Security improvements #3
Some checks are pending
CI/CD Pipeline with Secure Ephemeral PiP / test-backend (push) Waiting to run
CI/CD Pipeline with Secure Ephemeral PiP / test-frontend (push) Blocked by required conditions
CI/CD Pipeline with Secure Ephemeral PiP / build-backend (push) Blocked by required conditions
CI/CD Pipeline with Secure Ephemeral PiP / build-frontend (push) Blocked by required conditions
CI/CD Pipeline with Secure Ephemeral PiP / cleanup (push) Blocked by required conditions
Some checks are pending
CI/CD Pipeline with Secure Ephemeral PiP / test-backend (push) Waiting to run
CI/CD Pipeline with Secure Ephemeral PiP / test-frontend (push) Blocked by required conditions
CI/CD Pipeline with Secure Ephemeral PiP / build-backend (push) Blocked by required conditions
CI/CD Pipeline with Secure Ephemeral PiP / build-frontend (push) Blocked by required conditions
CI/CD Pipeline with Secure Ephemeral PiP / cleanup (push) Blocked by required conditions
This commit is contained in:
parent
6bff6a1ad7
commit
9d5ab1dda5
1 changed files with 15 additions and 10 deletions
|
|
@ -107,6 +107,13 @@ jobs:
|
|||
node:20 \
|
||||
sh -c "npm ci && npm run test"'
|
||||
|
||||
- name: Per-job cleanup (host socket)
|
||||
if: always()
|
||||
run: |
|
||||
SOCKET_DIR="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}/podman-host-${RUN_ID}"
|
||||
pgrep -u "$(id -u)" -fa 'podman system service' | grep -F "unix://${SOCKET_DIR}/podman.sock" | awk '{print $1}' | xargs -r kill || true
|
||||
rm -rf "${SOCKET_DIR}" 2>/dev/null || true
|
||||
|
||||
build-backend:
|
||||
runs-on: [self-hosted, ci]
|
||||
needs: test-frontend
|
||||
|
|
@ -132,14 +139,13 @@ jobs:
|
|||
|
||||
- name: Build backend image
|
||||
run: |
|
||||
podman exec ci-pip-$RUN_ID sh -c \
|
||||
'cd /workspace/backend && podman build \
|
||||
-t "$REGISTRY/$APP_NAME/backend:$IMAGE_TAG" .'
|
||||
podman exec -e REGISTRY="$REGISTRY" -e APP_NAME="$APP_NAME" -e IMAGE_TAG="$IMAGE_TAG" \
|
||||
ci-pip-$RUN_ID sh -lc 'cd /workspace/backend && podman build -t "$REGISTRY/$APP_NAME/backend:$IMAGE_TAG" .'
|
||||
|
||||
- name: Push backend image
|
||||
run: |
|
||||
podman exec ci-pip-$RUN_ID podman push \
|
||||
${{ secrets.REGISTRY_HOST }}/${{ secrets.APP_NAME }}/backend:${{ github.sha }}
|
||||
podman exec -e REGISTRY="$REGISTRY" -e APP_NAME="$APP_NAME" -e IMAGE_TAG="$IMAGE_TAG" \
|
||||
ci-pip-$RUN_ID sh -lc 'podman push "$REGISTRY/$APP_NAME/backend:$IMAGE_TAG"'
|
||||
|
||||
build-frontend:
|
||||
runs-on: [self-hosted, ci]
|
||||
|
|
@ -166,14 +172,13 @@ jobs:
|
|||
|
||||
- name: Build frontend image
|
||||
run: |
|
||||
podman exec ci-pip-$RUN_ID sh -c \
|
||||
'cd /workspace/frontend && podman build \
|
||||
-t "$REGISTRY/$APP_NAME/frontend:$IMAGE_TAG" .'
|
||||
podman exec -e REGISTRY="$REGISTRY" -e APP_NAME="$APP_NAME" -e IMAGE_TAG="$IMAGE_TAG" \
|
||||
ci-pip-$RUN_ID sh -lc 'cd /workspace/frontend && podman build -t "$REGISTRY/$APP_NAME/frontend:$IMAGE_TAG" .'
|
||||
|
||||
- name: Push frontend image
|
||||
run: |
|
||||
podman exec ci-pip-$RUN_ID podman push \
|
||||
${{ secrets.REGISTRY_HOST }}/${{ secrets.APP_NAME }}/frontend:${{ github.sha }}
|
||||
podman exec -e REGISTRY="$REGISTRY" -e APP_NAME="$APP_NAME" -e IMAGE_TAG="$IMAGE_TAG" \
|
||||
ci-pip-$RUN_ID sh -lc 'podman push "$REGISTRY/$APP_NAME/frontend:$IMAGE_TAG"'
|
||||
|
||||
cleanup:
|
||||
runs-on: [self-hosted, ci]
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue