-
Notifications
You must be signed in to change notification settings - Fork 0
68 lines (53 loc) · 2.18 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
name: CI
on:
push:
branches: [ main ]
jobs:
buid:
name: GitOps Workflow
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Build an image from Dockerfile
run: |-
pwd
DOCKER_BUILDKIT=1 docker image build . -f app/Dockerfile --tag ${{ secrets.DH_USERNAME }}/gitops-go-app:${{ github.run_number }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ secrets.DH_USERNAME }}/gitops-go-app:${{ github.run_number }}'
format: 'table'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH'
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DH_USERNAME }}
password: ${{ secrets.DH_TOKEN }}
- name: Push Image to Docker Hub
run: |-
docker image push ${{ secrets.DH_USERNAME }}/gitops-go-app:${{ github.run_number }}
- name: Update values.yaml & Pull Request to Config Repository
env:
GIT_SSH_COMMAND: ssh -i ./secret -o StrictHostKeyChecking=no -F /dev/null
run: |-
git clone git@github.com:TOnodera/config-for-helm-sample.git
cd config-for-helm-sample/gitops-helm
# update values.yaml in new branch
git config --global user.email "${{ secrets.EMAIL }}"
git config --global user.name "${{ secrets.GH_USERNAME }}"
git branch feature/${{ github.run_number }}
git checkout feature/${{ github.run_number }}
sed -i 's/tag: [0-9]*/tag: ${{ github.run_number }}/g' values.yaml
# git push
git add values.yaml
git commit -m "Update tag ${{ github.run_number }}"
echo "${{ secrets.GH_SECRET_KEY }}" > secret
chmod 600 secret
git push origin feature/${{ github.run_number }}
# create pull request
echo ${{ secrets.PERSONAL_ACCESS_TOKEN }} > token.txt
gh auth login --with-token < token.txt
gh pr create --title 'Update Tag ${{ github.run_number }}' --body "Please Merge!!"