This repository has been archived by the owner on Sep 22, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
143 lines (108 loc) · 3.94 KB
/
ngsa-pr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: Build NGSA-App-PR
on:
pull_request:
types: [opened, reopened, synchronize]
paths:
- 'Dockerfile'
- '*.csproj'
- '**.cs'
- '.github/workflows/ngsa-pr.yaml'
jobs:
build:
runs-on: ubuntu-20.04
env:
DOCKER_REPO: ghcr.io/retaildevcrews/ngsa-app
steps:
- uses: actions/checkout@v2
- name: Login to Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ secrets.GHCR_ID }}
password: ${{ secrets.GHCR_PAT }}
- name: Docker Build
run: |
docker build . --progress auto -t image
- name: Grype Scan Image for Vulnerabilities
uses: anchore/scan-action@v3
id: grype
with:
image: "image"
severity-cutoff: critical
acs-report-enable: true
fail-build: true
- name: Upload Grype Vulnerability SARIF report
if: always()
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.grype.outputs.sarif }}
- name: Docker Run and Test - In-Memory
run: |
docker run -d --name ngsacsmem -p 8080:8080 image --in-memory
echo "Waiting for web server to start ..."
wait_time=10
sleep $wait_time
# wait up to 30 seconds for web server to start
while true
do
if curl -s localhost:8080/version ; then
echo -e "\n web server is running"
break
fi
# check if container is still running
if [ -z "$(docker ps -q -f name=ngsacsmem)" ]; then
docker logs ngsacsmem
exit 1
fi
if [ $wait_time -gt 30 ] ; then
echo -e "\n timeout waiting for web server to start"
exit 1
fi
sleep 1
((wait_time=wait_time+1))
done
echo "Running In-Memory benchmark and baseline"
docker run --rm --network=host ghcr.io/retaildevcrews/ngsa-lr:beta -s "http://localhost:8080" --max-errors 1 -f benchmark.json baseline.json
- name: Set Secrets
run: |
mkdir -p /tmp/secrets
echo -n ${{ secrets.NGSA_TEST_COSMOS_RW_KEY}} >| /tmp/secrets/CosmosKey
echo -n ${{ secrets.NGSA_TEST_COSMOS_URL }} >| /tmp/secrets/CosmosUrl
echo -n 'movies' >| /tmp/secrets/CosmosCollection
echo -n 'imdb' >| /tmp/secrets/CosmosDatabase
- name: Docker Run and Test - Cosmos
run: |
docker run -d --name ngsacscosmos -p 8081:8080 -v /tmp/secrets:/app/secrets:ro image --no-cache
echo "Waiting for web server to start ..."
wait_time=10
sleep $wait_time
# wait up to 30 seconds for web server to start
while true
do
if curl -s localhost:8081/version ; then
echo -e "\n web server is running"
break
fi
# check if container is still running
if [ -z "$(docker ps -q -f name=ngsacscosmos)" ]; then
docker logs ngsacscosmos
exit 1
fi
if [ $wait_time -gt 30 ] ; then
echo -e "\n timeout waiting for web server to start"
exit 1
fi
sleep 1
((wait_time=wait_time+1))
done
echo "Running Cosmos benchmark and baseline"
docker run --rm --network=host ghcr.io/retaildevcrews/ngsa-lr:beta -s "http://localhost:8081" --max-errors 1 -f benchmark.json baseline.json
- name: Delete Secrets
run: |
rm -rf /tmp/secrets
- name: Docker Tag and Push
run: |
# tag the repo with :dev
docker tag image $DOCKER_REPO:dev
# Push to the repo
docker push -a $DOCKER_REPO