From 8046e78bb6acc7915e64c243bd4b6019bfe634a9 Mon Sep 17 00:00:00 2001 From: Kelly Thomas Reardon Date: Wed, 13 May 2026 11:00:41 -0500 Subject: [PATCH] fixing build pipeline to do security scan and docker build together --- .gitea/workflows/docker-build.yaml | 11 +---- .gitea/workflows/security.yaml | 77 ++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+), 9 deletions(-) diff --git a/.gitea/workflows/docker-build.yaml b/.gitea/workflows/docker-build.yaml index f197efb..1fb56a2 100644 --- a/.gitea/workflows/docker-build.yaml +++ b/.gitea/workflows/docker-build.yaml @@ -1,25 +1,18 @@ name: Build and Push Docker Image on: - workflow_run: - workflows: - - Security - types: - - completed + workflow_dispatch: permissions: contents: read jobs: build: - if: ${{ gitea.event.workflow_run.event == 'push' && gitea.event.workflow_run.conclusion == 'success' }} runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - with: - ref: ${{ gitea.event.workflow_run.head_sha }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -33,7 +26,7 @@ jobs: - name: Compute image tag id: tag run: | - BRANCH="${{ gitea.event.workflow_run.head_branch }}" + BRANCH="${{ gitea.ref_name }}" if [ "$BRANCH" = "main" ]; then TAG="latest" diff --git a/.gitea/workflows/security.yaml b/.gitea/workflows/security.yaml index 9101f64..ede07d5 100644 --- a/.gitea/workflows/security.yaml +++ b/.gitea/workflows/security.yaml @@ -330,3 +330,80 @@ jobs: if [ "$failed" != "0" ]; then exit 1 fi + + - name: Notify Apprise (failure) + if: failure() + run: | + curl -X POST \ + -H "Content-Type: application/json" \ + -d "{ + \"tags\": \"all\", + \"title\": \"Gitea Security Scan Failed\", + \"body\": \"Repo: ${{ gitea.repository }}\\nBranch: ${{ gitea.ref_name }}\\nSecurity scan failed; check logs and generated issues in Gitea\" + }" \ + ${{ secrets.APPRISE_URL }} + + build: + needs: security + if: ${{ gitea.event_name == 'push' }} + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Compute image tag + id: tag + run: | + BRANCH="${{ gitea.ref_name }}" + + if [ "$BRANCH" = "main" ]; then + TAG="latest" + elif [[ "$BRANCH" == v* ]]; then + TAG="$BRANCH" + else + TAG="test" + fi + + echo "tag=$TAG" >> "$GITEA_OUTPUT" + echo "branch=$BRANCH" >> "$GITEA_OUTPUT" + + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: . + push: true + tags: blinkfink182/donetick-notifier:${{ steps.tag.outputs.tag }} + + - name: Notify Apprise (success) + if: success() + run: | + curl -X POST \ + -H "Content-Type: application/json" \ + -d "{ + \"tags\": \"all\", + \"title\": \"Gitea Build Succeeded\", + \"body\": \"Repo: ${{ gitea.repository }}\\nBranch: ${{ steps.tag.outputs.branch }}\\nImage tag built successfully\" + }" \ + ${{ secrets.APPRISE_URL }} + + - name: Notify Apprise (failure) + if: failure() + run: | + curl -X POST \ + -H "Content-Type: application/json" \ + -d "{ + \"tags\": \"all\", + \"title\": \"Gitea Build Failed\", + \"body\": \"Repo: ${{ gitea.repository }}\\nBranch: ${{ steps.tag.outputs.branch }}\\nCheck logs in Gitea\" + }" \ + ${{ secrets.APPRISE_URL }}