151 lines
No EOL
4.2 KiB
YAML
151 lines
No EOL
4.2 KiB
YAML
apiVersion: argoproj.io/v1alpha1
|
|
kind: Workflow
|
|
metadata:
|
|
generateName: example-ci-workflow-
|
|
namespace: argo
|
|
labels:
|
|
workflows.argoproj.io/archive-strategy: "false"
|
|
annotations:
|
|
workflows.argoproj.io/description: |
|
|
This is a simple workflow to show what steps we need to take to deploy an application.
|
|
spec:
|
|
entrypoint: ci
|
|
serviceAccountName: admin
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: shared-data
|
|
spec:
|
|
accessModes: ["ReadWriteOnce"]
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
volumes:
|
|
- name: docker-config
|
|
secret:
|
|
secretName: my-docker-secret
|
|
templates:
|
|
- name: ci
|
|
dag:
|
|
tasks:
|
|
- name: git-clone
|
|
template: git-clone
|
|
- name: ls
|
|
template: ls
|
|
dependencies: [git-clone]
|
|
- name: build
|
|
template: build
|
|
dependencies: [unit-tests, lint-scan]
|
|
- name: unit-tests
|
|
template: unit-tests
|
|
dependencies: [ls]
|
|
- name: lint-scan
|
|
template: lint-scan
|
|
dependencies: [ls]
|
|
- name: trivy-image-scan
|
|
template: trivy-image-scan
|
|
dependencies: [build]
|
|
- name: trivy-filesystem-scan
|
|
template: trivy-filesystem-scan
|
|
dependencies: [git-clone]
|
|
- name: deploy-image
|
|
template: simple-container
|
|
# when: " == true"
|
|
dependencies: [trivy-image-scan, trivy-filesystem-scan]
|
|
|
|
- name: simple-container
|
|
container:
|
|
image: alpine:3.20.3
|
|
command: [sh, -c]
|
|
args: ["echo test"]
|
|
|
|
- name: ls
|
|
container:
|
|
image: alpine:3.20.3
|
|
command: [sh, -c]
|
|
args:
|
|
- |
|
|
ls -la /
|
|
ls -la /shared-data
|
|
ls -la /shared-data/repo
|
|
volumeMounts:
|
|
- name: shared-data
|
|
mountPath: /shared-data
|
|
|
|
- name: git-clone
|
|
container:
|
|
image: ubuntu:24.10
|
|
command: [sh, -c]
|
|
args:
|
|
- |
|
|
apt update
|
|
apt install -y git
|
|
git clone -b main https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/Franz.Germann/fibonacci_go.git /shared-data/repo
|
|
|
|
echo git-clone task completed
|
|
volumeMounts:
|
|
- name: shared-data
|
|
mountPath: /shared-data
|
|
|
|
- name: build
|
|
container:
|
|
image: gcr.io/kaniko-project/executor:v1.23.2
|
|
args:
|
|
[
|
|
"--dockerfile=Dockerfile",
|
|
"--context=/shared-data/repo/",
|
|
"--destination=gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest",
|
|
"--skip-tls-verify"
|
|
]
|
|
volumeMounts:
|
|
- name: shared-data
|
|
mountPath: /shared-data
|
|
- name: docker-config
|
|
mountPath: /kaniko/.docker/
|
|
|
|
- name: unit-tests
|
|
container:
|
|
image: golang:1.23.2
|
|
command: [sh, -c]
|
|
args:
|
|
- |
|
|
cd /shared-data/repo
|
|
go test ./... -v
|
|
|
|
echo unit-test task completed
|
|
volumeMounts:
|
|
- name: shared-data
|
|
mountPath: /shared-data
|
|
# How to extract artifacts
|
|
|
|
- name: lint-scan
|
|
container:
|
|
image: golangci/golangci-lint:v1.61.0
|
|
command: [sh, -c]
|
|
args:
|
|
- |
|
|
cd /shared-data/repo
|
|
golangci-lint run ./... --out-format=json --timeout 5m --issues-exit-code 1
|
|
|
|
echo lint-scan task completed
|
|
volumeMounts:
|
|
- name: shared-data
|
|
mountPath: /shared-data
|
|
|
|
- name: trivy-filesystem-scan
|
|
container:
|
|
image: aquasec/trivy:0.56.2
|
|
command: [sh, -c]
|
|
args:
|
|
- |
|
|
trivy fs --scanners license,vuln,misconfig,secret /shared-data/repo
|
|
|
|
echo trivy-filesystem-scan task completed
|
|
volumeMounts:
|
|
- name: shared-data
|
|
mountPath: /shared-data
|
|
|
|
- name: trivy-image-scan
|
|
container:
|
|
image: aquasec/trivy:0.56.2
|
|
command: [sh, -c]
|
|
args: ["TRIVY_INSECURE=true trivy image --scanners vuln,secret,misconfig gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest"] |