CI/CD #262
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD | |
| on: | |
| push: | |
| tags: | |
| - "[0-9]+.[0-9]+.[0-9]+" | |
| schedule: | |
| - cron: "0 5 * * 0" | |
| workflow_dispatch: | |
| env: | |
| USER: loganmarchione | |
| REPO: docker-postfixrelay | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the codebase | |
| uses: actions/checkout@v6 | |
| - name: Lint Dockerfile with Hadolint | |
| uses: hadolint/[email protected] | |
| with: | |
| failure-threshold: error | |
| ignore: DL3008,DL3018 | |
| ci: | |
| name: Build and test | |
| needs: lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the codebase | |
| uses: actions/checkout@v6 | |
| - name: Set variables | |
| run: | | |
| VER=$(cat VERSION) | |
| echo "VERSION=$VER" >> $GITHUB_ENV | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: false | |
| context: . | |
| file: Dockerfile | |
| load: true | |
| tags: | | |
| ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }} | |
| ${{ env.USER }}/${{ env.REPO }}:latest | |
| - name: Test image | |
| run: | | |
| docker images | |
| docker run --name test-container --detach --env TZ=America/New_York --env RELAY_HOST=smtp.domain.com --env RELAY_PORT=587 --volume 'postfixrelay_data:/var/spool/postfix' ${USER}/${REPO}:${VERSION} | |
| docker ps -a | |
| docker exec --tty test-container /bin/sh -c "which postfix && postconf -d mail_version" | |
| - name: Container scan with Dockle | |
| uses: goodwithtech/[email protected] | |
| with: | |
| image: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}' | |
| format: 'list' | |
| exit-code: '1' | |
| exit-level: 'warn' | |
| ignore: 'CIS-DI-0001,CIS-DI-0010' | |
| - name: Container scan with Trivy | |
| uses: aquasecurity/[email protected] | |
| with: | |
| scan-type: 'image' | |
| image-ref: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}' | |
| trivy-config: ./github/trivy.yaml | |
| cd: | |
| name: Deploy | |
| needs: ci | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the codebase | |
| uses: actions/checkout@v6 | |
| - name: Set variables | |
| run: | | |
| VER=$(cat VERSION) | |
| echo "VERSION=$VER" >> $GITHUB_ENV | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USER }} | |
| password: ${{ secrets.DOCKER_HUB_PASS }} | |
| logout: true | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| context: . | |
| file: Dockerfile | |
| platforms: linux/amd64,linux/arm64,linux/arm/v7 | |
| tags: | | |
| ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }} | |
| ${{ env.USER }}/${{ env.REPO }}:latest |