apiVersion: argoproj.io/v1alpha1 kind: Workflow metadata: generateName: example-ci-workflow- namespace: argo labels: workflows.argoproj.io/archive-strategy: "false" annotations: workflows.argoproj.io/description: | This is a simple workflow to show what steps we need to take to deploy an application. spec: entrypoint: ci serviceAccountName: admin volumeClaimTemplates: - metadata: name: shared-data spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 1Gi volumes: - name: docker-config secret: secretName: my-docker-secret templates: - name: ci dag: tasks: - name: git-clone template: git-clone - name: ls template: ls dependencies: [git-clone] - name: build template: build dependencies: [unit-tests, lint-scan] - name: unit-tests template: unit-tests dependencies: [ls] - name: lint-scan template: lint-scan dependencies: [ls] - name: trivy-image-scan template: trivy-image-scan dependencies: [build] - name: trivy-filesystem-scan template: trivy-filesystem-scan dependencies: [git-clone] - name: deploy-image template: simple-container # when: " == true" dependencies: [trivy-image-scan, trivy-filesystem-scan] - name: simple-container container: image: alpine:3.20.3 command: [sh, -c] args: ["echo test"] - name: ls container: image: alpine:3.20.3 command: [sh, -c] args: - | set -e ls -la / ls -la /shared-data ls -la /shared-data/repo volumeMounts: - name: shared-data mountPath: /shared-data - name: git-clone container: image: ubuntu:24.10 command: [sh, -c] args: - | set -e apt update apt install -y git git clone -b main https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/Franz.Germann/fibonacci_go.git /shared-data/repo echo git-clone task completed volumeMounts: - name: shared-data mountPath: /shared-data - name: build container: image: gcr.io/kaniko-project/executor:v1.23.2 args: [ "--dockerfile=Dockerfile", "--context=/shared-data/repo/", "--destination=gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest", "--skip-tls-verify" ] volumeMounts: - name: shared-data mountPath: /shared-data - name: docker-config mountPath: /kaniko/.docker/ - name: unit-tests container: image: golang:1.23.2 command: [sh, -c] args: - | set -e cd /shared-data/repo go test ./... -v echo unit-test task completed volumeMounts: - name: shared-data mountPath: /shared-data # How to extract artifacts - name: lint-scan container: image: golangci/golangci-lint:v1.61.0 command: [sh, -c] args: - | set -e cd /shared-data/repo golangci-lint run ./... --out-format=json --timeout 5m --issues-exit-code 1 echo lint-scan task completed volumeMounts: - name: shared-data mountPath: /shared-data - name: trivy-filesystem-scan container: image: aquasec/trivy:0.56.2 command: [sh, -c] args: - | set -e trivy fs --scanners license,vuln,misconfig,secret /shared-data/repo echo trivy-filesystem-scan task completed volumeMounts: - name: shared-data mountPath: /shared-data - name: trivy-image-scan container: image: aquasec/trivy:0.56.2 command: [sh, -c] args: - | set -e TRIVY_INSECURE=true trivy image --scanners license,vuln,secret gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest TRIVY_INSECURE=true trivy image --image-config-scanners secret,misconfig gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest echo trivy-image-scan task completed