DevFW-CICD/fibonacci_pipeline
13
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

adds specific versions to all the containers used

Browse source
This commit is contained in:
franz.germann1 2024-10-29 14:00:30 +01:00
parent 9c209d313e
commit 3f09ced219
2 changed files with 42 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
Dockerfile
View file

@ -1,4 +1,4 @@
FROM golang:latest AS builder FROM golang:1.23.2 AS builder
WORKDIR /shared-data/app WORKDIR /shared-data/app
COPY ./ ./ COPY ./ ./
@ -7,7 +7,8 @@ COPY ./ ./
RUN CGO_ENABLED=0 GOOS=linux go build -o fibonacci_go . RUN CGO_ENABLED=0 GOOS=linux go build -o fibonacci_go .
FROM alpine:latest # ToDo: use stretch as image for a completly empty container
FROM alpine:3.20.3
WORKDIR /shared-data/app WORKDIR /shared-data/app
COPY --from=builder /shared-data/app/fibonacci_go . COPY --from=builder /shared-data/app/fibonacci_go .

77
argo-workflows/example-ci-workflow.yaml
View file

@ -29,79 +29,59 @@ spec:
tasks: tasks:
- name: git-clone - name: git-clone
template: git-clone template: git-clone
arguments:
parameters: [{ name: message, value: "git-clone task completed" }]
- name: ls - name: ls
template: ls template: ls
dependencies: [git-clone] dependencies: [git-clone]
- name: build - name: build
template: build template: build
arguments:
parameters: [{ name: message, value: "build task completed" }]
dependencies: [unit-tests, lint-scan] dependencies: [unit-tests, lint-scan]
- name: unit-tests - name: unit-tests
template: unit-tests template: unit-tests
arguments:
parameters:
[{ name: message, value: "unit-tests task completed" }]
dependencies: [ls] dependencies: [ls]
- name: lint-scan - name: lint-scan
template: lint-scan template: lint-scan
arguments:
parameters: [{ name: message, value: "lint-scan task completed" }]
dependencies: [ls] dependencies: [ls]
- name: trivy-image-scan - name: trivy-image-scan
template: simple-container template: trivy-image-scan
arguments:
parameters:
[{ name: message, value: "trivy-image-scan task completed" }]
dependencies: [build] dependencies: [build]
- name: trivy-filesystem-scan - name: trivy-filesystem-scan
template: simple-container template: trivy-filesystem-scan
arguments:
parameters:
[
{
name: message,
value: "trivy-filesystem-scan task completed",
},
]
dependencies: [git-clone] dependencies: [git-clone]
- name: deploy-image - name: deploy-image
template: simple-container template: simple-container
arguments:
parameters:
[{ name: message, value: "push-image task completed" }]
# when: " == true" # when: " == true"
dependencies: [trivy-image-scan, trivy-filesystem-scan] dependencies: [trivy-image-scan, trivy-filesystem-scan]
- name: simple-container - name: simple-container
inputs:
parameters:
- name: message
container: container:
image: alpine:latest image: alpine:3.20.3
command: [sh, -c] command: [sh, -c]
args: ["echo {{inputs.parameters.message}}"] args: ["echo test"]
- name: ls - name: ls
container: container:
image: alpine:latest image: alpine:3.20.3
command: [sh, -c] command: [sh, -c]
args: [ls /] args:
- |
ls -la /
ls -la /shared-data
ls -la /shared-data/repo
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: git-clone - name: git-clone
container: container:
image: ubuntu:latest image: ubuntu:24.10
command: [sh, -c] command: [sh, -c]
args: args:
- | - |
apt update apt update
apt install -y git apt install -y git
git clone -b main https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/Franz.Germann/fibonacci_go.git /shared-data/repo git clone -b main https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/Franz.Germann/fibonacci_go.git /shared-data/repo
ls -la /
ls -la /shared-data echo git-clone task completed
ls -la /shared-data/repo
volumeMounts: volumeMounts:
- name: shared-data - name: shared-data
mountPath: /shared-data mountPath: /shared-data
@ -130,13 +110,13 @@ spec:
- | - |
cd /shared-data/repo cd /shared-data/repo
go test ./... -v go test ./... -v
echo unit-test task completed
volumeMounts: volumeMounts:
- name: shared-data - name: shared-data
mountPath: /shared-data mountPath: /shared-data
# How to extract artifacts # How to extract artifacts
# For now this task will fail if the lint scan finds any issue with --error-on-issues
# --max-same-issues or --max-issues-per-linter also possible
- name: lint-scan - name: lint-scan
container: container:
image: golangci/golangci-lint:v1.61.0 image: golangci/golangci-lint:v1.61.0
@ -145,6 +125,27 @@ spec:
- | - |
cd /shared-data/repo cd /shared-data/repo
golangci-lint run ./... --out-format=json --timeout 5m --issues-exit-code 1 golangci-lint run ./... --out-format=json --timeout 5m --issues-exit-code 1
echo lint-scan task completed
volumeMounts: volumeMounts:
- name: shared-data - name: shared-data
mountPath: /shared-data mountPath: /shared-data
- name: trivy-filesystem-scan
container:
image: aquasec/trivy:0.56.2
command: [sh, -c]
args:
- |
trivy fs --scanners license,vuln,misconfig,secret /shared-data/repo
echo trivy-filesystem-scan task completed
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: trivy-image-scan
container:
image: aquasec/trivy:0.56.2
command: [sh, -c]
args: ["TRIVY_INSECURE=true trivy image --scanners vuln,secret,misconfig gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest"]