Node.js CI #55
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Node.js CI | |
| on: | |
| pull_request: | |
| branches: [main] | |
| types: [opened, reopened, closed, synchronize] | |
| create: | |
| tags: | |
| - sandbox.[0-9]{4}.[0-9]{1,2}.\d+$ | |
| - iptools.[0-9]{4}.[0-9]{1,2}.\d+$ | |
| ### Ensures that only one CI task per branch/environment will run at a time ### | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| services: | |
| mongodb: | |
| image: mongo:7.0 | |
| env: | |
| MONGO_INITDB_DATABASE: testdb | |
| MONGO_INITDB_ROOT_USERNAME: myUser | |
| MONGO_INITDB_ROOT_PASSWORD: myPassword | |
| ports: | |
| - 27017:27017 | |
| options: >- | |
| --health-cmd "echo 'db.runCommand("ping").ok' | mongosh --quiet" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| strategy: | |
| matrix: | |
| node-version: [20.x] | |
| mongodb-version: ['7.0'] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| cache-dependency-path: '**/package-lock.json' | |
| - name: Cache Node.js modules | |
| uses: actions/cache@v4 | |
| with: | |
| # npm cache files are stored in `~/.npm` on Linux/macOS | |
| # https://docs.github.com/en/actions/guides/building-and-testing-nodejs | |
| path: ~/.npm | |
| key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.OS }}-node- | |
| ${{ runner.OS }}- | |
| - name: Install dependencies | |
| run: npm install | |
| - name: Run tests | |
| env: | |
| MONGODB_URI: mongodb://myUser:myPassword@localhost:27017/testdb?authMechanism=DEFAULT&authSource=admin | |
| run: npm run test --ignore-scripts -- --coverage --runInBand | |
| - name: Check code style | |
| run: npm run lint | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| if: (github.event.pull_request.merged == true) || (github.event_name == 'create' && startsWith(github.ref, 'refs/tags/')) | |
| needs: test | |
| outputs: | |
| output_tag: ${{ steps.set_tag.outputs.OUTPUT_TAG }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Git config | |
| run: git config --global url.https://${{ secrets.GH_ACCESS_TOKEN }}@github.com/.insteadOf https://github.com/ | |
| - name: Set Env for Tag | |
| id: set_tag | |
| env: | |
| EVENT_TAG: ${{ github.event_name == 'create' && startsWith(github.ref, 'refs/tags/')}} | |
| EVENT_PUSH: ${{ github.event_name == 'push' }} | |
| run: | | |
| if ${EVENT_TAG} == true; then | |
| echo "OUTPUT_TAG=${{ github.event.ref }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "OUTPUT_TAG=dev.${{ github.sha }}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build Docker image | |
| run: docker build . -t naviat/iptoolkits:${{ steps.set_tag.outputs.OUTPUT_TAG }} | |
| - name: Scan the Docker image with Trivy | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'docker.io/naviat/iptoolkits:${{ steps.set_tag.outputs.OUTPUT_TAG }}' | |
| format: 'table' | |
| exit-code: '1' # Trivy will return a non-zero exit code if vulnerabilities are found | |
| - name: Build and push Docker image | |
| if: success() | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: docker.io/naviat/iptoolkits:${{ steps.set_tag.outputs.OUTPUT_TAG }} |