generated from warriors-life/.warriors-life-template-docker-old
-
-
Notifications
You must be signed in to change notification settings - Fork 0
71 lines (66 loc) · 2.73 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
name: Build
on:
push:
branches-ignore:
- 'dependabot/**'
tags:
- '*'
pull_request:
branches:
- 'release/?*'
- 'dev'
schedule:
- cron: '30 1 * * 6' # Weekly on Saturdays
permissions: {}
jobs:
call-workflow:
if: "!contains(github.repository, '.warriors-life-template')"
uses: warriors-life/.warriors-life-workflows/.github/workflows/build-docker.yml@dev
with:
image-name: ${{ github.repository }}
node-code-pre-test: | # https://unix.stackexchange.com/a/157619
export $(sed '/^[[:blank:]]*#/d;s/#.*//' test.env | xargs -0) && sed '/^[[:blank:]]*#/d;s/#.*//' test.env >> $GITHUB_ENV
openssl req -x509 -config ssl-config/openssl-ca.conf -out server$NGINX_TRUSTED_CERTS -keyout ssl-config/ca.key -noenc
openssl req -config ssl-config/openssl-cert.conf -CA server$NGINX_TRUSTED_CERTS -CAkey ssl-config/ca.key -out server$NGINX_CERT -keyout server$NGINX_CERT_KEY -noenc
gzip -k server/static/*.{css,csv,html,ico,js,json,svg,txt,wasm,webmanifest}
cd server && docker compose up -d
secrets: inherit
permissions:
security-events: write
id-token: write
attestations: write
packages: write
contents: write
actions: read
issues: read
pull-requests: read
test-nginx:
if: always()
needs: call-workflow
name: Test Nginx configuration
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Test with nginx -t
uses: warriors-life/.warriors-life-workflows/test-docker-image@dev
with:
code: |
export $(sed '/^[[:blank:]]*#/d;s/#.*//' test.env | xargs -0)
openssl req -x509 -config ssl-config/openssl-ca.conf -out server$NGINX_TRUSTED_CERTS -keyout ssl-config/ca.key -noenc
openssl req -config ssl-config/openssl-cert.conf -CA server$NGINX_TRUSTED_CERTS -CAkey ssl-config/ca.key -out server$NGINX_CERT -keyout server$NGINX_CERT_KEY -noenc
docker run --rm --env-file test.env --mount type=bind,src="$(pwd)"/server/ssl,dst=/ssl,ro ${{ needs.call-workflow.outputs.test-tag }} nginx -t
test-gixy:
if: always()
needs: call-workflow
name: Test Nginx configuration with Gixy
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Test with Gixy
uses: warriors-life/.warriors-life-workflows/test-docker-image@dev
with:
code: |
docker run --rm --env-file test.env --mount type=volume,src=nginx-conf,dst=/etc/nginx ${{ needs.call-workflow.outputs.test-tag }} nginx -v
docker run --rm --mount type=volume,src=nginx-conf,dst=/etc/nginx,ro getpagespeed/gixy:v0.1.24@sha256:5db6becaeb4b316ae242baff03c6395c15b4fbdbfa67a5229fbdeeef1ee7828e