Continuous Integration #37

	name: CI

	run-name: ${{ github.event.schedule && 'Routine vulnerability scan' \|\| 'Continuous Integration' }}

	on:
	push:

	pull_request:

	schedule:
	- cron: "30 12 * * *" # runs everyday at 12h30

	env:
	PUBLISH_IMAGE: ${{ (github.ref_name == 'main' \|\| github.ref_type == 'tag') && 'TRUE' \|\| 'FALSE'}}
	IMAGE_TAG: ${{ github.ref_name == 'main' && 'latest' \|\| github.ref_name }}
	IMAGE_NAME: ghcr.io/${{ github.repository }}/arpav-ppcv-backend

	jobs:
	run-dagger-ci:
	runs-on: ubuntu-22.04
	steps:

	- name: grab code
	uses: actions/checkout@v4

	- name: setup Python
	uses: actions/setup-python@v5
	with:
	python-version: '3.10'
	cache: pip
	cache-dependency-path: docker/backend/project_requirements.txt

	- name: install dagger for python
	uses: insightsengineering/pip-action@v2
	with:
	packages: dagger-io==0.9.8

	- name: login to container registry
	if: ${{ env.PUBLISH_IMAGE == 'TRUE' }}
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: run ci
	uses: dagger/dagger-for-github@v5
	with:
	verb: run
	args: >-
	python tests/ci/main.py
	--with-tests
	${{ env.PUBLISH_IMAGE == 'TRUE' && format('--publish-docker-image {0}:{1}', env.IMAGE_NAME, env.IMAGE_TAG) \|\| ''}}
	version: 0.9.9

	# Periodically scan built image for vulnerabilities
	- name: run security scanning
	if: ${{ github.event.schedule }}
	uses: dagger/dagger-for-github@v5
	with:
	verb: run
	args: python tests/ci/main.py --with-security-scan
	version: 0.9.9

Provide feedback