Update workflows (#60)

- replaced mega linter with github super linter
PatrickMatthiesen · Mar 24, 2023 · 26ed0de · 26ed0de
1 parent 01daf25
commit 26ed0de
Show file tree

Hide file tree

Showing 8 changed files with 241 additions and 283 deletions.
diff --git a/.github/workflows/Scheduled-release.yml b/.github/workflows/Scheduled-release.yml
@@ -14,7 +14,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Checkout code
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
  with:
  fetch-depth: 0
 

diff --git a/.github/workflows/container-snyk.yml b/.github/workflows/container-snyk.yml
@@ -1,83 +1,83 @@
-name: Snyk
-on: 
+name: Snyk
+on: 
  pull_request:
-
-jobs:
- build-container:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v2
-
- - name: Login to Docker Hub
- uses: docker/login-action@v1
- with:
- username: ${{ secrets.DOCKERHUB_USERNAME }}
- password: ${{ secrets.DOCKERHUB_TOKEN }}
-
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v1
-
- - name: Build and push minitwit-db snyk image
- uses: docker/build-push-action@v2
- with:
- context: ./MiniTwit
- file: MiniTwit/MiniTwit/Server/Dockerfile
- push: true
- tags: ${{ secrets.DOCKERHUB_USERNAME }}/minitwit-db:snyk
- cache-from: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/minitwit-souffle:snyk-webbuildcache
- cache-to: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/minitwit-souffle:snyk-webbuildcache,mode=max
-
- snyk-report:
- runs-on: ubuntu-latest
- needs: build-container
-
- permissions:
- contents: read # for actions/checkout to fetch code
- security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-
- steps:
- - uses: actions/checkout@v2
-
- - name: Login to Docker Hub
- uses: docker/login-action@v1
- with:
- username: ${{ secrets.DOCKERHUB_USERNAME }}
- password: ${{ secrets.DOCKERHUB_TOKEN }}
-
- - name: Run Snyk to check Docker image for vulnerabilities
- # Snyk can be used to break the build when it detects vulnerabilities.
- # In this case we want to upload the issues to GitHub Code Scanning
- continue-on-error: true
- uses: snyk/actions/docker@master
- env:
- # In order to use the Snyk Action you will need to have a Snyk API token.
- # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
- # or you can sign up for free at https://snyk.io/login
- SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- with:
- image: ${{ secrets.DOCKERHUB_USERNAME }}/minitwit-db:snyk
- args: --file=MiniTwit/MiniTwit/Server/Dockerfile
- - name: Upload result to GitHub Code Scanning
- uses: github/codeql-action/upload-sarif@v2
- with:
- sarif_file: snyk.sarif
-
- snyk-check:
- runs-on: ubuntu-latest
- needs: build-container
- steps:
- - uses: actions/checkout@v2
-
- - name: Login to Docker Hub
- uses: docker/login-action@v1
- with:
- username: ${{ secrets.DOCKERHUB_USERNAME }}
- password: ${{ secrets.DOCKERHUB_TOKEN }}
-
- - name: Run Snyk to check Docker images for vulnerabilities
- uses: snyk/actions/docker@master
- env:
- SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- with:
- image: ${{ secrets.DOCKERHUB_USERNAME }}/minitwit-db:snyk
+
+jobs:
+ build-container:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: Login to Docker Hub
+ uses: docker/login-action@v1
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v1
+
+ - name: Build and push minitwit-db snyk image
+ uses: docker/build-push-action@v2
+ with:
+ context: ./MiniTwit
+ file: MiniTwit/MiniTwit/Server/Dockerfile
+ push: true
+ tags: ${{ secrets.DOCKERHUB_USERNAME }}/minitwit-db:snyk
+ cache-from: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/minitwit-souffle:snyk-webbuildcache
+ cache-to: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/minitwit-souffle:snyk-webbuildcache,mode=max
+
+ snyk-report:
+ runs-on: ubuntu-latest
+ needs: build-container
+
+ permissions:
+ contents: read # for actions/checkout to fetch code
+ security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: Login to Docker Hub
+ uses: docker/login-action@v1
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: Run Snyk to check Docker image for vulnerabilities
+ # Snyk can be used to break the build when it detects vulnerabilities.
+ # In this case we want to upload the issues to GitHub Code Scanning
+ continue-on-error: true
+ uses: snyk/actions/docker@master
+ env:
+ # In order to use the Snyk Action you will need to have a Snyk API token.
+ # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
+ # or you can sign up for free at https://snyk.io/login
+ SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+ with:
+ image: ${{ secrets.DOCKERHUB_USERNAME }}/minitwit-db:snyk
+ args: --file=MiniTwit/MiniTwit/Server/Dockerfile
+ - name: Upload result to GitHub Code Scanning
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: snyk.sarif
+
+ snyk-check:
+ runs-on: ubuntu-latest
+ needs: build-container
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: Login to Docker Hub
+ uses: docker/login-action@v1
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: Run Snyk to check Docker images for vulnerabilities
+ uses: snyk/actions/docker@master
+ env:
+ SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+ with:
+ image: ${{ secrets.DOCKERHUB_USERNAME }}/minitwit-db:snyk
  args: --severity-threshold=high
diff --git a/.github/workflows/continous-deployment.yml b/.github/workflows/continous-deployment.yml
@@ -1,97 +1,97 @@
----
-name: Continuous Deployment
-
-on:
- push:
- # Run workflow every time something is pushed to the main branch
- branches:
- - main
-
-jobs:
- image-build:
- runs-on: ubuntu-latest
- defaults:
- run:
- working-directory: ./MiniTwit
-
- steps:
- - name: Checkout
- uses: actions/checkout@v2
-
- - name: Login to Docker Hub
- uses: docker/login-action@v1
- with:
- username: ${{ secrets.DOCKERHUB_USERNAME }}
- password: ${{ secrets.DOCKERHUB_TOKEN }}
-
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v1
-
- - name: Build and push minitwit-souffle
- uses: docker/build-push-action@v2
- with:
- context: ./MiniTwit
- file: MiniTwit/MiniTwit/Server/Dockerfile
- push: true
- tags: ${{ secrets.DOCKERHUB_USERNAME }}/minitwit-souffle:latest
- cache-from: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/minitwit-souffle:webbuildcache
- cache-to: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/minitwit-souffle:webbuildcache,mode=max
-
- - name: Build and push minitwit-db
- uses: docker/build-push-action@v2
- with:
- context: ./MiniTwit
- file: MiniTwit/MiniTwit/Server/Dockerfile.database
- push: true
- tags: ${{ secrets.DOCKERHUB_USERNAME }}/minitwit-db:latest
- cache-from: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/minitwit-db:mysqlbuildcache
- cache-to: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/minitwit-db:mysqlbuildcache,mode=max
-
- deploy:
- runs-on: ubuntu-latest
- needs: image-build
- defaults:
- run:
- working-directory: ./MiniTwit
-
- steps:
- - name: Checkout
- uses: actions/checkout@v2
-
- - name: Configure SSH
- run: |
- mkdir -p ~/.ssh/
- echo "$SSH_KEY" > ~/.ssh/minitwit.key
- chmod 600 ~/.ssh/minitwit.key
- env:
- SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
-
- - name: Deploy Server
- run: >
- ssh $SSH_USER@$SSH_HOST
- -i ~/.ssh/minitwit.key -o StrictHostKeyChecking=no
- "docker stop minitwit-souffle &&
- docker rm minitwit-souffle &&
- docker pull $DOCKER_USERNAME/minitwit-souffle:latest &&
- docker run -d --name minitwit-souffle -p 5000:80 $DOCKER_USERNAME/minitwit-souffle:latest"
- env:
- SSH_USER: ${{ secrets.SSH_USER }}
- SSH_HOST: ${{ secrets.SSH_HOST }}
- DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
-
- - name: Copy files for Monitoring
- run: |
- scp -i ~/.ssh/minitwit.key -o StrictHostKeyChecking=no docker-compose-monitoring.yml $SSH_USER@$SSH_HOST:docker
- scp -i ~/.ssh/minitwit.key -o StrictHostKeyChecking=no prometheus.yml $SSH_USER@$SSH_HOST:docker
- env:
- SSH_USER: ${{ secrets.SSH_USER }}
- SSH_HOST: ${{ secrets.SSH_DB_HOST }}
-
- - name: Deploy Monitoring
- run: >
- ssh $SSH_USER@$SSH_HOST
- -i ~/.ssh/minitwit.key -o StrictHostKeyChecking=no
- "docker compose -f docker/docker-compose-monitoring.yml up -d"
- env:
- SSH_USER: ${{ secrets.SSH_USER }}
- SSH_HOST: ${{ secrets.SSH_DB_HOST }}
+---
+name: Continuous Deployment
+
+on:
+ push:
+ # Run workflow every time something is pushed to the main branch
+ branches:
+ - main
+
+jobs:
+ image-build:
+ runs-on: ubuntu-latest
+ defaults:
+ run:
+ working-directory: ./MiniTwit
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ - name: Login to Docker Hub
+ uses: docker/login-action@v1
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v1
+
+ - name: Build and push minitwit-souffle
+ uses: docker/build-push-action@v2
+ with:
+ context: ./MiniTwit
+ file: MiniTwit/MiniTwit/Server/Dockerfile
+ push: true
+ tags: ${{ secrets.DOCKERHUB_USERNAME }}/minitwit-souffle:latest
+ cache-from: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/minitwit-souffle:webbuildcache
+ cache-to: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/minitwit-souffle:webbuildcache,mode=max
+
+ - name: Build and push minitwit-db
+ uses: docker/build-push-action@v2
+ with:
+ context: ./MiniTwit
+ file: MiniTwit/MiniTwit/Server/Dockerfile.database
+ push: true
+ tags: ${{ secrets.DOCKERHUB_USERNAME }}/minitwit-db:latest
+ cache-from: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/minitwit-db:mysqlbuildcache
+ cache-to: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/minitwit-db:mysqlbuildcache,mode=max
+
+ deploy:
+ runs-on: ubuntu-latest
+ needs: image-build
+ defaults:
+ run:
+ working-directory: ./MiniTwit
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+
+ - name: Configure SSH
+ run: |
+ mkdir -p ~/.ssh/
+ echo "$SSH_KEY" > ~/.ssh/minitwit.key
+ chmod 600 ~/.ssh/minitwit.key
+ env:
+ SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+
+ - name: Deploy Server
+ run: >
+ ssh $SSH_USER@$SSH_HOST
+ -i ~/.ssh/minitwit.key -o StrictHostKeyChecking=no
+ "docker stop minitwit-souffle &&
+ docker rm minitwit-souffle &&
+ docker pull $DOCKER_USERNAME/minitwit-souffle:latest &&
+ docker run -d --name minitwit-souffle -p 5000:80 $DOCKER_USERNAME/minitwit-souffle:latest"
+ env:
+ SSH_USER: ${{ secrets.SSH_USER }}
+ SSH_HOST: ${{ secrets.SSH_HOST }}
+ DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+
+ - name: Copy files for Monitoring
+ run: |
+ scp -i ~/.ssh/minitwit.key -o StrictHostKeyChecking=no docker-compose-monitoring.yml $SSH_USER@$SSH_HOST:docker
+ scp -i ~/.ssh/minitwit.key -o StrictHostKeyChecking=no prometheus.yml $SSH_USER@$SSH_HOST:docker
+ env:
+ SSH_USER: ${{ secrets.SSH_USER }}
+ SSH_HOST: ${{ secrets.SSH_DB_HOST }}
+
+ - name: Deploy Monitoring
+ run: >
+ ssh $SSH_USER@$SSH_HOST
+ -i ~/.ssh/minitwit.key -o StrictHostKeyChecking=no
+ "docker compose -f docker/docker-compose-monitoring.yml up -d"
+ env:
+ SSH_USER: ${{ secrets.SSH_USER }}
+ SSH_HOST: ${{ secrets.SSH_DB_HOST }}
diff --git a/.github/workflows/dotnet-Build-and-Test.yml b/.github/workflows/dotnet-Build-and-Test.yml
@@ -21,6 +21,9 @@ jobs:
 
  steps:
  - uses: actions/checkout@v3
+ with: 
+ fetch-depth: 1
+
  - name: Setup .NET
  uses: actions/setup-dotnet@v3
  with: