stephen/harbor-ci-cd-demo
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Debug smaller section
Some checks failed
CI/CD Pipeline - Build, Test, and Deploy / 🏗️ Build & Push Image (push) Has been cancelled
Details
CI/CD Pipeline - Build, Test, and Deploy / 🧹 Cleanup (push) Has been cancelled
Details

Browse Source
This commit is contained in:
stephenminakian
2025-07-03 08:47:00 -06:00
parent 5bdd6b2d29
commit 95e6532ada
1 changed files with 132 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

260
.gitea/workflows/ci-cd.yml
View File

@ -14,64 +14,64 @@ env:
jobs:
# Job 1: Lint and Test
test:
name: 🧪 Test & Lint
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
# test:
# name: 🧪 Test & Lint
# runs-on: ubuntu-latest
# steps:
# - name: Checkout code
# uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
# - name: Setup Node.js
# uses: actions/setup-node@v4
# with:
# node-version: ${{ env.NODE_VERSION }}
# cache: 'npm'
- name: Install dependencies
run: npm ci
# - name: Install dependencies
# run: npm ci
- name: Run linting
run: npm run lint
# - name: Run linting
# run: npm run lint
- name: Run tests
run: npm run test:coverage
# - name: Run tests
# run: npm run test:coverage
- name: Upload test results
uses: actions/upload-artifact@v3
if: always()
with:
name: test-results
path: |
coverage/
test-results.xml
# - name: Upload test results
# uses: actions/upload-artifact@v3
# if: always()
# with:
# name: test-results
# path: |
# coverage/
# test-results.xml
# Job 2: Security Scan
security:
name: 🔒 Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
# # Job 2: Security Scan
# security:
# name: 🔒 Security Scan
# runs-on: ubuntu-latest
# steps:
# - name: Checkout code
# uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
# - name: Setup Node.js
# uses: actions/setup-node@v4
# with:
# node-version: ${{ env.NODE_VERSION }}
# cache: 'npm'
- name: Install dependencies
run: npm ci
# - name: Install dependencies
# run: npm ci
- name: Run security audit
run: npm audit --audit-level=high
# - name: Run security audit
# run: npm audit --audit-level=high
- name: Check for vulnerabilities
run: |
if npm audit --audit-level=moderate --json | jq '.vulnerabilities | length' | grep -v '^0$'; then
echo "Vulnerabilities found!"
npm audit --audit-level=moderate
exit 1
fi
# - name: Check for vulnerabilities
# run: |
# if npm audit --audit-level=moderate --json | jq '.vulnerabilities | length' | grep -v '^0$'; then
# echo "Vulnerabilities found!"
# npm audit --audit-level=moderate
# exit 1
# fi
# Job 3: Build and Push Docker Image
build:
@ -124,8 +124,12 @@ jobs:
run: |
# Install syft
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
# Login to registry (if needed)
echo "${{ secrets.HARBOR_TOKEN }}"
echo "${{ env.REGISTRY }}"
echo "${{ secrets.HARBOR_USERNAME }}"
echo "${{ env.IMAGE_NAME }}"
# Login to registry - use the REGISTRY variable for the URL
echo "${{ secrets.HARBOR_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ secrets.HARBOR_USERNAME }} --password-stdin
# Generate SBOM using latest tag
@ -146,93 +150,93 @@ jobs:
path: sbom.spdx.json
# Job 4: Image Security Scan
scan:
name: 🛡️ Image Security Scan
runs-on: ubuntu-latest
needs: build
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
steps:
- name: Login to Harbor Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.HARBOR_USERNAME }}
password: ${{ secrets.HARBOR_TOKEN }}
# scan:
# name: 🛡️ Image Security Scan
# runs-on: ubuntu-latest
# needs: build
# if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
# steps:
# - name: Login to Harbor Registry
# uses: docker/login-action@v3
# with:
# registry: ${{ env.REGISTRY }}
# username: ${{ secrets.HARBOR_USERNAME }}
# password: ${{ secrets.HARBOR_TOKEN }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
format: 'sarif'
output: 'trivy-results.sarif'
# - name: Run Trivy vulnerability scanner
# uses: aquasecurity/trivy-action@master
# with:
# image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
# format: 'sarif'
# output: 'trivy-results.sarif'
- name: Upload Trivy scan results
uses: actions/upload-artifact@v3
with:
name: trivy-scan-results
path: trivy-results.sarif
# - name: Upload Trivy scan results
# uses: actions/upload-artifact@v3
# with:
# name: trivy-scan-results
# path: trivy-results.sarif
- name: Check for HIGH/CRITICAL vulnerabilities
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
format: 'json'
output: 'trivy-results.json'
exit-code: '1'
severity: 'HIGH,CRITICAL'
# - name: Check for HIGH/CRITICAL vulnerabilities
# uses: aquasecurity/trivy-action@master
# with:
# image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
# format: 'json'
# output: 'trivy-results.json'
# exit-code: '1'
# severity: 'HIGH,CRITICAL'
# Job 5: Deploy to Development
deploy-dev:
name: 🚀 Deploy to Development
runs-on: ubuntu-latest
needs: [build, scan]
if: github.ref == 'refs/heads/develop'
environment: development
steps:
- name: Deploy to development environment
run: |
echo "🚀 Deploying to development environment"
echo "Image: ${{ needs.build.outputs.image-tag }}"
echo "Digest: ${{ needs.build.outputs.image-digest }}"
# Add actual deployment commands here
# For example: kubectl, docker-compose, or API calls
# # Job 5: Deploy to Development
# deploy-dev:
# name: 🚀 Deploy to Development
# runs-on: ubuntu-latest
# needs: [build, scan]
# if: github.ref == 'refs/heads/develop'
# environment: development
# steps:
# - name: Deploy to development environment
# run: |
# echo "🚀 Deploying to development environment"
# echo "Image: ${{ needs.build.outputs.image-tag }}"
# echo "Digest: ${{ needs.build.outputs.image-digest }}"
# # Add actual deployment commands here
# # For example: kubectl, docker-compose, or API calls
# Job 6: Deploy to Production
deploy-prod:
name: 🏭 Deploy to Production
runs-on: ubuntu-latest
needs: [build, scan]
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
environment: production
steps:
- name: Checkout code
uses: actions/checkout@v4
# # Job 6: Deploy to Production
# deploy-prod:
# name: 🏭 Deploy to Production
# runs-on: ubuntu-latest
# needs: [build, scan]
# if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
# environment: production
# steps:
# - name: Checkout code
# uses: actions/checkout@v4
- name: Deploy to production
run: |
echo "🏭 Deploying to production environment"
echo "Image: ${{ needs.build.outputs.image-tag }}"
echo "Digest: ${{ needs.build.outputs.image-digest }}"
# - name: Deploy to production
# run: |
# echo "🏭 Deploying to production environment"
# echo "Image: ${{ needs.build.outputs.image-tag }}"
# echo "Digest: ${{ needs.build.outputs.image-digest }}"
# Example deployment script
# In a real scenario, you might:
# 1. SSH to your server
# 2. Pull the new image
# 3. Update docker-compose.yml
# 4. Restart the service
# 5. Run health checks
# # Example deployment script
# # In a real scenario, you might:
# # 1. SSH to your server
# # 2. Pull the new image
# # 3. Update docker-compose.yml
# # 4. Restart the service
# # 5. Run health checks
- name: Health check after deployment
run: |
echo "🔍 Running post-deployment health checks"
# Add health check commands here
# curl -f http://your-app-url/health || exit 1
# - name: Health check after deployment
# run: |
# echo "🔍 Running post-deployment health checks"
# # Add health check commands here
# # curl -f http://your-app-url/health || exit 1
- name: Notify deployment success
run: |
echo "✅ Deployment completed successfully!"
echo "🌐 Application URL: https://your-domain.com"
echo "📊 Monitoring: https://your-domain.com/health/detailed"
# - name: Notify deployment success
# run: |
# echo "✅ Deployment completed successfully!"
# echo "🌐 Application URL: https://your-domain.com"
# echo "📊 Monitoring: https://your-domain.com/health/detailed"
# Job 7: Cleanup
cleanup: