| name: Build and Integrate |
| |
| on: |
| push: |
| branches: |
| - 'master' |
| paths-ignore: |
| - '.vscode/**' |
| - 'charts/**' |
| - 'docs/**' |
| |
| env: |
| REGISTRY: ghcr.io |
| IMAGE_NAME: apache/ats-ingress |
| |
| jobs: |
| build-and-integrate: |
| runs-on: ubuntu-latest |
| permissions: |
| contents: read |
| packages: write |
| security-events: write # for github/codeql-action/upload-sarif to upload SARIF results |
| |
| steps: |
| - name: Checkout |
| uses: actions/checkout@v1 |
| with: |
| submodules: 'true' |
| |
| - name: Setup Minikube |
| uses: manusa/actions-setup-minikube@v2.3.0 |
| with: |
| minikube version: 'v1.25.1' |
| kubernetes version: 'v1.21.9' |
| github token: ${{ secrets.GITHUB_TOKEN }} |
| |
| - name: Set up Python 3.7 |
| uses: actions/setup-python@v2 |
| with: |
| python-version: '3.7' |
| |
| - name: Build ATS Alpine |
| run: docker build -t ats-ingress . |
| |
| - name: Build Exporter |
| run: docker build -t ats-ingress-exporter k8s/images/trafficserver_exporter/ |
| |
| - name: Build App 1 |
| run: docker build -t node-app-1 k8s/images/node-app-1/ |
| |
| - name: Build App 2 |
| run: docker build -t node-app-2 k8s/images/node-app-2/ |
| |
| - name: Install dependencies |
| run: | |
| cd tests |
| python -m pip install --upgrade pip |
| pip install -r requirements.txt |
| |
| - name: Test |
| run: | |
| cd tests |
| pytest -q --minikubeip="$(minikube ip)" suite/test_ingress.py |
| |
| - name: Log in to the Container registry |
| if: github.repository == 'apache/trafficserver-ingress-controller' |
| uses: docker/login-action@v2 |
| with: |
| registry: ${{ env.REGISTRY }} |
| username: ${{ github.actor }} |
| password: ${{ secrets.GITHUB_TOKEN }} |
| |
| - name: Extract metadata (tags, labels) for Docker |
| if: github.repository == 'apache/trafficserver-ingress-controller' |
| id: meta |
| uses: docker/metadata-action@v4 |
| with: |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} |
| tags: | |
| type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} |
| |
| - name: Build and push Docker image |
| if: github.repository == 'apache/trafficserver-ingress-controller' |
| uses: docker/build-push-action@v3 |
| with: |
| context: . |
| push: true |
| no-cache: true |
| tags: ${{ steps.meta.outputs.tags }} |
| labels: ${{ steps.meta.outputs.labels }} |
| |
| - name: Run Trivy vulnerability scanner |
| if: github.repository == 'apache/trafficserver-ingress-controller' |
| uses: aquasecurity/trivy-action@master |
| with: |
| image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest |
| format: 'sarif' |
| output: 'trivy-results.sarif' |
| |
| - name: Upload Trivy scan results to GitHub Security tab |
| if: github.repository == 'apache/trafficserver-ingress-controller' |
| uses: github/codeql-action/upload-sarif@v2 |
| with: |
| sarif_file: 'trivy-results.sarif' |