|
1 | | -# GitHub Actions |
2 | | - |
3 | | -[](https://github.com/DevSecOpsSamples/githubactions/actions/workflows/build.yml) |
4 | | -[](https://sonarcloud.io/summary/new_code?id=DevSecOpsSamples_githubactions) [](https://sonarcloud.io/summary/new_code?id=DevSecOpsSamples_githubactions) |
5 | | - |
6 | | -## Overview |
7 | | - |
8 | | -Provides GitHub Workflow and Action samples. |
9 | | - |
10 | | -## Sample Repositories |
11 | | - |
12 | | -| Repository | Workflow File | Actions | Description | Plugins | |
13 | | -|---|--------------------------------|------|--------------------------------|---------------| |
14 | | -| gke-workload-identity | [build.yml ](https://github.com/DevSecOpsSamples/gke-workload-identity/blob/master/.github/workflows/build.yml) | [actions ](https://github.com/DevSecOpsSamples/gke-workload-identity/actions/workflows/build.yml) | GCP, gcloud, Docker, Terraform < br/> Python, pytest, publish unittest result, Sonarqube | hashicorp/ [email protected] < br/>jacobtomlinson/gha-find-replace@v2 < br/> actions/github-script@v6 < br/>actions/setup-java@v1 < br/>actions/setup-python@v4 < br/> google-github-actions/auth@v1 < br/> EnricoMi/publish-unit-test-result-action/composite@v2 < br/> actions/cache@v3 < br/> | |
15 | | -| jenkins-fargate-cdk | [build.yml](https://github.com/DevSecOpsSamples/jenkins-fargate-cdk/blob/master/.github/workflows/build.yml) | [actions](https://github.com/DevSecOpsSamples/jenkins-fargate-cdk/actions/workflows/build.yml) | Docker, CDK, Sonarqube | | |
16 | | - |
17 | | -## Docker |
18 | | - |
19 | | -- Build multi-platform docker image files: [docker-buildx-gcr.yml](docker-buildx-gcr.yml) |
20 | | - |
21 | | -## Cache |
22 | | - |
23 | | -- Optimize build speed using the `cache` plugin: [java/README.md](java/README.md) |
24 | | - |
25 | | - [java/.github/workflows/build-java.yml](java/.github/workflows/build-java.yml) |
26 | | - |
27 | | - [java/.github/workflows/build-java-sonarqube.yml](java/.github/workflows/build-java-sonarqube.yml) |
28 | | - |
29 | | -## Matrix |
30 | | - |
31 | | -- [gke-workload-identity](https://github.com/DevSecOpsSamples/gke-workload-identity/blob/master/.github/workflows/build.yml) |
32 | | - |
33 | | -## Terraform |
34 | | - |
35 | | -- [terraform.yml](terraform.yml) |
36 | | - |
37 | | - <details><summary>Terraform Plan</summary> |
38 | | - |
39 | | -  |
40 | | - |
41 | | - </details> |
42 | | - |
43 | | -## Python Unittest |
44 | | - |
45 | | -- [python-unittest.yml](python-unittest.yml) [setup.cfg](setup.cfg) |
46 | | - |
47 | | - <details><summary>Unittest Results</summary> |
48 | | - |
49 | | -  |
50 | | - |
51 | | -  |
52 | | - |
53 | | - </details> |
54 | | - |
55 | | -## Plugins |
56 | | - |
57 | | -| Plugin | Description | |
58 | | -|-------------|--------------------------------| |
59 | | -| [actions/setup-java@v3](https://github.com/actions/setup-java) | | |
60 | | -| [actions/setup-python@v4](https://github.com/actions/setup-python) | | |
61 | | -| [actions/cache@v3](https://github.com/actions/cache) | | |
62 | | -| [actions/github-script@v6](https://github.com/actions/github-script) | | |
63 | | -| [hashicorp/ [email protected]](https://github.com/hashicorp/setup-terraform) | | |
64 | | -| [jacobtomlinson/gha-find-replace@v2](https://github.com/jacobtomlinson/gha-find-replace) | Find and Replace Action | |
65 | | -| [google-github-actions/auth@v1](https://github.com/google-github-actions/auth) | GitHub Action authenticates to Google Cloud | |
66 | | -| [EnricoMi/publish-unit-test-result-action/composite@v2](https://github.com/EnricoMi/publish-unit-test-result-action) | Publish Test Results | |
67 | | - |
68 | | -## Dispatch |
69 | | - |
70 | | -```bash |
71 | | -cp .github/workflows/dispatch-request-exmple.json request-body.json |
72 | | -cat request-body.json |
73 | | - |
74 | | -TOKEN="example-github_pat_XXXXX" |
75 | | - |
76 | | -curl -d @request-body.json \ |
77 | | - -H "Accept: application/vnd.github+json" \ |
78 | | - -H "X-GitHub-Api-Version: 2022-11-28" \ |
79 | | - -H "Authorization: Bearer $TOKEN" \ |
80 | | - https://api.github.com/repos/DevSecOpsSamples/githubactions/actions/workflows/dispatch-example.yml/dispatches |
81 | | -``` |
82 | | - |
83 | | -develop branch: |
84 | | - |
85 | | -[.github/workflows/dispatch-request-exmple.json](.github/workflows/dispatch-request-exmple.json) |
86 | | - |
87 | | -```json |
88 | | -{ |
89 | | - "ref": "develop", |
90 | | - "inputs": { |
91 | | - "source_regurl_tag": "gcr.io/project-id/source-image:2650c2f7c04640b8c67df560510914f7ba2033e2", |
92 | | - "target_regurl": "gcr.io/project-id/target-image" |
93 | | - } |
94 | | -} |
95 | | -``` |
96 | | - |
97 | | -master branch: |
98 | | - |
99 | | -```json |
100 | | -{ |
101 | | - "ref": "master", |
102 | | - "inputs": { |
103 | | - "source_regurl_tag": "gcr.io/project-id/source-image:2650c2f7c04640b8c67df560510914f7ba2033e2", |
104 | | - "target_regurl": "gcr.io/project-id/target-image" |
105 | | - } |
106 | | -} |
107 | | -``` |
108 | | - |
109 | | - |
110 | | -## Reference |
111 | | - |
112 | | -- [GitHub Actions /Using workflows / Cache dependencies / Caching dependencies to speed up workflows](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#managing-caches) |
113 | | - |
114 | | -- https://github.com/actions/cache |
115 | | - |
116 | | -- https://github.com/actions/cache/blob/main/examples.md#java---gradle |
117 | | - |
118 | | -- https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event |
| 1 | +name: GitHub action dispath |
| 2 | + |
| 3 | +on: |
| 4 | + workflow_dispatch: |
| 5 | + inputs: |
| 6 | + source_regurl_tag: |
| 7 | + required: true |
| 8 | + default: "" |
| 9 | + description: "Container image registry URL with tag. e.g., gcr.io/project-id-372417/source-image:2650c2f7c04640b8c67df560510914f7ba2033e2" |
| 10 | + target_regurl: |
| 11 | + required: true |
| 12 | + default: "" |
| 13 | + description: "Container image registry URL without tag. e.g., gcr.io/project-id-372417/target-image" |
| 14 | + |
| 15 | +jobs: |
| 16 | + copy_container_image: |
| 17 | + name: Copy container image |
| 18 | + runs-on: ubuntu-latest |
| 19 | + env: |
| 20 | + IMAGE_TAG: '' |
| 21 | + TARGET_IMAGE: '' |
| 22 | + steps: |
| 23 | + - name: print |
| 24 | + run: | |
| 25 | + echo ${{ inputs.source_regurl_tag }} |
| 26 | + echo ${{ inputs.target-tag }} |
| 27 | + - name: Get image tag |
| 28 | + run: | |
| 29 | + echo IMAGE_TAG=$(echo ${{ inputs.source_regurl_tag }} | cut -d":" -f2) >> $GITHUB_ENV |
| 30 | + echo "TARGET_IMAGE=${{ inputs.target_regurl }}:${{ env.IMAGE_TAG }}" >> $GITHUB_ENV |
| 31 | + |
| 32 | + - uses: 'google-github-actions/auth@v1' |
| 33 | + with: |
| 34 | + credentials_json: ${{ secrets.SA_A }} |
| 35 | + |
| 36 | + - name: Configure Docker auth for gcloud command-line |
| 37 | + run: gcloud --quiet auth configure-docker && gcloud auth list |
| 38 | + |
| 39 | + - name: Pull from source image |
| 40 | + run: docker pull ${{ inputs.source_regurl_tag }} |
| 41 | + |
| 42 | + - name: Tag target image |
| 43 | + run: docker tag ${{ inputs.source_regurl_tag }} ${{ inputs.target_regurl }}:${{ env.IMAGE_TAG }} |
| 44 | + |
| 45 | + - name: Push to target |
| 46 | + run: docker push ${{ inputs.target_regurl }}:${{ env.IMAGE_TAG }} |
| 47 | + |
| 48 | + - name: Summary |
| 49 | + run: | |
| 50 | + echo "source_regurl_tag: ${{ inputs.source_regurl_tag }}" >> $GITHUB_STEP_SUMMARY |
| 51 | + echo "target_regurl: ${{ inputs.target_regurl }}" >> $GITHUB_STEP_SUMMARY |
| 52 | + echo "TARGET_IMAGE: ${{ inputs.target_regurl }}:${{ env.IMAGE_TAG }}" >> $GITHUB_STEP_SUMMARY |
| 53 | + |
| 54 | + - uses: hmarr/debug-action@v2 |
| 55 | + if: always() |
0 commit comments