Merge pull request #65 from fabianoflorentino/dependabot/pip/markupsa… #66
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Build Image (Dockerhub) | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- 'README.md' | |
- 'LICENSE' | |
- 'docs/**' | |
- '.github/**' | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python 3.10 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
python -m pip install -r ./requirements.txt | |
pip install pylint | |
pip install mypy | |
- name: Analysing the code with pylint | |
run: | | |
python -m pylint `ls -R|grep .py$|xargs` | |
- name: Analysing the code with MyPy | |
run: | | |
python -m mypy *.py | |
analyze: | |
name: Analyze | |
runs-on: ubuntu-latest | |
needs: [lint] | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
strategy: | |
fail-fast: false | |
matrix: | |
language: [ 'python' ] | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v2 | |
with: | |
languages: ${{ matrix.language }} | |
- name: Autobuild | |
uses: github/codeql-action/autobuild@v2 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 | |
build: | |
name: Build and Push to Docker Hub | |
environment: DOCKERHUB | |
runs-on: ubuntu-latest | |
needs: [lint, analyze] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Login on DockerHub | |
run: | | |
docker login -u ${{ secrets.DOCKERHUB_USERNAME }} \ | |
-p ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build Docker image | |
run: | | |
docker build --no-cache --rm \ | |
-t ${{ github.repository }}:v0.${{ github.run_number }} \ | |
-f ./Dockerfile . | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: '${{ github.repository }}:v0.${{ github.run_number }}' | |
format: 'sarif' | |
output: 'trivy-results.sarif' | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: 'trivy-results.sarif' | |
- name: Push to DockerHub | |
run: docker push ${{ github.repository }}:v0.${{ github.run_number }} |