Skip to content
This repository has been archived by the owner on Aug 16, 2024. It is now read-only.
Test, lint and build vol-api Image

Test, lint and build vol-api Image #2

Sign in to view logs

Test, lint and build vol-api Image

Test, lint and build vol-api Image #2

Workflow file for this run

.github/workflows/vol-api-build-pr-main-ci.yml at 7f1b589
name: Test, lint and build vol-api Image
run-name: Test, lint and build vol-api Image
on:
push:
branches:
- AWSRESET1-313
jobs:
# security:
# uses: dvsa/.github/.github/workflows/[email protected]
# secrets:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# with:
# severity-threshold: high
# static-analysis:
# uses: dvsa/.github/.github/workflows/php-static.yml@main
# with:
# php-version: '7.4'
# tests:
# uses: dvsa/.github/.github/workflows/php-tests.yml@main
# with:
# php-versions: "[\"7.4\"]"
# fail-fast: false
vol-api-image-build:
runs-on: ubuntu-latest
env:
AWS_REGION : ${{ vars.DVSA_AWS_REGION }}
AWS_ACCOUNT_ID_VOL_NP_TOOLING: ${{ secrets.VOL_AWS_ACCOUNT_TOOLING_NONPROD }}
REPO_NAME: ${{vars.AWS_ECR_NP_VOLTOOLING_REPONAME}}
AWS_ACCOUNT_ID_SHAREDCOREECR: ${{secrets.DVSA_AWS_SHAREDCOREECR_ID}}
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
steps:
- uses: actions/checkout@v3
- name: Get branch name
id: branch
run: echo "::set-output name=branch::$(git rev-parse --abbrev-ref HEAD)"
##create s3 bucket in vol-non-prod tooling and vol-prod tooling to get the composer
- name: Download the compose file
run: |
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php --install-dir=/usr/local/bin --filename=composer
php -r "unlink('composer-setup.php');"
- name: install composer dependency
run: |
composer install --optimize-autoloader --no-interaction --no-dev
- name: Build application
run: |
date > config/version
git describe --all >> config/version
tar cvzf backend.tar.gz --exclude=config/autoload/local.php --exclude=config/autoload/local.php.dist composer.lock init_autoloader.php config module public data/autoload data/cache vendor
#upload the tar as artifact on github workflow
- name: Lint check on dockerfile
run: docker run --rm --privileged -v `pwd`:/root/ projectatomic/dockerfile-lint dockerfile_lint -f dockerfile
continue-on-error: true #only for testing
# - uses: hadolint/[email protected]
# with:
# dockerfile: dockerfile
# failure-threshold: error
- name: Set IMAGE_TAG
run: |
IMAGE_SHA=$(git rev-parse --short HEAD)
echo "IMAGE_TAG=vol-api-$IMAGE_SHA" >> $GITHUB_ENV
- name: setup Notation CLI
uses: notaryproject/notation-action/setup@v1
with:
version: "1.0.0"
- name: configure aws credentials on shared core ecr
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.DVSA_AWS_ROLE_SHAREDCORECR }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ vars.DVSA_AWS_REGION }}
- name: Login to Shared Core ECR
id: login-ecr-sharedcoreecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build the Docker image
run: |
docker build -t $AWS_ACCOUNT_ID_VOL_NP_TOOLING.dkr.ecr.$AWS_REGION.amazonaws.com/$REPO_NAME:$IMAGE_TAG --build-arg DVSA_AWS_SHAREDCOREECR_ID=${{secrets.DVSA_AWS_SHAREDCOREECR_ID}} -f dockerfile .
- name: configure aws credentials on Non Production account
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ env.AWS_REGION }}
- name: Login to Shared Core ECR
id: login-ecr-vol-tooling-non-prod
uses: aws-actions/amazon-ecr-login@v1
- name: Snyk scan api image
id: scan-api-image
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: ${{ secrets.ECR_BASE_URL }}:$IMAGE_TAG
args: --file=dockerfile
continue-on-error: true