Skip to content

test

test #684

Workflow file for this run

---
#
# Documentation:
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
#
#######################################
# Start the job on all push to master #
#######################################
name: "Build & Deploy - ALPHA"
on:
push:
branches:
- "alpha"
###############
# Set the Job #
###############
jobs:
# deploy:
# name: Deploy alpha
# runs-on: ubuntu-latest
# permissions: read-all
# environment:
# name: alpha
# steps:
# - uses: actions/checkout@v4
# # Setup .npmrc file to publish to npm
# - uses: actions/setup-node@v4
# with:
# node-version: 20
# registry-url: 'https://registry.npmjs.org'
# always-auth: true
# # Defaults to the user or organization that owns the workflow file
# scope: 'hardisgroupcom'
# - run: yarn install --frozen-lockfile && yarn run compile
# - run: yarn config set version-git-tag false
# - run: ALPHAID=$(date '+%Y%m%d%H%M') && yarn version --prepatch --preid="alpha$ALPHAID"
# - run: yarn config set network-timeout 300000
# - run: yarn publish --tag alpha
# env:
# NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
push_alpha_to_registry:
name: Push alpha Docker image to Docker Hub
#needs: deploy
runs-on: ubuntu-latest
permissions:
packages: write
environment:
name: alpha
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build & Push Docker Image (Alpha)
uses: docker/build-push-action@v6
with:
context: .
file: Dockerfile
platforms: linux/amd64
build-args: |
SFDX_HARDIS_VERSION=alpha
SFDX_CLI_VERSION=latest
load: false
push: true
secrets: |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
tags: |
docker.io/hardisgroupcom/sfdx-hardis:alpha
ghcr.io/hardisgroupcom/sfdx-hardis:alpha
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/hardisgroupcom/sfdx-hardis:alpha"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
security-checks: vuln
severity: "CRITICAL,HIGH"
push_alpha_to_registry_sfdx_recommended:
name: Push alpha Docker image to Docker Hub (with @salesforce/cli version recommended by hardis)
#needs: deploy
runs-on: ubuntu-latest
permissions:
packages: write
environment:
name: alpha
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build & Push Docker Image (Alpha recommended)
uses: docker/build-push-action@v6
with:
context: .
file: Dockerfile
platforms: linux/amd64
build-args: |
SFDX_HARDIS_VERSION=alpha
SFDX_CLI_VERSION=latest
load: false
push: true
secrets: |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
tags: |
docker.io/hardisgroupcom/sfdx-hardis:alpha-sfdx-recommended
ghcr.io/hardisgroupcom/sfdx-hardis:alpha-sfdx-recommended
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/hardisgroupcom/sfdx-hardis:alpha-sfdx-recommended"
format: "table"
exit-code: "1"
ignore-unfixed: true
vuln-type: "os,library"
security-checks: vuln
severity: "CRITICAL,HIGH"