name: Automatic tests (DEV) on: push: branches: [dev] jobs: # BW dev tests bw: runs-on: ubuntu-latest steps: # Prepare - name: Checkout source code uses: actions/checkout@v3 - name: Setup Buildx uses: docker/setup-buildx-action@v2 - name: Login to Docker Hub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - name: Login to private repository uses: docker/login-action@v2 with: registry: ${{ secrets.PRIVATE_REGISTRY }} username: registry password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} # Build image - name: Build image uses: docker/build-push-action@v3 with: context: . file: src/bw/Dockerfile platforms: linux/amd64 load: true #push: true tags: local/bw:dev cache-from: type=registry,ref=bunkerity/cache:dev-bw-amd64-cache cache-to: type=registry,ref=bunkerity/cache:dev-bw-amd64-cache,mode=min # Check OS vulnerabilities - name: Check OS vulnerabilities uses: aquasecurity/trivy-action@master with: vuln-type: os image-ref: local/bw:dev format: table exit-code: 1 ignore-unfixed: false severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL trivyignores: .trivyignore # BW scheduler tests scheduler: runs-on: ubuntu-latest steps: # Prepare - name: Checkout source code uses: actions/checkout@v3 - name: Setup Buildx uses: docker/setup-buildx-action@v2 - name: Login to Docker Hub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - name: Login to private repository uses: docker/login-action@v2 with: registry: ${{ secrets.PRIVATE_REGISTRY }} username: registry password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} # Build image - name: Build image uses: docker/build-push-action@v3 with: context: . file: src/scheduler/Dockerfile platforms: linux/amd64 load: true #push: true tags: local/scheduler:dev cache-from: type=registry,ref=bunkerity/cache:dev-scheduler-amd64-cache cache-to: type=registry,ref=bunkerity/cache:dev-scheduler-amd64-cache,mode=min # Check OS vulnerabilities - name: Check OS vulnerabilities uses: aquasecurity/trivy-action@master with: vuln-type: os image-ref: local/scheduler:dev format: table exit-code: 1 ignore-unfixed: false severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL trivyignores: .trivyignore # BW autoconf tests autoconf: runs-on: ubuntu-latest steps: # Prepare - name: Checkout source code uses: actions/checkout@v3 - name: Setup Buildx uses: docker/setup-buildx-action@v2 - name: Login to Docker Hub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - name: Login to private repository uses: docker/login-action@v2 with: registry: ${{ secrets.PRIVATE_REGISTRY }} username: registry password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} # Build image - name: Build image uses: docker/build-push-action@v3 with: context: . file: src/autoconf/Dockerfile platforms: linux/amd64 load: true #push: true tags: local/autoconf:dev cache-from: type=registry,ref=bunkerity/cache:dev-ui-amd64-cache cache-to: type=registry,ref=bunkerity/cache:dev-ui-amd64-cache,mode=min # Check OS vulnerabilities - name: Check OS vulnerabilities uses: aquasecurity/trivy-action@master with: vuln-type: os image-ref: local/autoconf:dev format: table exit-code: 1 ignore-unfixed: false severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL trivyignores: .trivyignore # BW UI tests ui: runs-on: ubuntu-latest steps: # Prepare - name: Checkout source code uses: actions/checkout@v3 - name: Setup Buildx uses: docker/setup-buildx-action@v2 - name: Login to Docker Hub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - name: Login to private repository uses: docker/login-action@v2 with: registry: ${{ secrets.PRIVATE_REGISTRY }} username: registry password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} # TODO : code scan # Build image - name: Build image uses: docker/build-push-action@v3 with: context: . file: src/ui/Dockerfile platforms: linux/amd64 load: true #push: true tags: local/ui:dev cache-from: type=registry,ref=bunkerity/cache:dev-ui-amd64-cache cache-to: type=registry,ref=bunkerity/cache:dev-ui-amd64-cache,mode=min # Check OS vulnerabilities - name: Check OS vulnerabilities uses: aquasecurity/trivy-action@master with: vuln-type: os image-ref: local/ui:dev format: table exit-code: 1 ignore-unfixed: false severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL trivyignores: .trivyignore # Python code security code-security: runs-on: ubuntu-latest permissions: actions: read contents: read security-events: write strategy: fail-fast: false matrix: language: ["python"] steps: - name: Checkout repository uses: actions/checkout@v3 - name: Initialize CodeQL uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} config-file: ./.github/codeql.yml - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 with: category: "/language:${{matrix.language}}"