-
Notifications
You must be signed in to change notification settings - Fork 0
130 lines (116 loc) · 3.53 KB
/
Copy pathci.yml
File metadata and controls
130 lines (116 loc) · 3.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: CI
on:
pull_request:
branches:
- main
permissions:
contents: read
security-events: write
jobs:
lint-go:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: backend/go.mod
- name: Install golangci-lint
run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
- name: Run golangci-lint
working-directory: backend
run: golangci-lint run --timeout=5m
lint-frontend:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "20"
cache: "npm"
cache-dependency-path: frontend/package-lock.json
- working-directory: frontend
run: |
npm ci --legacy-peer-deps
npm run lint
test-go:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_DB: remedyiq
POSTGRES_USER: remedyiq
POSTGRES_PASSWORD: remedyiq
ports:
- 5432:5432
options: >-
--health-cmd "pg_isready -U remedyiq"
--health-interval 10s
--health-timeout 5s
--health-retries 5
env:
POSTGRES_URL: postgres://remedyiq:remedyiq@localhost:5432/remedyiq?sslmode=disable
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: backend/go.mod
- name: Apply database migrations
env:
PGPASSWORD: remedyiq
run: |
for f in backend/migrations/*.up.sql; do
psql -h localhost -U remedyiq -d remedyiq -f "$f"
done
- working-directory: backend
run: go test -v -race -coverprofile=coverage.out ./...
build-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Build API image
run: docker build -f backend/Dockerfile --target api -t remedyiq/api:ci .
- name: Build Worker image
run: docker build -f backend/Dockerfile --target worker -t remedyiq/worker:ci .
- name: Build Frontend image
run: docker build -t remedyiq/frontend:ci ./frontend
- name: Scan API image with Trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: remedyiq/api:ci
format: table
exit-code: 1
severity: HIGH,CRITICAL
trivyignores: .trivyignore
- name: Scan Worker image with Trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: remedyiq/worker:ci
format: table
exit-code: 1
severity: HIGH,CRITICAL
trivyignores: .trivyignore
- name: Scan Frontend image with Trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: remedyiq/frontend:ci
format: table
exit-code: 1
severity: HIGH,CRITICAL
trivyignores: .trivyignore
- name: Scan for secrets with Gitleaks
uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
helm-lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: azure/setup-helm@v4
with:
version: "v3.14.0"
- run: helm dependency update helm/remedyiq
- run: helm lint helm/remedyiq -f helm/remedyiq/values-staging.yaml
- run: helm lint helm/remedyiq -f helm/remedyiq/values-prod.yaml