Build #443
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches-ignore: | |
| - 'dependabot/**' | |
| tags: | |
| - '*' | |
| pull_request: | |
| branches: | |
| - 'release/?*' | |
| - 'dev' | |
| schedule: | |
| - cron: '30 1 * * 6' # Weekly on Saturdays | |
| permissions: {} | |
| jobs: | |
| call-workflow: | |
| if: "!contains(github.repository, '.warriors-life-template')" | |
| uses: warriors-life/.warriors-life-workflows/.github/workflows/build-docker.yml@dev | |
| with: | |
| image-name: ${{ github.repository }} | |
| node-code-pre-test: | # https://unix.stackexchange.com/a/157619 | |
| export $(sed '/^[[:blank:]]*#/d;s/#.*//' test.env | xargs -0) && sed '/^[[:blank:]]*#/d;s/#.*//' test.env >> $GITHUB_ENV | |
| openssl req -x509 -config ssl-config/openssl-ca.conf -out server$NGINX_TRUSTED_CERTS -keyout ssl-config/ca.key -noenc | |
| openssl req -config ssl-config/openssl-cert.conf -CA server$NGINX_TRUSTED_CERTS -CAkey ssl-config/ca.key -out server$NGINX_CERT -keyout server$NGINX_CERT_KEY -noenc | |
| gzip -k server/static/*.{css,csv,html,ico,js,json,svg,txt,wasm,webmanifest} | |
| cd server && docker compose up -d | |
| secrets: inherit | |
| permissions: | |
| security-events: write | |
| id-token: write | |
| attestations: write | |
| packages: write | |
| contents: write | |
| actions: read | |
| issues: read | |
| pull-requests: read | |
| test-nginx: | |
| if: always() | |
| needs: call-workflow | |
| name: Test Nginx configuration | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Test with nginx -t | |
| uses: warriors-life/.warriors-life-workflows/test-docker-image@dev | |
| with: | |
| code: | | |
| export $(sed '/^[[:blank:]]*#/d;s/#.*//' test.env | xargs -0) | |
| openssl req -x509 -config ssl-config/openssl-ca.conf -out server$NGINX_TRUSTED_CERTS -keyout ssl-config/ca.key -noenc | |
| openssl req -config ssl-config/openssl-cert.conf -CA server$NGINX_TRUSTED_CERTS -CAkey ssl-config/ca.key -out server$NGINX_CERT -keyout server$NGINX_CERT_KEY -noenc | |
| docker run --rm --env-file test.env --mount type=bind,src="$(pwd)"/server/ssl,dst=/ssl,ro ${{ needs.call-workflow.outputs.test-tag }} nginx -t | |
| test-gixy: | |
| if: always() | |
| needs: call-workflow | |
| name: Test Nginx configuration with Gixy | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Test with Gixy | |
| uses: warriors-life/.warriors-life-workflows/test-docker-image@dev | |
| with: | |
| code: | | |
| docker run --rm --env-file test.env --mount type=volume,src=nginx-conf,dst=/etc/nginx ${{ needs.call-workflow.outputs.test-tag }} nginx -v | |
| docker run --rm --mount type=volume,src=nginx-conf,dst=/etc/nginx,ro getpagespeed/gixy:v0.1.24@sha256:5db6becaeb4b316ae242baff03c6395c15b4fbdbfa67a5229fbdeeef1ee7828e |