Skip to content

Commit

Permalink
ci: fix the CI for PRs from forked projects (#11)
Browse files Browse the repository at this point in the history
* ci: add IS_FORK to skip some jobs on PRs from forked projects

Signed-off-by: PINCHON Benjamin <[email protected]>

* ci: remove TARGETPLATFORM in Dockerfile as this is the default behavior

Signed-off-by: PINCHON Benjamin <[email protected]>

---------

Signed-off-by: PINCHON Benjamin <[email protected]>
  • Loading branch information
mydoomfr authored Sep 10, 2024
1 parent b3e1d0f commit 251076c
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 36 deletions.
13 changes: 5 additions & 8 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,6 @@ on:
build-platform:
required: true
type: string
secrets:
GHCR_USERNAME:
required: true
GHCR_TOKEN:
required: true

jobs:
build-and-push-image:
Expand All @@ -35,10 +30,11 @@ jobs:

- name: Log in to the Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
if: github.event_name != 'pull_request'
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }}
password: ${{ secrets.GHCR_TOKEN }}
username: ${{ github.actor }}
password: ${{ github.token }}

- name: Extract metadata (tags, labels) for Docker
id: meta
Expand All @@ -58,14 +54,15 @@ jobs:
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
with:
context: .
push: true
push: ${{ github.event_name != 'pull_request' }}
provenance: false
platforms: ${{ inputs.build-platform }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
if: github.event_name != 'pull_request'
with:
image-ref: ${{ inputs.image-name }}:${{ steps.meta.outputs.version }}
format: 'table'
Expand Down
28 changes: 1 addition & 27 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: CI
on:
push:
branches:
- main
- "*"
pull_request: {}

env:
Expand Down Expand Up @@ -119,29 +119,6 @@ jobs:
run: |
make test
sonarqube:
name: SonarQube Trigger
runs-on: ubuntu-latest
needs: detect-noop
if: needs.detect-noop.outputs.noop != 'true'
continue-on-error: true

steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0

- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@aecaf43ae57e412bd97d70ef9ce6076e672fe0a9
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST }}
with:
args: >
-Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }}
repo-slug:
runs-on: ubuntu-latest
outputs:
Expand Down Expand Up @@ -170,6 +147,3 @@ jobs:
with:
image-name: ${{ needs.repo-slug.outputs.repo_slug }}
build-platform: "linux/amd64,linux/arm64,linux/s390x,linux/ppc64le"
secrets:
GHCR_USERNAME: ${{ github.actor }}
GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
33 changes: 33 additions & 0 deletions .github/workflows/sonar.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: CI

on:
push:
branches:
- main

permissions:
contents: read

jobs:
sonarqube:
name: SonarQube Trigger
runs-on: ubuntu-latest
continue-on-error: true

steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ secrets.SONAR_TOKEN != '' }}
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0

- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@aecaf43ae57e412bd97d70ef9ce6076e672fe0a9
if: ${{ secrets.SONAR_TOKEN != '' }}
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST }}
with:
args: >
-Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }}
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o ma

# Use distroless as minimal base image to package the manager binary
# Refer to https://github.com/GoogleContainerTools/distroless for more details
FROM --platform=$TARGETPLATFORM gcr.io/distroless/static:nonroot
FROM gcr.io/distroless/static:nonroot
WORKDIR /
COPY --from=builder /workspace/manager .
USER 65532:65532
Expand Down

0 comments on commit 251076c

Please sign in to comment.