name == 'push'
run: |-
docker push $IMAGE_NAME:latest
- name: Push tagged image
if: contains(github.ref, 'refs/tags/v')
run: |-
docker push $IMAGE_NAME:$GITHUB_TAG