DevFW-CICD/fibonacci_pipeline
13
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

adds specific versions to all the containers used

Browse source
This commit is contained in:
franz.germann1 2024-10-29 14:00:30 +01:00
parent 9c209d313e
commit 3f09ced219
2 changed files with 42 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
Dockerfile
View file

@ -1,4 +1,4 @@
FROM golang:latest AS builder
FROM golang:1.23.2 AS builder
WORKDIR /shared-data/app
COPY ./ ./
@ -7,7 +7,8 @@ COPY ./ ./
RUN CGO_ENABLED=0 GOOS=linux go build -o fibonacci_go .
FROM alpine:latest
# ToDo: use stretch as image for a completly empty container
FROM alpine:3.20.3
WORKDIR /shared-data/app
COPY --from=builder /shared-data/app/fibonacci_go .

77
argo-workflows/example-ci-workflow.yaml
View file

@ -29,79 +29,59 @@ spec:
tasks:
- name: git-clone
template: git-clone
arguments:
parameters: [{ name: message, value: "git-clone task completed" }]
- name: ls
template: ls
dependencies: [git-clone]
- name: build
template: build
arguments:
parameters: [{ name: message, value: "build task completed" }]
dependencies: [unit-tests, lint-scan]
- name: unit-tests
template: unit-tests
arguments:
parameters:
[{ name: message, value: "unit-tests task completed" }]
dependencies: [ls]
- name: lint-scan
template: lint-scan
arguments:
parameters: [{ name: message, value: "lint-scan task completed" }]
dependencies: [ls]
- name: trivy-image-scan
template: simple-container
arguments:
parameters:
[{ name: message, value: "trivy-image-scan task completed" }]
template: trivy-image-scan
dependencies: [build]
- name: trivy-filesystem-scan
template: simple-container
arguments:
parameters:
[
{
name: message,
value: "trivy-filesystem-scan task completed",
},
]
template: trivy-filesystem-scan
dependencies: [git-clone]
- name: deploy-image
template: simple-container
arguments:
parameters:
[{ name: message, value: "push-image task completed" }]
# when: " == true"
dependencies: [trivy-image-scan, trivy-filesystem-scan]
- name: simple-container
inputs:
parameters:
- name: message
container:
image: alpine:latest
image: alpine:3.20.3
command: [sh, -c]
args: ["echo {{inputs.parameters.message}}"]
args: ["echo test"]
- name: ls
container:
image: alpine:latest
image: alpine:3.20.3
command: [sh, -c]
args: [ls /]
args:
- |
ls -la /
ls -la /shared-data
ls -la /shared-data/repo
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: git-clone
container:
image: ubuntu:latest
image: ubuntu:24.10
command: [sh, -c]
args:
- |
apt update
apt install -y git
git clone -b main https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/Franz.Germann/fibonacci_go.git /shared-data/repo
ls -la /
ls -la /shared-data
ls -la /shared-data/repo
echo git-clone task completed
volumeMounts:
- name: shared-data
mountPath: /shared-data
@ -130,13 +110,13 @@ spec:
- |
cd /shared-data/repo
go test ./... -v
echo unit-test task completed
volumeMounts:
- name: shared-data
mountPath: /shared-data
# How to extract artifacts
# For now this task will fail if the lint scan finds any issue with --error-on-issues
# --max-same-issues or --max-issues-per-linter also possible
- name: lint-scan
container:
image: golangci/golangci-lint:v1.61.0
@ -145,6 +125,27 @@ spec:
- |
cd /shared-data/repo
golangci-lint run ./... --out-format=json --timeout 5m --issues-exit-code 1
echo lint-scan task completed
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: trivy-filesystem-scan
container:
image: aquasec/trivy:0.56.2
command: [sh, -c]
args:
- |
trivy fs --scanners license,vuln,misconfig,secret /shared-data/repo
echo trivy-filesystem-scan task completed
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: trivy-image-scan
container:
image: aquasec/trivy:0.56.2
command: [sh, -c]
args: ["TRIVY_INSECURE=true trivy image --scanners vuln,secret,misconfig gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest"]