will/unitforge
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
main
unitforge/.gitea/workflows/build-container.yml
William Valentin 25666a76cf feat: Add comprehensive Gitea CI/CD workflows for multi-arch container builds 
- Add build-container.yml: Main build pipeline with multi-arch support
- Add pr-check.yml: Pull request validation with comprehensive testing
- Add release.yml: Automated release pipeline with security scanning
- Add nightly.yml: Daily builds with performance testing
- Add health_check.sh: Container health validation script
- Add setup-ci.sh: Local CI/CD environment setup script
- Add comprehensive CI/CD documentation

Features:
- Multi-architecture builds (linux/amd64, linux/arm64)
- Security scanning with Trivy
- Automated PyPI publishing for releases
- Container registry integration
- Performance testing and validation
- Artifact management and cleanup
- Build caching and optimization

Supports full development workflow from PR to production deployment.
2025-09-15 02:04:07 -07:00

174 lines
4.8 KiB
YAML
Raw Permalink Blame History

name: Build Multi-Arch Container Image
on:
push:
branches:
- main
- develop
tags:
- "v*"
pull_request:
branches:
- main
- develop
env:
REGISTRY: gitea-http.taildb3494.ts.net
IMAGE_NAME: will/unitforge
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
version: "latest"
- name: Set up Python
run: uv python install 3.11
- name: Install dependencies
run: |
uv venv
uv pip install -e ".[dev]"
- name: Run linting
run: |
source .venv/bin/activate
make lint
- name: Run tests
run: |
source .venv/bin/activate
make test-cov
- name: Security check
run: |
source .venv/bin/activate
make security-check
build-and-push:
needs: test
runs-on: ubuntu-latest
if: github.event_name != 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
password: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value=latest,enable={{is_default_branch}}
type=sha,prefix={{branch}}-
- name: Verify vendor assets
run: |
if [ ! -f frontend/static/vendor/bootstrap/css/bootstrap.min.css ]; then
echo "Error: Missing bootstrap CSS file"
exit 1
fi
if [ ! -f frontend/static/vendor/bootstrap/js/bootstrap.bundle.min.js ]; then
echo "Error: Missing bootstrap JS file"
exit 1
fi
if [ ! -f frontend/static/vendor/fontawesome/css/all.min.css ]; then
echo "Error: Missing FontAwesome CSS file"
exit 1
fi
if [ ! -f frontend/static/vendor/fontawesome/webfonts/fa-solid-900.woff2 ]; then
echo "Error: Missing FontAwesome font file"
exit 1
fi
if [ ! -f frontend/static/img/osi-logo.svg ]; then
echo "Error: Missing OSI logo"
exit 1
fi
echo "All vendor assets verified"
- name: Build and push multi-arch image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
BUILDKIT_INLINE_CACHE=1
- name: Image digest
run: echo ${{ steps.build.outputs.digest }}
security-scan:
needs: build-and-push
runs-on: ubuntu-latest
if: github.event_name != 'pull_request'
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
format: "sarif"
output: "trivy-results.sarif"
- name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: "trivy-results.sarif"
deploy-staging:
needs: [build-and-push, security-scan]
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/develop'
environment: staging
steps:
- name: Deploy to staging
run: |
echo "Deploying ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:develop to staging environment"
# Add your staging deployment commands here
# This could include updating k8s manifests, helm charts, etc.
deploy-production:
needs: [build-and-push, security-scan]
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/v')
environment: production
steps:
- name: Deploy to production
run: |
echo "Deploying ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }} to production environment"
# Add your production deployment commands here
# This could include updating k8s manifests, helm charts, etc.
Reference in New Issue View Git Blame Copy Permalink