Skip to content

Instantly share code, notes, and snippets.

@goldeneggg

goldeneggg/ci.yml

Last active Aug 31, 2020
Embed
What would you like to do?
Rails 6 API Development and GitHub Actions CI with Docker (.github/workflows/ci.yml)
on:
push:
branches:
- master
paths-ignore:
- '**/*.md'
- 'LICENSE'
pull_request:
paths-ignore:
- '**/*.md'
- 'LICENSE'
env:
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
APP_IMAGE_TAG: rails6api-development:0.1.0
APP_IMAGE_CACHE_TAG: rails6api-development-cache
IMAGE_CACHE_DIR: /tmp/cache/docker-image
IMAGE_CACHE_KEY: cache-image
jobs:
image-cache-or-build:
strategy:
matrix:
ruby: ["2.7.1"]
os: [ubuntu-18.04]
runs-on: ${{ matrix.os }}
env:
ARG_RUBY_VERSION: ${{ matrix.ruby }}
steps:
- name: Check out code
id: checkout
uses: actions/checkout@v2
- name: Cache docker image
id: cache-docker-image
uses: actions/cache@v1
with:
path: ${{ env.IMAGE_CACHE_DIR }}
key: ${{ runner.os }}-${{ env.IMAGE_CACHE_KEY }}-${{ matrix.ruby }}-${{ hashFiles('Dockerfile') }}
restore-keys: |
${{ runner.os }}-${{ env.IMAGE_CACHE_KEY }}-${{ matrix.ruby }}-
- name: Docker load
id: docker-load
if: steps.cache-docker-image.outputs.cache-hit == 'true'
run: docker image load -i ${IMAGE_CACHE_DIR}/image.tar
- name: Docker build
id: docker-build
run: docker-compose build --build-arg BUILDKIT_INLINE_CACHE=1 base
- name: Docker tag and save
id: docker-tag-save
if: steps.cache-docker-image.outputs.cache-hit != 'true'
run: mkdir -p ${IMAGE_CACHE_DIR}
&& docker image tag ${APP_IMAGE_TAG} ${APP_IMAGE_CACHE_TAG}
&& docker image save -o ${IMAGE_CACHE_DIR}/image.tar ${APP_IMAGE_CACHE_TAG}
test-app:
needs: image-cache-or-build
strategy:
matrix:
ruby: ["2.7.1"]
os: [ubuntu-18.04]
runs-on: ${{ matrix.os }}
env:
ARG_RUBY_VERSION: ${{ matrix.ruby }}
GEMS_CACHE_DIR: /tmp/cache/bundle
GEMS_CACHE_KEY: cache-gems
steps:
- name: Check out code
id: checkout
uses: actions/checkout@v2
- name: Generate dotenv
id: generate-dotenv
run: cp .env.sample .env
- name: Cache docker image
id: cache-docker-image
uses: actions/cache@v1
with:
path: ${{ env.IMAGE_CACHE_DIR }}
key: ${{ runner.os }}-${{ env.IMAGE_CACHE_KEY }}-${{ matrix.ruby }}-${{ hashFiles('Dockerfile') }}
restore-keys: |
${{ runner.os }}-${{ env.IMAGE_CACHE_KEY }}-${{ matrix.ruby }}-
- name: Docker load
id: docker-load
if: steps.cache-docker-image.outputs.cache-hit == 'true'
run: docker image load -i ${IMAGE_CACHE_DIR}/image.tar
- name: Docker compose build
id: docker-build
run: docker-compose build --build-arg BUILDKIT_INLINE_CACHE=1 base
- name: Wait middleware services
id: wait-middleware
run: docker-compose run --rm wait-middleware
- name: Confirm docker-compose logs
id: confirm-docker-compose-logs
run: docker-compose logs db
- name: Cache bundle gems
id: cache-bundle-gems
uses: actions/cache@v1
with:
path: ${{ env.GEMS_CACHE_DIR }}
key: ${{ runner.os }}-${{ env.GEMS_CACHE_KEY }}-${{ matrix.ruby }}-${{ hashFiles('Gemfile.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.GEMS_CACHE_KEY }}-${{ matrix.ruby }}-
- name: Setup and Run test
id: setup-and-run-test
run: docker-compose run --rm console bash -c "bundle install && rails db:prepare && rspec"
scan-image-by-trivy:
needs: image-cache-or-build
strategy:
matrix:
ruby: ["2.7.1"]
os: [ubuntu-18.04]
runs-on: ${{ matrix.os }}
env:
ARG_RUBY_VERSION: ${{ matrix.ruby }}
TRIVY_CACHE_DIR: /tmp/cache/trivy
steps:
- name: Check out code
id: checkout
uses: actions/checkout@v2
- name: Cache docker image
id: cache-docker-image
uses: actions/cache@v1
with:
path: ${{ env.IMAGE_CACHE_DIR }}
key: ${{ runner.os }}-${{ env.IMAGE_CACHE_KEY }}-${{ matrix.ruby }}-${{ hashFiles('Dockerfile') }}
restore-keys: |
${{ runner.os }}-${{ env.IMAGE_CACHE_KEY }}-${{ matrix.ruby }}-
- name: Docker load
id: docker-load
if: steps.cache-docker-image.outputs.cache-hit == 'true'
run: docker image load -i ${IMAGE_CACHE_DIR}/image.tar
- name: Scan image
id: scan-image
run: docker container run
--rm
-v /var/run/docker.sock:/var/run/docker.sock
-v ${TRIVY_CACHE_DIR}:/root/.cache/
aquasec/trivy
${APP_IMAGE_CACHE_TAG}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.