devteam/sharenet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Security improvements #3
Some checks are pending
CI/CD Pipeline with Secure Ephemeral PiP / test-backend (push) Waiting to run
Details
CI/CD Pipeline with Secure Ephemeral PiP / test-frontend (push) Blocked by required conditions
Details
CI/CD Pipeline with Secure Ephemeral PiP / build-backend (push) Blocked by required conditions
Details
CI/CD Pipeline with Secure Ephemeral PiP / build-frontend (push) Blocked by required conditions
Details
CI/CD Pipeline with Secure Ephemeral PiP / cleanup (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
continuist 2025-09-04 23:02:47 -04:00
parent 6bff6a1ad7
commit 9d5ab1dda5
1 changed files with 15 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
.forgejo/workflows/ci.yml
View file

@ -107,6 +107,13 @@ jobs:
node:20 \ node:20 \
sh -c "npm ci && npm run test"' sh -c "npm ci && npm run test"'
- name: Per-job cleanup (host socket)
if: always()
run: |
SOCKET_DIR="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}/podman-host-${RUN_ID}"
pgrep -u "$(id -u)" -fa 'podman system service' | grep -F "unix://${SOCKET_DIR}/podman.sock" | awk '{print $1}' | xargs -r kill || true
rm -rf "${SOCKET_DIR}" 2>/dev/null || true
build-backend: build-backend:
runs-on: [self-hosted, ci] runs-on: [self-hosted, ci]
needs: test-frontend needs: test-frontend
@ -132,14 +139,13 @@ jobs:
- name: Build backend image - name: Build backend image
run: | run: |
podman exec ci-pip-$RUN_ID sh -c \ podman exec -e REGISTRY="$REGISTRY" -e APP_NAME="$APP_NAME" -e IMAGE_TAG="$IMAGE_TAG" \
'cd /workspace/backend && podman build \ ci-pip-$RUN_ID sh -lc 'cd /workspace/backend && podman build -t "$REGISTRY/$APP_NAME/backend:$IMAGE_TAG" .'
-t "$REGISTRY/$APP_NAME/backend:$IMAGE_TAG" .'
- name: Push backend image - name: Push backend image
run: | run: |
podman exec ci-pip-$RUN_ID podman push \ podman exec -e REGISTRY="$REGISTRY" -e APP_NAME="$APP_NAME" -e IMAGE_TAG="$IMAGE_TAG" \
${{ secrets.REGISTRY_HOST }}/${{ secrets.APP_NAME }}/backend:${{ github.sha }} ci-pip-$RUN_ID sh -lc 'podman push "$REGISTRY/$APP_NAME/backend:$IMAGE_TAG"'
build-frontend: build-frontend:
runs-on: [self-hosted, ci] runs-on: [self-hosted, ci]
@ -166,14 +172,13 @@ jobs:
- name: Build frontend image - name: Build frontend image
run: | run: |
podman exec ci-pip-$RUN_ID sh -c \ podman exec -e REGISTRY="$REGISTRY" -e APP_NAME="$APP_NAME" -e IMAGE_TAG="$IMAGE_TAG" \
'cd /workspace/frontend && podman build \ ci-pip-$RUN_ID sh -lc 'cd /workspace/frontend && podman build -t "$REGISTRY/$APP_NAME/frontend:$IMAGE_TAG" .'
-t "$REGISTRY/$APP_NAME/frontend:$IMAGE_TAG" .'
- name: Push frontend image - name: Push frontend image
run: | run: |
podman exec ci-pip-$RUN_ID podman push \ podman exec -e REGISTRY="$REGISTRY" -e APP_NAME="$APP_NAME" -e IMAGE_TAG="$IMAGE_TAG" \
${{ secrets.REGISTRY_HOST }}/${{ secrets.APP_NAME }}/frontend:${{ github.sha }} ci-pip-$RUN_ID sh -lc 'podman push "$REGISTRY/$APP_NAME/frontend:$IMAGE_TAG"'
cleanup: cleanup:
runs-on: [self-hosted, ci] runs-on: [self-hosted, ci]