-
Notifications
You must be signed in to change notification settings - Fork 2
lucasatstoryb edited this page Nov 18, 2022
·
3 revisions
The CI workflow is responsible for combining two different workflows.
- CI_CHECK: That runs unit test and scans the code for bugs and vulnerabiltiies.
- CI_BUILD: That builds the image and then scan it for vulnerabilities and missconfigurations.
Each workflow works separatelly, but for policy enforcement these workflows works are as a single one.
How to call this workflow.
jobs:
<job_name>:
name: '<Job name such as CI>'
uses: signalwire/actions-template/.github/workflows/ci.yml@main
with:
PROJECT_NAME: "<project_name matching DockerHub repo name>"
LANGUAGE: 'dot-net'
COVERAGE: true
TEST_DEPENDENCIES: true
SUBMODULES_RECURSIVE: true
FILE: <path to Dockerfile>
secrets:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
GH_BOT_DEPLOY_KEY: ${{ secrets.GH_BOT_DEPLOY_KEY }}
GITHUBTOKEN: ${{ secrets.GITHUB_TOKEN }}
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}| Name | Default Value | Type | Required | Description |
|---|---|---|---|---|
| PROJECT_NAME | String | true | The project name that matches with DockerHub Repo name | |
| LANGUAGE | String | false | The default project language. Accepted values are "dot-net", "JavaScript" and "Ruby" | |
| NODE_VERSION | 19 | String | false | Default Node.Js version |
| RUBY_VERSION | 2.7.4 | String | false | Default Ruby version |
| DOTNET_VERSION | 6.0.403 | String | false | Default .NET core version |
| COVERAGE | true | Boolean | false | Whenever you want SonarQube to run Coverage reports in your code |
| PUSH | false | Boolean | false | Whenever you want to push a docker image to DockerHub |
| FILE | ./Dockerfile | String | false | Default path to Dockerfile when building it |
| CONTEXT | . | String | false | Default docker context when building an image |
| PLATFORMS | linux/amd64 | String | false | Support for multiplatform build |
| ENABLE_GPG | false | Boolean | false | Whenever you need to decrypt some GPG file |
| GPG_FILE | String | false | Path to GPG file to be decrypted | |
| SUBMODULES_RECURSIVE | false | Boolean | false | Whenever you want to fetch GIT submodules |
| TEST_DEPENDENCIES | false | Boolean | false | Whenever unit tests require dependencies to run, such as redis |
| DEPENDENCIES_FILE | ./provisioning/docker-compose.yml | String | false | Path to a docker-compose file containing all dependencies to execute unit tests with their ports exposed |
| TAG | type=schedule type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=sha | String | false | The docker image tag according to https://github.com/docker/metadata-action |
| BUILD_ARGS | String | false | Docker build args values |
| Name | Required | Description |
|---|---|---|
| SONAR_HOST_URL | false | The default SonarQube host URL |
| SONAR_TOKEN | false | Sonar project token |
| SONAR_PROJECT_KEY | false | Sonar project key generate when a new project is created |
| DOCKERHUB_USERNAME | true | Dockerhub username |
| DOCKERHUB_TOKEN | true | Dockerhub password/PAT/token |
| GPG_PASSPHRASE | false | Key used to decrypt a GPG file, ENABLE_GPG must be set to true |
| GH_BOT_DEPLOY_KEY | false | Used to fetch depencies, SUBMODULE_RECURSIVE must be set to true |