Skip to content
Docker Image CI/CD

chore: update Docker CI/CD workflow and add Trivy configuration for e… #98

Sign in to view logs

chore: update Docker CI/CD workflow and add Trivy configuration for e…

chore: update Docker CI/CD workflow and add Trivy configuration for e… #98

Workflow file for this run

.github/workflows/docker-image.yml at 6d62445
name: Docker Image CI/CD
on:
push:
branches: [ 'dev/workflows' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
runs-on: [ self-hosted, linux, x64, backend ]
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
trivy-config: trivy.yaml
cache-dir: '/tmp/trivy-cache'
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Build and push Docker image
id: docker_build
run: |
for i in 1 2 3; do
if docker compose -f docker-compose.build.yml build && \
docker compose -f docker-compose.build.yml push; then
exit 0
fi
echo "Retry $i/3..."
sleep 10
done
exit 1
deploy:
runs-on: [ self-hosted, linux, x64, backend ]
needs: build
environment: Production
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- name: Deploy
env:
DB_DATABASE: ${{ secrets.DB_DATABASE }}
DB_DATABASE_TEST: ${{ secrets.DB_DATABASE_TEST }}
DB_ROOT_PASSWORD: ${{ secrets.DB_ROOT_PASSWORD }}
DB_LOCAL_PORT: ${{ secrets.DB_LOCAL_PORT }}
DB_USER: ${{ secrets.DB_USER }}
DB_DOCKER_PORT: ${{ secrets.DB_DOCKER_PORT }}
SERVER_LOCAL_PORT: ${{ secrets.SERVER_LOCAL_PORT }}
SERVER_DOCKER_PORT: ${{ secrets.SERVER_DOCKER_PORT }}
SPRING_PROFILES_ACTIVE: ${{ secrets.SPRING_PROFILES_ACTIVE }}
SPRING_DATASOURCE_URL: ${{ secrets.SPRING_DATASOURCE_URL }}
API_SECURITY_ISSUER: ${{ secrets.API_SECURITY_ISSUER }}
API_SECURITY_TOKEN_SECRET: ${{ secrets.API_SECURITY_TOKEN_SECRET }}
SPRING_MAIL_USERNAME: ${{ secrets.SPRING_MAIL_USERNAME }}
SPRING_MAIL_PASSWORD: ${{ secrets.SPRING_MAIL_PASSWORD }}
EMAIL_TO_SEND_LIST: ${{ secrets.EMAIL_TO_SEND_LIST }}
run: |
for i in 1 2 3; do
if docker compose pull && docker compose up -d; then
exit 0
fi
echo "Retry $i/3..."
sleep 10
done
exit 1
health-check:
runs-on: [ self-hosted, linux, x64, backend ]
needs: deploy
timeout-minutes: 5
steps:
- name: Health check with timeout and retry
run: |
max_attempts=12
attempt=1
while [ $attempt -le $max_attempts ]; do
if curl -sSf http://localhost:${{ secrets.SERVER_LOCAL_PORT }}/actuator/health; then
echo "Service is healthy!"
exit 0
fi
echo "Attempt $attempt/$max_attempts - Service not healthy yet..."
sleep 15
attempt=$((attempt + 1))
done
echo "Health check failed after $max_attempts attempts"
exit 1
cleanup:
runs-on: [ self-hosted, linux, x64, backend ]
needs: health-check
if: always()
steps:
- uses: actions/checkout@v4
- name: Cleanup Docker resources
run: |
chmod +x ./.github/scripts/cleanup_docker.sh
./.github/scripts/cleanup_docker.sh
notify:
runs-on: [ self-hosted, linux, x64, backend ]
needs: [deploy, health-check, cleanup]
if: always()
steps:
- name: Notify deployment status
run: |
if [ "${{ job.status }}" = "success" ]; then
echo "✅ Deployment completed successfully"
else
echo "❌ Deployment failed"
fi