fibonacci_pipeline/argo-workflows/example-ci-workflow.yaml

apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  generateName: example-ci-workflow-
  namespace: argo
  labels:
    workflows.argoproj.io/archive-strategy: "false"
  annotations:
    workflows.argoproj.io/description: |
      This is a simple workflow to show what steps we need to take to deploy an application.      
spec:
  entrypoint: ci
  serviceAccountName: admin
  volumeClaimTemplates:
    - metadata:
        name: shared-data
      spec:
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
            storage: 1Gi
  volumes:
    - name: docker-config
      secret:
        secretName: my-docker-secret
  templates:
    - name: ci
      dag:
        tasks:
          - name: git-clone
            template: git-clone
          - name: ls
            template: ls
            dependencies: [git-clone]
          - name: build
            template: build
            dependencies: [unit-tests, lint-scan]
          - name: unit-tests
            template: unit-tests
            dependencies: [ls]
          - name: lint-scan
            template: lint-scan
            dependencies: [ls]
          - name: trivy-image-scan
            template: trivy-image-scan
            dependencies: [build]
          - name: trivy-filesystem-scan
            template: trivy-filesystem-scan
            dependencies: [git-clone]
          - name: deploy-image
            template: simple-container
            # when: " == true"
            dependencies: [trivy-image-scan, trivy-filesystem-scan]

    - name: simple-container
      container:
        image: alpine:3.20.3
        command: [sh, -c]
        args: ["echo test"]

    - name: ls
      container:
        image: alpine:3.20.3
        command: [sh, -c]
        args:
          - |
            set -e

            ls -la /
            ls -la /shared-data
            ls -la /shared-data/repo            
        volumeMounts:
          - name: shared-data
            mountPath: /shared-data    

    - name: git-clone
      container:
        image: ubuntu:24.10
        command: [sh, -c]
        args:
          - |
            set -e

            apt update
            apt install -y git
            git clone -b main https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/Franz.Germann/fibonacci_go.git /shared-data/repo
            
            echo git-clone task completed            
        volumeMounts:
          - name: shared-data
            mountPath: /shared-data

    - name: build
      container:
        image: gcr.io/kaniko-project/executor:v1.23.2
        args:
          [
            "--dockerfile=Dockerfile",
            "--context=/shared-data/repo/",
            "--destination=gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest",
            "--skip-tls-verify"
          ]
        volumeMounts:
          - name: shared-data
            mountPath: /shared-data
          - name: docker-config
            mountPath: /kaniko/.docker/

    - name: unit-tests
      container:
        image: golang:1.23.2
        command: [sh, -c]
        args:
          - |
            set -e

            cd /shared-data/repo
            go test ./... -v

            echo unit-test task completed            
        volumeMounts:
          - name: shared-data
            mountPath: /shared-data
      # How to extract artifacts

    - name: lint-scan
      container:
        image: golangci/golangci-lint:v1.61.0
        command: [sh, -c]
        args:
          - |
            set -e

            cd /shared-data/repo
            golangci-lint run ./... --out-format=json --timeout 5m --issues-exit-code 1

            echo lint-scan task completed            
        volumeMounts:
          - name: shared-data
            mountPath: /shared-data
    
    - name: trivy-filesystem-scan
      container:
        image: aquasec/trivy:0.56.2
        command: [sh, -c]
        args:
          - |
            set -e

            trivy fs --scanners license,vuln,misconfig,secret /shared-data/repo

            echo trivy-filesystem-scan task completed            
        volumeMounts:
          - name: shared-data
            mountPath: /shared-data

    - name: trivy-image-scan
      container:
        image: aquasec/trivy:0.56.2
        command: [sh, -c]
        args:
          - |
            set -e

            TRIVY_INSECURE=true trivy image --scanners license,vuln,secret gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest
            TRIVY_INSECURE=true trivy image --image-config-scanners secret,misconfig gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest

            echo trivy-image-scan task completed