From 5f94bc48d23ca3f5ae5f753700643347c41f8a6d Mon Sep 17 00:00:00 2001 From: sm47916 Date: Wed, 11 Aug 2021 10:14:03 +0000 Subject: [PATCH 1/4] edit dockerfiles and edit ci --- .github/workflows/ci-checks.yml | 12 +++++++----- docker-builds/server/Dockerfile | 2 +- docker-builds/ui/Dockerfile | 7 +++---- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci-checks.yml b/.github/workflows/ci-checks.yml index a1b3dcb4..5f251865 100644 --- a/.github/workflows/ci-checks.yml +++ b/.github/workflows/ci-checks.yml @@ -57,6 +57,7 @@ jobs: fail-fast: false matrix: image: [ 'server', 'ui' ] + environment: ['qa', 'prod'] steps: - name: Checkout code uses: actions/checkout@v2 @@ -78,7 +79,7 @@ jobs: ECR_REPOSITORY: "memefactory" run: | echo "Building on ${GITHUB_REF} branch" - DOCKER_BUILDKIT=1 docker build --build-arg BUILD_ENV=qa -t ${{ matrix.image }}:${{ github.sha }} -f docker-builds/${{ matrix.image }}/Dockerfile . + DOCKER_BUILDKIT=1 docker build --build-arg BUILD_ENV=${{ matrix.environment }} -t ${{ matrix.image }}:${{ github.sha }}-${{ matrix.environment }} -t ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:latest-${{ matrix.environment }} -t ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:${{ github.sha }}-${{ matrix.environment }} -f docker-builds/${{ matrix.image }}/Dockerfile . echo "Successfully built docker image" - name: Run Trivy vulnerability scanner @@ -99,8 +100,9 @@ jobs: echo "Pushing docker images" if [[ ${GITHUB_REF} == "refs/heads/master" ]]; then echo "On the default branch will push to the registry with latest and ${{ github.sha }} tags" - docker tag ${{ matrix.image }}:${{ github.sha }} ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:${{ github.sha }} - docker tag ${{ matrix.image }}:${{ github.sha }} ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:latest - docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:${{ github.sha }} - docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:latest + docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:${{ github.sha }}-prod + docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:latest-prod + else + docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:${{ github.sha }}-qa + docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:latest-qa fi diff --git a/docker-builds/server/Dockerfile b/docker-builds/server/Dockerfile index 037ec941..e8110854 100644 --- a/docker-builds/server/Dockerfile +++ b/docker-builds/server/Dockerfile @@ -1,5 +1,5 @@ FROM node:11.14.0-stretch AS build_stage -ARG BUILD_ENV=qa +ARG BUILD_ENV=prod ENV BUILD_ENV=${BUILD_ENV} ENV MEMEFACTORY_ENV=${BUILD_ENV} ENV SMART_CONTRACTS=./src/memefactory/shared/smart_contracts_${BUILD_ENV}.cljs diff --git a/docker-builds/ui/Dockerfile b/docker-builds/ui/Dockerfile index 6feec1ea..e3d5be28 100644 --- a/docker-builds/ui/Dockerfile +++ b/docker-builds/ui/Dockerfile @@ -1,13 +1,12 @@ - FROM node:11.14.0-stretch AS build_stage # FROM node:latest AS build_stage -ARG build_environment="qa" +ARG BUILD_ENV= COPY . /build/ WORKDIR /build -ENV BUILD_ENV=$build_environment -ENV MEMEFACTORY_ENV=$build_environment +ENV BUILD_ENV=${BUILD_ENV} +ENV MEMEFACTORY_ENV=${BUILD_ENV} ENV SMART_CONTRACTS="./src/memefactory/shared/smart_contracts_${BUILD_ENV}.cljs" ENV SMART_CONTRACTS_BUILD_PATH=./resources/public/contracts/build/ From 120ef566e8e89b5090c36ec44197e218c9e7c9ee Mon Sep 17 00:00:00 2001 From: sm47916 Date: Wed, 11 Aug 2021 10:25:11 +0000 Subject: [PATCH 2/4] fixes for ci jobs --- .github/workflows/ci-checks.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-checks.yml b/.github/workflows/ci-checks.yml index 5f251865..e784af16 100644 --- a/.github/workflows/ci-checks.yml +++ b/.github/workflows/ci-checks.yml @@ -73,7 +73,7 @@ jobs: id: login-ecr uses: aws-actions/amazon-ecr-login@v1 - - name: Build QA ${{ matrix.image }} Docker image + - name: Building ${{ matrix.environment }} ${{ matrix.image }} Docker image env: ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} ECR_REPOSITORY: "memefactory" @@ -85,7 +85,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: '${{ matrix.image }}:${{ github.sha }}' + image-ref: '${{ matrix.image }}:${{ github.sha }}-${{ matrix.environment }}' format: 'table' exit-code: '0' ignore-unfixed: true From 3b0601059a4fb61ce3992fe21419048afb4c3ead Mon Sep 17 00:00:00 2001 From: sm47916 Date: Wed, 11 Aug 2021 10:27:19 +0000 Subject: [PATCH 3/4] More verbose output --- .github/workflows/ci-checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-checks.yml b/.github/workflows/ci-checks.yml index e784af16..74f00ff1 100644 --- a/.github/workflows/ci-checks.yml +++ b/.github/workflows/ci-checks.yml @@ -82,7 +82,7 @@ jobs: DOCKER_BUILDKIT=1 docker build --build-arg BUILD_ENV=${{ matrix.environment }} -t ${{ matrix.image }}:${{ github.sha }}-${{ matrix.environment }} -t ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:latest-${{ matrix.environment }} -t ${ECR_REGISTRY}/${ECR_REPOSITORY}-${{matrix.image}}:${{ github.sha }}-${{ matrix.environment }} -f docker-builds/${{ matrix.image }}/Dockerfile . echo "Successfully built docker image" - - name: Run Trivy vulnerability scanner + - name: Run Trivy vulnerability scanner for ${{ matrix.environment }} ${{ matrix.image }} Docker image uses: aquasecurity/trivy-action@master with: image-ref: '${{ matrix.image }}:${{ github.sha }}-${{ matrix.environment }}' From 6f06a4568b6ff593b92f1f2b2b47864ad76db2a7 Mon Sep 17 00:00:00 2001 From: sm47916 Date: Wed, 11 Aug 2021 10:27:38 +0000 Subject: [PATCH 4/4] cleanups --- .github/workflows/ci-checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-checks.yml b/.github/workflows/ci-checks.yml index 74f00ff1..15f63edd 100644 --- a/.github/workflows/ci-checks.yml +++ b/.github/workflows/ci-checks.yml @@ -92,7 +92,7 @@ jobs: vuln-type: 'os,library' severity: 'CRITICAL' - - name: Push QA docker images + - name: Push docker images env: ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} ECR_REPOSITORY: "memefactory"