fix(ci): unblock dev build/deploy (CAR-1195)

This commit is contained in:
2026-06-03 19:43:54 +00:00
parent fb70b816f2
commit 06162f9f15
+34 -16
View File
@@ -156,8 +156,8 @@ jobs:
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
target: prod target: prod
cache-from: type=gha cache-from: type=inline
cache-to: type=gha,mode=max cache-to: type=inline,mode=max
- name: Scan frontend image for vulnerabilities - name: Scan frontend image for vulnerabilities
uses: anchore/scan-action@v5 uses: anchore/scan-action@v5
@@ -182,7 +182,7 @@ jobs:
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
target: prod target: prod
cache-from: type=gha cache-from: type=inline
- name: Create git tag - name: Create git tag
if: github.event_name == 'push' && github.ref == 'refs/heads/main' if: github.event_name == 'push' && github.ref == 'refs/heads/main'
@@ -248,8 +248,8 @@ jobs:
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
build-args: | build-args: |
APT_CACHE_BUST=${{ github.run_id }} APT_CACHE_BUST=${{ github.run_id }}
cache-from: type=gha cache-from: type=inline
cache-to: type=gha,mode=max cache-to: type=inline,mode=max
- name: Scan receiptwitness image for vulnerabilities - name: Scan receiptwitness image for vulnerabilities
uses: anchore/scan-action@v5 uses: anchore/scan-action@v5
@@ -276,7 +276,7 @@ jobs:
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
build-args: | build-args: |
APT_CACHE_BUST=${{ github.run_id }} APT_CACHE_BUST=${{ github.run_id }}
cache-from: type=gha cache-from: type=inline
build-and-push-api: build-and-push-api:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@@ -336,8 +336,8 @@ jobs:
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
build-args: | build-args: |
APT_CACHE_BUST=${{ github.run_id }} APT_CACHE_BUST=${{ github.run_id }}
cache-from: type=gha cache-from: type=inline
cache-to: type=gha,mode=max cache-to: type=inline,mode=max
- name: Scan api image for vulnerabilities - name: Scan api image for vulnerabilities
uses: anchore/scan-action@v5 uses: anchore/scan-action@v5
@@ -364,7 +364,7 @@ jobs:
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
build-args: | build-args: |
APT_CACHE_BUST=${{ github.run_id }} APT_CACHE_BUST=${{ github.run_id }}
cache-from: type=gha cache-from: type=inline
build-and-push-auth: build-and-push-auth:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@@ -424,8 +424,8 @@ jobs:
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
build-args: | build-args: |
APT_CACHE_BUST=${{ github.run_id }} APT_CACHE_BUST=${{ github.run_id }}
cache-from: type=gha cache-from: type=inline
cache-to: type=gha,mode=max cache-to: type=inline,mode=max
- name: Scan auth image for vulnerabilities - name: Scan auth image for vulnerabilities
uses: anchore/scan-action@v5 uses: anchore/scan-action@v5
@@ -452,7 +452,7 @@ jobs:
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
build-args: | build-args: |
APT_CACHE_BUST=${{ github.run_id }} APT_CACHE_BUST=${{ github.run_id }}
cache-from: type=gha cache-from: type=inline
deploy-dev: deploy-dev:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@@ -463,7 +463,7 @@ jobs:
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
with: with:
repository: cartsnitch/infra repository: cartsnitch/infra
token: ${{ secrets.REGISTRY_TOKEN }} token: ${{ secrets.CI_GITEA_TOKEN }}
ref: main ref: main
path: infra path: infra
@@ -471,7 +471,16 @@ jobs:
uses: azure/setup-kubectl@v4 uses: azure/setup-kubectl@v4
- name: Install kustomize - name: Install kustomize
uses: imranismail/setup-kustomize@v2 # imranismail/setup-kustomize@v2 calls the Gitea API to record
# telemetry under the "kubernetes-sigs" user, which doesn't exist
# on this Gitea instance. Install the binary directly instead.
run: |
set -euo pipefail
version="5.4.3"
url="https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${version}/kustomize_v${version}_linux_amd64.tar.gz"
curl -fsSL --retry 3 "$url" | tar -xz -C /tmp kustomize
sudo install -m 0755 /tmp/kustomize /usr/local/bin/kustomize
kustomize version
- name: Determine image tag for frontend - name: Determine image tag for frontend
id: frontend_tag id: frontend_tag
@@ -553,7 +562,7 @@ jobs:
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
with: with:
repository: cartsnitch/infra repository: cartsnitch/infra
token: ${{ secrets.REGISTRY_TOKEN }} token: ${{ secrets.CI_GITEA_TOKEN }}
ref: main ref: main
path: infra path: infra
@@ -561,7 +570,16 @@ jobs:
uses: azure/setup-kubectl@v4 uses: azure/setup-kubectl@v4
- name: Install kustomize - name: Install kustomize
uses: imranismail/setup-kustomize@v2 # imranismail/setup-kustomize@v2 calls the Gitea API to record
# telemetry under the "kubernetes-sigs" user, which doesn't exist
# on this Gitea instance. Install the binary directly instead.
run: |
set -euo pipefail
version="5.4.3"
url="https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${version}/kustomize_v${version}_linux_amd64.tar.gz"
curl -fsSL --retry 3 "$url" | tar -xz -C /tmp kustomize
sudo install -m 0755 /tmp/kustomize /usr/local/bin/kustomize
kustomize version
- name: Determine image tag for frontend - name: Determine image tag for frontend
id: frontend_tag id: frontend_tag