Skip to content

Commit

Permalink
ci(GITHUB): integrate container workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
@niall-byrne
niall-byrne committed Nov 16, 2023
1 parent 7121be3 commit 64cdee5
Show file tree
Hide file tree
Showing 4 changed files with 72 additions and 16 deletions.
60 changes: 58 additions & 2 deletions .github/workflows/workflow-push.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,14 @@ jobs:
REV_RANGE: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_commit_spelling_rev_range }}
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}

docker_container_lint:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-container-dockerfile_linter.yml@master
with:
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }}

json_schema_lint:
needs: [configuration]
secrets:
Expand Down Expand Up @@ -195,15 +203,63 @@ jobs:
create_release:
permissions:
contents: write
needs: [commit_lint, commit_spell_check, configuration, json_schema_lint, markdown_links, markdown_lint, markdown_spelling, pre-commit_hooks, security, shell_lint, start, toml_lint, workflow_lint, yaml_lint]
needs: [commit_lint, commit_spell_check, configuration, docker_container_lint, json_schema_lint, markdown_links, markdown_lint, markdown_spelling, pre-commit_hooks, security, shell_lint, start, toml_lint, workflow_lint, yaml_lint]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-99-poetry-create_release.yml@master
with:
JSON_APPENDED_CONTENT: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_extra_release_content) }}

scan_container_aws:
permissions:
security-events: write
needs: [configuration, create_release]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-10-container-security_scan_container.yml@master
with:
BUILD_ARGS: "aws"
IMAGE_NAME: "ghcr.io/niallbyrne_ca/smtp-aws"
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }}

scan_container_cloudflare:
permissions:
security-events: write
needs: [configuration, create_release]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-10-container-security_scan_container.yml@master
with:
BUILD_ARGS: "cloudflare"
IMAGE_NAME: "ghcr.io/niallbyrne_ca/smtp-cloudflare"
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }}

push_container_aws:
needs: [configuration, scan_container_aws]
permissions:
packages: write
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-95-container-push.yml@master
with:
BUILD_ARGS: "aws"
IMAGE_NAME: "ghcr.io/niallbyrne_ca/smtp-aws"
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }}

push_container_cloudflare:
needs: [configuration, scan_container_cloudflare]
permissions:
packages: write
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-95-container-push.yml@master
with:
BUILD_ARGS: "cloudflare"
IMAGE_NAME: "ghcr.io/niallbyrne_ca/smtp-cloudflare"
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.COOKIECUTTER_CONFIGURATION)._GITHUB_CI_DEFAULT_VERBOSE_NOTIFICATIONS }}

success:
needs: [create_release]
needs: [push_container_aws, push_container_cloudflare]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-00-generic-notification.yml@master
Expand Down
24 changes: 12 additions & 12 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM docker.io/cisagov/postfix:latest
FROM docker.io/cisagov/postfix:0.1.1

ENV ENV_FILE ""
ENV DKIM_DELAY "30"
Expand All @@ -12,22 +12,22 @@ RUN mkdir -p certbot /usr/local/share/certs/providers /usr/local/share/certs/scr
COPY providers/"${PROVIDER}".bash /usr/local/share/certs/providers
COPY scripts/*.bash /usr/local/share/certs/scripts

RUN apt-get update \
&& \
apt install -y \
certbot \
jq \
procps \
psmisc \
&& \
bash -c " \
RUN apt-get update \
&& \
apt-get install -y --no-install-recommends \
certbot \
jq \
&& \
bash -c " \
source /usr/local/share/certs/providers/${PROVIDER}.bash \
&& \
provider_dependencies \
" \
&& \
" \
&& \
rm -rf /var/lib/apt/lists/*

WORKDIR /root

COPY entrypoint.sh entrypoint.sh
RUN chmod +x entrypoint.sh

Expand Down
2 changes: 1 addition & 1 deletion providers/aws.bash
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ provider_create() {
}

provider_dependencies() {
apt install -y awscli python3-certbot-dns-route53
apt-get install -y --no-install-recommends awscli python3-certbot-dns-route53
}

provider_dkim() {
Expand Down
2 changes: 1 addition & 1 deletion providers/cloudflare.bash
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ provider_create() {
}

provider_dependencies() {
apt install -y curl python3-certbot-dns-cloudflare
apt-get install -y --no-install-recommends curl python3-certbot-dns-cloudflare
}

provider_dkim() {
Expand Down

0 comments on commit 64cdee5

Please sign in to comment.