(MINOR-persistence) testing versioning

AustrianDataLAB · Jun 24, 2024 · a1f0292 · a1f0292
1 parent 4273c80
commit a1f0292
Showing 1 changed file with 114 additions and 0 deletions.
diff --git a/.github/workflows/build-tag-push.yaml b/.github/workflows/build-tag-push.yaml
@@ -0,0 +1,114 @@
+name: Build and Push to GitHub Registry
+on:
+  push:
+    branches: [ main,"feature/persistence-service" ]
+  pull_request:
+    branches: [ main ]
+
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  integration-test:
+    runs-on: ubuntu-20.04
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - 
+        name: run test
+        working-directory: ./persistence
+        run: make test
+    - 
+        name: Publish Unit Test Results
+        uses: EnricoMi/publish-unit-test-result-action@v1
+        if: always()
+        with:
+            github_token: ${{ secrets.GITHUB_TOKEN }}
+            files: ./persistence/test/test-results/*.xml
+        - 
+        name: TearDown
+        working-directory: ./persistence
+        run: make down
+
+  build-and-push-image:
+    needs: [integration-test]
+    strategy:
+      matrix:
+        component: [ persistence]
+    runs-on: ubuntu-20.04
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Login to the Container Registry
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20
+        with:
+          registry: ${{ env.REGISTRY}}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: paulhatch/semantic-version@v5.4.0
+        id: semantic-version
+        with:
+          tag_prefix: "v"
+          major_pattern: "(MAJOR-${{ matrix.component }})"
+          minor_pattern: "(MINOR-${{ matrix.component }})"
+          change_path: "${{ matrix.component }}"
+          version_format: "v${major}.${minor}.${patch}+${increment}"
+          namespace: ${{ matrix.component }}
+
+      - name: Build Docker Image
+        id: docker-build
+        uses: docker/build-push-action@v5.3.0
+        with:
+          context: ./${{ matrix.component }}
+          load: true
+          file: ./${{ matrix.component }}/Dockerfile
+
+      - name: Run Trivy Vulnerability Scanner
+        id: scan
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: '${{ steps.docker-build.outputs.imageid }}'
+          format: 'table'
+          severity: HIGH,CRITICAL
+          exit-code: 1
+
+      - name: Upload SARIF file
+        if: ${{ steps.scan.outputs.sarif != '' }}
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+            sarif_file: ${{ steps.scan.outputs.sarif }}
+
+      - name: Extract Metadata (tags, labels) for Docker
+        id: meta
+        if: github.ref == 'refs/heads/main'
+        uses: docker/metadata-action@v5.5.1
+        with:
+          images: "${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.component }}"
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
+            type=sha
+            type=raw, value=${{ steps.semantic-version.outputs.version }}
+
+      - name: Push Docker Image
+        id: docker-push
+        if: github.ref == 'refs/heads/main'
+        uses: docker/build-push-action@v5.3.0
+        with:
+          context: ./${{ matrix.component }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}