.github/workflows/build.yml - trafficserver-ingress-controller - Git at Google

 name: Build and Integrate

 on:
   push:
     branches:
     - 'master'
     paths-ignore:
     - '.vscode/**'
     - 'charts/**'
     - 'docs/**'

 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: apache/ats-ingress

 jobs:
   build-and-integrate:
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results

     steps:
       - name: Checkout
         uses: actions/checkout@v1
         with:
           submodules: 'true'

       - name: Setup Minikube
         uses: manusa/actions-setup-minikube@v2.3.0
         with:
           minikube version: 'v1.25.1'
           kubernetes version: 'v1.21.9'
           github token: ${{ secrets.GITHUB_TOKEN }}

       - name: Set up Python 3.7
         uses: actions/setup-python@v2
         with:
           python-version: '3.7'

       - name: Build ATS Alpine
         run: docker build -t ats-ingress .

       - name: Build Exporter
         run: docker build -t ats-ingress-exporter k8s/images/trafficserver_exporter/

       - name: Build App 1
         run: docker build -t node-app-1 k8s/images/node-app-1/

       - name: Build App 2
         run: docker build -t node-app-2 k8s/images/node-app-2/

       - name: Install dependencies
         run: |
           cd tests
           python -m pip install --upgrade pip
           pip install -r requirements.txt

       - name: Test
         run: |
           cd tests
           pytest -q --minikubeip="$(minikube ip)" suite/test_ingress.py

       - name: Log in to the Container registry
         if: github.repository == 'apache/trafficserver-ingress-controller'
         uses: docker/login-action@v2
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}

       - name: Extract metadata (tags, labels) for Docker
         if: github.repository == 'apache/trafficserver-ingress-controller'
         id: meta
         uses: docker/metadata-action@v4
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
             type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }}

       - name: Build and push Docker image
         if: github.repository == 'apache/trafficserver-ingress-controller'
         uses: docker/build-push-action@v3
         with:
           context: .
           push: true
           no-cache: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

       - name: Run Trivy vulnerability scanner
         if: github.repository == 'apache/trafficserver-ingress-controller'
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
           format: 'sarif'
           output: 'trivy-results.sarif'

       - name: Upload Trivy scan results to GitHub Security tab
         if: github.repository == 'apache/trafficserver-ingress-controller'
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: 'trivy-results.sarif'
	name: Build and Integrate

	on:
	push:
	branches:
	- 'master'
	paths-ignore:
	- '.vscode/**'
	- 'charts/**'
	- 'docs/**'

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: apache/ats-ingress

	jobs:
	build-and-integrate:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results

	steps:
	- name: Checkout
	uses: actions/checkout@v1
	with:
	submodules: 'true'

	- name: Setup Minikube
	uses: manusa/actions-setup-minikube@v2.3.0
	with:
	minikube version: 'v1.25.1'
	kubernetes version: 'v1.21.9'
	github token: ${{ secrets.GITHUB_TOKEN }}

	- name: Set up Python 3.7
	uses: actions/setup-python@v2
	with:
	python-version: '3.7'

	- name: Build ATS Alpine
	run: docker build -t ats-ingress .

	- name: Build Exporter
	run: docker build -t ats-ingress-exporter k8s/images/trafficserver_exporter/

	- name: Build App 1
	run: docker build -t node-app-1 k8s/images/node-app-1/

	- name: Build App 2
	run: docker build -t node-app-2 k8s/images/node-app-2/

	- name: Install dependencies
	run: \|
	cd tests
	python -m pip install --upgrade pip
	pip install -r requirements.txt

	- name: Test
	run: \|
	cd tests
	pytest -q --minikubeip="$(minikube ip)" suite/test_ingress.py

	- name: Log in to the Container registry
	if: github.repository == 'apache/trafficserver-ingress-controller'
	uses: docker/login-action@v2
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Extract metadata (tags, labels) for Docker
	if: github.repository == 'apache/trafficserver-ingress-controller'
	id: meta
	uses: docker/metadata-action@v4
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	tags: \|
	type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }}

	- name: Build and push Docker image
	if: github.repository == 'apache/trafficserver-ingress-controller'
	uses: docker/build-push-action@v3
	with:
	context: .
	push: true
	no-cache: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}

	- name: Run Trivy vulnerability scanner
	if: github.repository == 'apache/trafficserver-ingress-controller'
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
	format: 'sarif'
	output: 'trivy-results.sarif'

	- name: Upload Trivy scan results to GitHub Security tab
	if: github.repository == 'apache/trafficserver-ingress-controller'
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results.sarif'