@@ -10,32 +10,12 @@ on: # yamllint disable-line rule:truthy
1010
1111env :
1212 IMAGE_NAME : algorithm-exercises-js
13+ ARTIFACT_NAME : algorithm-exercises-js_${{ github.sha }}
1314
1415jobs :
15- security :
16- name : " Snyk Container"
17- runs-on : ubuntu-latest
18- steps :
19- - uses : actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
20-
21- - name : Run Snyk to check Docker image for vulnerabilities
22- # Snyk can be used to break the build when it detects vulnerabilities.
23- # In this case we want to upload the issues to GitHub Code Scanning
24- continue-on-error : true
25- uses : snyk/actions/docker@master
26- env :
27- # yamllint disable rule:line-length
28- # In order to use the Snyk Action you will need to have a Snyk API token.
29- # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
30- # or you can sign up for free at https://snyk.io/login
31- # yamllint enable rule:line-length
32- SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
33- with :
34- image : ${{ env.IMAGE_NAME }}:${{ github.sha }}
35- args : --file=Dockerfile
3616
3717 build :
38- name : " Build & Test in Docker"
18+ name : " Build Docker images "
3919 runs-on : ubuntu-latest
4020 steps :
4121 - uses : actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
@@ -60,45 +40,45 @@ jobs:
6040 context : .
6141 target : lint
6242 outputs : |
63- type=docker,dest=/tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_lint.tar
43+ type=docker,dest=/tmp/${{ env.ARTIFACT_NAME }}_lint.tar
6444tags : |
6545 ${{ env.IMAGE_NAME }}:lint
6646name : " LINT: Upload artifact"
6747 uses : actions/upload-artifact@v4
6848 with :
69- name : ${{ env.IMAGE_NAME }}_${{ github.sha }}_lint
70- path : /tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_lint.tar
49+ name : ${{ env.ARTIFACT_NAME }}_lint
50+ path : /tmp/${{ env.ARTIFACT_NAME }}_lint.tar
7151
7252 - name : " TEST: Build and push"
7353 uses : docker/build-push-action@v6
7454 with :
7555 context : .
7656 target : testing
7757 outputs : |
78- type=docker,dest=/tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_test.tar
58+ type=docker,dest=/tmp/${{ env.ARTIFACT_NAME }}_test.tar
7959tags : |
8060 ${{ env.IMAGE_NAME }}:test
8161name : " TEST: Upload artifact"
8262 uses : actions/upload-artifact@v4
8363 with :
84- name : ${{ env.IMAGE_NAME }}_${{ github.sha }}_test
85- path : /tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_test.tar
64+ name : ${{ env.ARTIFACT_NAME }}_test
65+ path : /tmp/${{ env.ARTIFACT_NAME }}_test.tar
8666
8767 - name : " PRODUCTION: Build and push"
8868 uses : docker/build-push-action@v6
8969 with :
9070 context : .
9171 target : production
9272 outputs : |
93- type=docker,dest=/tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_prod.tar
73+ type=docker,dest=/tmp/${{ env.ARTIFACT_NAME }}_prod.tar
9474tags : |
9575 ${{ env.IMAGE_NAME }}:latest
9676 ${{ env.IMAGE_NAME }}:${{ github.sha }}
9777name : " PRODUCTION: Upload artifact"
9878 uses : actions/upload-artifact@v4
9979 with :
100- name : ${{ env.IMAGE_NAME }}_${{ github.sha }}_prod
101- path : /tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_prod.tar
80+ name : ${{ env.ARTIFACT_NAME }}_prod
81+ path : /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
10282
10383 lint :
10484 name : " Run in docker: LINT"
@@ -108,17 +88,70 @@ jobs:
10888 - name : Download artifact
10989 uses : actions/download-artifact@v4
11090 with :
111- name : ${{ env.IMAGE_NAME }}_${{ github.sha }}_prod
91+ name : ${{ env.ARTIFACT_NAME }}_lint
11292 path : /tmp/
11393
11494 - name : Load image
11595 run : |
116- docker load --input /tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_prod .tar
96+ docker load --input /tmp/${{ env.ARTIFACT_NAME }}_lint .tar
11797 docker image ls -a
11898
11999name : Run lint
120100 run : |
121- make compose/lint
101+ docker run --rm ${{ env.IMAGE_NAME }}:lint make lint
102+
103+ test :
104+ name : " Run in docker: TEST"
105+ runs-on : ubuntu-latest
106+ needs : build
107+ steps :
108+ - name : Download artifact
109+ uses : actions/download-artifact@v4
110+ with :
111+ name : ${{ env.ARTIFACT_NAME }}_test
112+ path : /tmp/
113+
114+ - name : Load image
115+ run : |
116+ docker load --input /tmp/${{ env.ARTIFACT_NAME }}_test.tar
117+ docker image ls -a
118+
119+ name : Run lint
120+ run : |
121+ docker run --rm ${{ env.IMAGE_NAME }}:test make test
122+
123+ security :
124+ name : " Snyk Container"
125+ runs-on : ubuntu-latest
126+ needs : build
127+ steps :
128+ - uses : actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
129+ - name : Download artifact
130+ uses : actions/download-artifact@v4
131+ with :
132+ name : ${{ env.ARTIFACT_NAME }}_prod
133+ path : /tmp/
134+
135+ - name : Load image
136+ run : |
137+ docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
138+ docker image ls -a
139+
140+ name : Run Snyk to check Docker image for vulnerabilities
141+ # Snyk can be used to break the build when it detects vulnerabilities.
142+ # In this case we want to upload the issues to GitHub Code Scanning
143+ continue-on-error : true
144+ uses : snyk/actions/docker@master
145+ env :
146+ # yamllint disable rule:line-length
147+ # In order to use the Snyk Action you will need to have a Snyk API token.
148+ # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
149+ # or you can sign up for free at https://snyk.io/login
150+ # yamllint enable rule:line-length
151+ SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
152+ with :
153+ image : ${{ env.IMAGE_NAME }}:${{ github.sha }}
154+ args : --file=Dockerfile
122155
123156 scan :
124157 name : " Trivy"
@@ -128,12 +161,12 @@ jobs:
128161 - name : Download artifact
129162 uses : actions/download-artifact@v4
130163 with :
131- name : ${{ env.IMAGE_NAME }}_${{ github.sha }}_prod
164+ name : ${{ env.ARTIFACT_NAME }}_prod
132165 path : /tmp/
133166
134167 - name : Load image
135168 run : |
136- docker load --input /tmp/${{ env.IMAGE_NAME }}_${{ github.sha }}_prod.tar
169+ docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
137170 docker image ls -a
138171
139172name : Run Trivy vulnerability scanner
0 commit comments