updated to loadbalncer #131
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD-pipeline-project | |
| on: | |
| push: | |
| branches: | |
| - feature/* | |
| - main | |
| jobs: | |
| sonarcloud: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: SonarCloud Scan | |
| uses: sonarsource/[email protected] | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| - name: Send failure alert to Discord | |
| if: failure() | |
| run: | | |
| curl -H "Content-Type: application/json" \ | |
| -d '{"content": "❌ **SonarCloud Scan** a échoué sur la branche `${{ github.ref }}`"}' \ | |
| ${{ secrets.DISCORD_WEBHOOK_URL }} | |
| snyk: | |
| runs-on: ubuntu-latest | |
| needs: sonarcloud | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@master | |
| - name: Run Snyk to check for vulnerabilities | |
| uses: snyk/actions/python@master | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| - name: Send vulnerability alert to Discord | |
| if: failure() | |
| run: | | |
| curl -H "Content-Type: application/json" \ | |
| -d '{"content": "⚠️ **Snyk** a détecté des vulnérabilités critiques ! Analysez le rapport immédiatement."}' \ | |
| ${{ secrets.DISCORD_WEBHOOK_URL }} | |
| build-and-push: | |
| name: Build and Push Docker Image to Docker Hub | |
| needs: snyk | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v2 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build Docker image | |
| run: docker build -t "${{ secrets.DOCKER_IMAGE_NAME }}:latest" . | |
| - name: Push Docker image | |
| run: docker push "${{ secrets.DOCKER_IMAGE_NAME }}:latest" | |
| docker_scout_scan: | |
| needs: build-and-push | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Pull Docker image | |
| run: docker pull "${{ secrets.DOCKER_IMAGE_NAME }}:latest" | |
| - name: Docker Scout | |
| id: docker-scout | |
| uses: docker/scout-action@v1 | |
| with: | |
| command: cves | |
| image: ${{ steps.meta.outputs.tags }} | |
| only-severities: critical,high | |
| exit-code: true | |
| - name: Send vulnerability alert to Discord | |
| if: failure() | |
| run: | | |
| curl -H "Content-Type: application/json" \ | |
| -d '{"content": "❗ **Docker Scout** a détecté des vulnérabilités critiques dans l''image Docker."}' \ | |
| ${{ secrets.DISCORD_WEBHOOK_URL }} | |
| trivy: | |
| needs: docker_scout_scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Pull Docker image | |
| run: docker pull "${{ secrets.DOCKER_IMAGE_NAME }}:latest" | |
| - name: Run Trivy - Generate report | |
| run: | | |
| docker run --rm -v ${{ github.workspace }}/.trivycache:/root/.cache/ \ | |
| -v ${{ github.workspace }}:/workspace aquasec/trivy image --exit-code 0 \ | |
| --format json --output "/workspace/trivy-report.json" "${{ secrets.DOCKER_IMAGE_NAME }}:latest" | |
| - name: Upload Trivy report | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: trivy-report | |
| path: trivy-report.json | |
| - name: Send vulnerability alert to Discord | |
| if: failure() | |
| run: | | |
| curl -H "Content-Type: application/json" \ | |
| -d '{"content": "❗ **Trivy** a détecté des vulnérabilités dans l'image Docker ! Vérifiez le rapport pour plus de détails."}' \ | |
| ${{ secrets.DISCORD_WEBHOOK_URL }} |