setup github ci, fixes and improvements #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker CI | |
| on: | |
| push: | |
| branches: [main, develop] | |
| paths: | |
| - 'cmd/**' | |
| - 'internal/**' | |
| - 'pkg/**' | |
| - 'go.mod' | |
| - 'go.sum' | |
| - 'Dockerfile' | |
| - '.github/workflows/docker-ci.yml' | |
| pull_request: | |
| branches: [main, develop] | |
| paths: | |
| - 'cmd/**' | |
| - 'internal/**' | |
| - 'pkg/**' | |
| - 'go.mod' | |
| - 'go.sum' | |
| - 'Dockerfile' | |
| - '.github/workflows/docker-ci.yml' | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| docker-build-test: | |
| name: Docker Build & Test | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE_NAME }} | |
| tags: type=raw,value=test | |
| - name: Lint Dockerfile | |
| uses: hadolint/[email protected] | |
| with: | |
| dockerfile: Dockerfile | |
| failure-threshold: warning | |
| - name: Build Docker image (amd64) | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: linux/amd64 | |
| load: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Test container | |
| run: | | |
| # Test container can start | |
| docker run --rm ${{ env.IMAGE_NAME }}:test --version || true | |
| # Inspect image | |
| docker images ${{ env.IMAGE_NAME }}:test --format "Size: {{.Size}}" | |
| docker inspect ${{ env.IMAGE_NAME }}:test --format '{{.Config.User}}' | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: ${{ env.IMAGE_NAME }}:test | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| - name: Upload Trivy results | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| multi-arch-test: | |
| name: Test ${{ matrix.platform }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: | |
| - linux/arm64 | |
| - linux/arm/v7 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build ${{ matrix.platform }} | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: ${{ matrix.platform }} | |
| cache-from: type=gha,scope=build-${{ matrix.platform }} | |
| cache-to: type=gha,mode=max,scope=build-${{ matrix.platform }} |