Skip to content

Commit

Permalink
fix: cascaded registry host to inner jobs' stepps
Browse files Browse the repository at this point in the history
  • Loading branch information
Filipe Forattini committed Aug 10, 2022
1 parent a09bed5 commit c071c0f
Show file tree
Hide file tree
Showing 9 changed files with 60 additions and 11 deletions.
6 changes: 6 additions & 0 deletions .github/actions/pack-docker-build/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ inputs:
description: "Push images"
required: false
default: "true"
containerRegistry:
description: "Image containers registry"
required: false
default: "true"

runs:
using: "composite"
Expand All @@ -38,6 +42,8 @@ runs:
- name: Pipeline config scrapper
id: analysis
uses: filipeforattini/ff-iac-github-actions/.github/actions/config-scrapper@main
with:
containerRegistry: ${{inputs.containerRegistry}}

- name: Build and push without cache
uses: docker/build-push-action@v3
Expand Down
16 changes: 14 additions & 2 deletions .github/actions/pack-static-code-analysis/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,22 @@ runs:
using: "composite"

steps:
# GitLeaks
- name: Run GitLeaks scanner
id: gitleaks
if: inputs.runAnalysis == true
uses: docker://opendevsecops/gitleaks
uses: DariuszPorowski/github-action-gitleaks@v2
with:
args: --repo=https://github.com/${{github.repository}}
report_format: "sarif"
fail: false

- name: Upload Gitleaks SARIF report to code scanning service
if: steps.gitleaks.outputs.exitcode == 1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{steps.gitleaks.outputs.report}}

# Trivy
- name: Run Trivy scanner
if: inputs.runAnalysis == true
uses: aquasecurity/trivy-action@master
Expand All @@ -37,6 +47,7 @@ runs:
with:
sarif_file: 'trivy-results.sarif'

# OSSAR
- name: Run OSSAR
if: inputs.runAnalysis == true
uses: github/ossar-action@v1
Expand All @@ -48,6 +59,7 @@ runs:
with:
sarif_file: ${{ steps.ossar.outputs.sarifFile }}

# CodeQL
- name: Setup CodeQL for ${{ inputs.language }}
uses: github/codeql-action/init@v2
with:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/app.yml
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,7 @@ jobs:
with:
cached: true
platforms: ${{inputs.platforms}}
containerRegistry: ${{inputs.containerRegistry}}


#--------------------------------------------------#
Expand Down
17 changes: 17 additions & 0 deletions .github/workflows/svc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ jobs:
uses: filipeforattini/ff-iac-github-actions/.github/actions/config-scrapper@main
with:
writeSummary: true
containerRegistry: ${{inputs.containerRegistry}}


#--------------------------------------------------#
Expand Down Expand Up @@ -335,6 +336,8 @@ jobs:
- name: Pipeline config scrapper
id: analysis
uses: filipeforattini/ff-iac-github-actions/.github/actions/config-scrapper@main
with:
containerRegistry: ${{inputs.containerRegistry}}

- name: Trigger
run: |
Expand Down Expand Up @@ -374,6 +377,8 @@ jobs:
- name: Pipeline config scrapper
id: analysis
uses: filipeforattini/ff-iac-github-actions/.github/actions/config-scrapper@main
with:
containerRegistry: ${{inputs.containerRegistry}}

- name: Trigger
run: |
Expand Down Expand Up @@ -413,6 +418,8 @@ jobs:
- name: Pipeline config scrapper
id: analysis
uses: filipeforattini/ff-iac-github-actions/.github/actions/config-scrapper@main
with:
containerRegistry: ${{inputs.containerRegistry}}

- name: Trigger
run: |
Expand Down Expand Up @@ -454,6 +461,8 @@ jobs:
- name: Pipeline config scrapper
id: analysis
uses: filipeforattini/ff-iac-github-actions/.github/actions/config-scrapper@main
with:
containerRegistry: ${{inputs.containerRegistry}}

- name: Setup | Dependencies
uses: filipeforattini/ff-iac-github-actions/.github/actions/setup-binaries@main
Expand Down Expand Up @@ -500,6 +509,7 @@ jobs:
with:
cached: true
platforms: ${{inputs.platforms}}
containerRegistry: ${{inputs.containerRegistry}}


#--------------------------------------------------#
Expand All @@ -525,6 +535,8 @@ jobs:
- name: Pipeline config scrapper
id: analysis
uses: filipeforattini/ff-iac-github-actions/.github/actions/config-scrapper@main
with:
containerRegistry: ${{inputs.containerRegistry}}

- name: Setup | Dependencies
uses: filipeforattini/ff-iac-github-actions/.github/actions/setup-binaries@main
Expand Down Expand Up @@ -570,6 +582,7 @@ jobs:
with:
cached: true
platforms: ${{inputs.platforms}}
containerRegistry: ${{inputs.containerRegistry}}


#--------------------------------------------------#
Expand Down Expand Up @@ -613,6 +626,8 @@ jobs:
- name: Pipeline config scrapper
id: analysis
uses: filipeforattini/ff-iac-github-actions/.github/actions/config-scrapper@main
with:
containerRegistry: ${{inputs.containerRegistry}}

- name: Config | Version
id: versioning
Expand Down Expand Up @@ -765,6 +780,8 @@ jobs:
- name: Pipeline config scrapper
id: analysis
uses: filipeforattini/ff-iac-github-actions/.github/actions/config-scrapper@main
with:
containerRegistry: ${{inputs.containerRegistry}}

- name: Config | Version
id: versioning
Expand Down
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ These workflows are highly opinionated **kubectl-apply** or **helm-upgrade** pip
- [GitLeaks](https://github.com/zricethezav/gitleaks) for repository
- [Trivy](https://github.com/aquasecurity/trivy) for repository and image
- Open Source Static Analysis Runner
- Dynamic container generator

### Repository Patterns

Expand Down
1 change: 1 addition & 0 deletions deploy/as-k8s/service.schema.yml
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@
#! PIPELINE CONTROLE
pipelineControl:
datetime: 'today'
environmentAsSubdomains: true
environmentsAsNamespaces: false


Expand Down
7 changes: 0 additions & 7 deletions src/actions/k8s-install-dependencies/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -170,10 +170,3 @@ runs:
REPOSITORY_TAG_VERSION=${{inputs.version}} \
DEPENDENCY_FILE=${{inputs.renderedOutput}} \
./.pipeline/src/dependency-install.sh
K8S_NAMESPACE=ff-svc-moleculer-dev \
K8S_REPOSITORY=ff-svc-moleculer \
DEPENDENCY_NAME=etcd \
REPOSITORY_TAG_VERSION=1.6.83 \
DEPENDENCY_FILE=./test/tmp/k8s-dependencies-full.yml \
./src/dependency-install.sh
6 changes: 6 additions & 0 deletions src/actions/pack-docker-build/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ inputs:
description: "Push images"
required: false
default: "true"
containerRegistry:
description: "Image containers registry"
required: false
default: "true"

runs:
using: "composite"
Expand All @@ -38,6 +42,8 @@ runs:
- name: Pipeline config scrapper
id: analysis
uses: filipeforattini/ff-iac-github-actions/.github/actions/config-scrapper@main
with:
containerRegistry: ${{inputs.containerRegistry}}

- name: Build and push without cache
uses: docker/build-push-action@v3
Expand Down
16 changes: 14 additions & 2 deletions src/actions/pack-static-code-analysis/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,22 @@ runs:
using: "composite"

steps:
# GitLeaks
- name: Run GitLeaks scanner
id: gitleaks
if: inputs.runAnalysis == true
uses: docker://opendevsecops/gitleaks
uses: DariuszPorowski/github-action-gitleaks@v2
with:
args: --repo=https://github.com/${{github.repository}}
report_format: "sarif"
fail: false

- name: Upload Gitleaks SARIF report to code scanning service
if: steps.gitleaks.outputs.exitcode == 1
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{steps.gitleaks.outputs.report}}

# Trivy
- name: Run Trivy scanner
if: inputs.runAnalysis == true
uses: aquasecurity/trivy-action@master
Expand All @@ -37,6 +47,7 @@ runs:
with:
sarif_file: 'trivy-results.sarif'

# OSSAR
- name: Run OSSAR
if: inputs.runAnalysis == true
uses: github/ossar-action@v1
Expand All @@ -48,6 +59,7 @@ runs:
with:
sarif_file: ${{ steps.ossar.outputs.sarifFile }}

# CodeQL
- name: Setup CodeQL for ${{ inputs.language }}
uses: github/codeql-action/init@v2
with:
Expand Down

0 comments on commit c071c0f

Please sign in to comment.