👷 [maykinmedia/objects-api#463] Add trivy image scan #653
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run CI | |
| # Run this workflow every time a new commit pushed to your repository | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - '*' | |
| pull_request: | |
| workflow_dispatch: | |
| env: | |
| IMAGE_NAME: openzaak/open-notificaties | |
| DJANGO_SETTINGS_MODULE: nrc.conf.ci | |
| DB_PASSWORD: '' | |
| DB_USER: postgres | |
| ALLOWED_HOSTS: openzaak.nl | |
| jobs: | |
| tests: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| postgres: ['12', '13', '14', '15', '16'] | |
| name: Tests (PG ${{ matrix.postgres }}) | |
| services: | |
| postgres: | |
| image: postgres:${{ matrix.postgres }} | |
| env: | |
| POSTGRES_HOST_AUTH_METHOD: trust | |
| ports: | |
| - 5432:5432 | |
| # needed because the postgres container does not provide a healthcheck | |
| options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '16' | |
| - name: Start CI docker compose | |
| run: docker compose --file docker-compose.ssl.yml up --detach mock | |
| - name: Install dependencies | |
| run: pip install -r requirements/ci.txt | |
| - name: Build frontend | |
| run: | | |
| npm ci --legacy-peer-deps | |
| npm run build --production | |
| - name: Run tests | |
| run: | | |
| python src/manage.py collectstatic --noinput --link | |
| coverage run src/manage.py test src | |
| - name: Publish coverage report | |
| uses: codecov/codecov-action@v4 | |
| check-envvar-docs: | |
| runs-on: ubuntu-latest | |
| name: Documentation build | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up backend environment | |
| uses: maykinmedia/setup-django-backend@v1.3 | |
| with: | |
| python-version: '3.11' | |
| setup-node: false | |
| - name: Generate environment variable documentation using OAf and check if it was updated | |
| run: | | |
| bin/generate_envvar_docs.sh | |
| changes=$(git diff docs/installation/configuration/env_config.rst) | |
| if [ ! -z "$changes" ]; then | |
| echo $changes | |
| echo "Please update the environment documentation by running \`bin/generate_envvar_docs.sh\`" | |
| exit 1 | |
| fi | |
| env: | |
| DJANGO_SETTINGS_MODULE: nrc.conf.ci | |
| store-reusable-workflow-vars: | |
| name: create values which can be passed through a reusable workflow | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image-name: ${{ steps.image-name.outputs.image-name }} | |
| steps: | |
| - run: echo "image-name=$IMAGE_NAME" >> $GITHUB_OUTPUT | |
| name: 'Store the docker image name' | |
| id: image-name | |
| open-api-ci: | |
| uses: maykinmedia/open-api-workflows/.github/workflows/ci.yml@feature/add-trivy-image-scan | |
| needs: | |
| - store-reusable-workflow-vars | |
| with: | |
| main-branch: 'main' | |
| python-version: '3.11' | |
| docker-image-name: ${{ needs.store-reusable-workflow-vars.outputs.image-name }} | |
| run-docs: true | |
| open-api-publish: | |
| uses: maykinmedia/open-api-workflows/.github/workflows/publish.yml@v1 | |
| needs: | |
| - store-reusable-workflow-vars | |
| - open-api-ci | |
| - tests | |
| with: | |
| docker-image-name: ${{ needs.store-reusable-workflow-vars.outputs.image-name }} | |
| repository-owner: 'open-zaak' | |
| secrets: | |
| docker-username: ${{ secrets.DOCKER_USERNAME }} | |
| docker-token: ${{ secrets.DOCKER_TOKEN }} |