forked from cartsnitch/cartsnitch
fix(ci): unblock dev build/deploy (CAR-1195)
This commit is contained in:
+34
-16
@@ -156,8 +156,8 @@ jobs:
|
|||||||
tags: ${{ steps.meta.outputs.tags }}
|
tags: ${{ steps.meta.outputs.tags }}
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
target: prod
|
target: prod
|
||||||
cache-from: type=gha
|
cache-from: type=inline
|
||||||
cache-to: type=gha,mode=max
|
cache-to: type=inline,mode=max
|
||||||
|
|
||||||
- name: Scan frontend image for vulnerabilities
|
- name: Scan frontend image for vulnerabilities
|
||||||
uses: anchore/scan-action@v5
|
uses: anchore/scan-action@v5
|
||||||
@@ -182,7 +182,7 @@ jobs:
|
|||||||
tags: ${{ steps.meta.outputs.tags }}
|
tags: ${{ steps.meta.outputs.tags }}
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
target: prod
|
target: prod
|
||||||
cache-from: type=gha
|
cache-from: type=inline
|
||||||
|
|
||||||
- name: Create git tag
|
- name: Create git tag
|
||||||
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
||||||
@@ -248,8 +248,8 @@ jobs:
|
|||||||
labels: ${{ steps.meta.outputs.labels }}
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
build-args: |
|
build-args: |
|
||||||
APT_CACHE_BUST=${{ github.run_id }}
|
APT_CACHE_BUST=${{ github.run_id }}
|
||||||
cache-from: type=gha
|
cache-from: type=inline
|
||||||
cache-to: type=gha,mode=max
|
cache-to: type=inline,mode=max
|
||||||
|
|
||||||
- name: Scan receiptwitness image for vulnerabilities
|
- name: Scan receiptwitness image for vulnerabilities
|
||||||
uses: anchore/scan-action@v5
|
uses: anchore/scan-action@v5
|
||||||
@@ -276,7 +276,7 @@ jobs:
|
|||||||
labels: ${{ steps.meta.outputs.labels }}
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
build-args: |
|
build-args: |
|
||||||
APT_CACHE_BUST=${{ github.run_id }}
|
APT_CACHE_BUST=${{ github.run_id }}
|
||||||
cache-from: type=gha
|
cache-from: type=inline
|
||||||
|
|
||||||
build-and-push-api:
|
build-and-push-api:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
@@ -336,8 +336,8 @@ jobs:
|
|||||||
labels: ${{ steps.meta.outputs.labels }}
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
build-args: |
|
build-args: |
|
||||||
APT_CACHE_BUST=${{ github.run_id }}
|
APT_CACHE_BUST=${{ github.run_id }}
|
||||||
cache-from: type=gha
|
cache-from: type=inline
|
||||||
cache-to: type=gha,mode=max
|
cache-to: type=inline,mode=max
|
||||||
|
|
||||||
- name: Scan api image for vulnerabilities
|
- name: Scan api image for vulnerabilities
|
||||||
uses: anchore/scan-action@v5
|
uses: anchore/scan-action@v5
|
||||||
@@ -364,7 +364,7 @@ jobs:
|
|||||||
labels: ${{ steps.meta.outputs.labels }}
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
build-args: |
|
build-args: |
|
||||||
APT_CACHE_BUST=${{ github.run_id }}
|
APT_CACHE_BUST=${{ github.run_id }}
|
||||||
cache-from: type=gha
|
cache-from: type=inline
|
||||||
|
|
||||||
build-and-push-auth:
|
build-and-push-auth:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
@@ -424,8 +424,8 @@ jobs:
|
|||||||
labels: ${{ steps.meta.outputs.labels }}
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
build-args: |
|
build-args: |
|
||||||
APT_CACHE_BUST=${{ github.run_id }}
|
APT_CACHE_BUST=${{ github.run_id }}
|
||||||
cache-from: type=gha
|
cache-from: type=inline
|
||||||
cache-to: type=gha,mode=max
|
cache-to: type=inline,mode=max
|
||||||
|
|
||||||
- name: Scan auth image for vulnerabilities
|
- name: Scan auth image for vulnerabilities
|
||||||
uses: anchore/scan-action@v5
|
uses: anchore/scan-action@v5
|
||||||
@@ -452,7 +452,7 @@ jobs:
|
|||||||
labels: ${{ steps.meta.outputs.labels }}
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
build-args: |
|
build-args: |
|
||||||
APT_CACHE_BUST=${{ github.run_id }}
|
APT_CACHE_BUST=${{ github.run_id }}
|
||||||
cache-from: type=gha
|
cache-from: type=inline
|
||||||
|
|
||||||
deploy-dev:
|
deploy-dev:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
@@ -463,7 +463,7 @@ jobs:
|
|||||||
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
|
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
|
||||||
with:
|
with:
|
||||||
repository: cartsnitch/infra
|
repository: cartsnitch/infra
|
||||||
token: ${{ secrets.REGISTRY_TOKEN }}
|
token: ${{ secrets.CI_GITEA_TOKEN }}
|
||||||
ref: main
|
ref: main
|
||||||
path: infra
|
path: infra
|
||||||
|
|
||||||
@@ -471,7 +471,16 @@ jobs:
|
|||||||
uses: azure/setup-kubectl@v4
|
uses: azure/setup-kubectl@v4
|
||||||
|
|
||||||
- name: Install kustomize
|
- name: Install kustomize
|
||||||
uses: imranismail/setup-kustomize@v2
|
# imranismail/setup-kustomize@v2 calls the Gitea API to record
|
||||||
|
# telemetry under the "kubernetes-sigs" user, which doesn't exist
|
||||||
|
# on this Gitea instance. Install the binary directly instead.
|
||||||
|
run: |
|
||||||
|
set -euo pipefail
|
||||||
|
version="5.4.3"
|
||||||
|
url="https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${version}/kustomize_v${version}_linux_amd64.tar.gz"
|
||||||
|
curl -fsSL --retry 3 "$url" | tar -xz -C /tmp kustomize
|
||||||
|
sudo install -m 0755 /tmp/kustomize /usr/local/bin/kustomize
|
||||||
|
kustomize version
|
||||||
|
|
||||||
- name: Determine image tag for frontend
|
- name: Determine image tag for frontend
|
||||||
id: frontend_tag
|
id: frontend_tag
|
||||||
@@ -553,7 +562,7 @@ jobs:
|
|||||||
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
|
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
|
||||||
with:
|
with:
|
||||||
repository: cartsnitch/infra
|
repository: cartsnitch/infra
|
||||||
token: ${{ secrets.REGISTRY_TOKEN }}
|
token: ${{ secrets.CI_GITEA_TOKEN }}
|
||||||
ref: main
|
ref: main
|
||||||
path: infra
|
path: infra
|
||||||
|
|
||||||
@@ -561,7 +570,16 @@ jobs:
|
|||||||
uses: azure/setup-kubectl@v4
|
uses: azure/setup-kubectl@v4
|
||||||
|
|
||||||
- name: Install kustomize
|
- name: Install kustomize
|
||||||
uses: imranismail/setup-kustomize@v2
|
# imranismail/setup-kustomize@v2 calls the Gitea API to record
|
||||||
|
# telemetry under the "kubernetes-sigs" user, which doesn't exist
|
||||||
|
# on this Gitea instance. Install the binary directly instead.
|
||||||
|
run: |
|
||||||
|
set -euo pipefail
|
||||||
|
version="5.4.3"
|
||||||
|
url="https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${version}/kustomize_v${version}_linux_amd64.tar.gz"
|
||||||
|
curl -fsSL --retry 3 "$url" | tar -xz -C /tmp kustomize
|
||||||
|
sudo install -m 0755 /tmp/kustomize /usr/local/bin/kustomize
|
||||||
|
kustomize version
|
||||||
|
|
||||||
- name: Determine image tag for frontend
|
- name: Determine image tag for frontend
|
||||||
id: frontend_tag
|
id: frontend_tag
|
||||||
|
|||||||
Reference in New Issue
Block a user