kelly/donetick-notifier
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

fixing build pipeline to do security scan and docker build together
Security / security (push) Successful in 59s
Details
Security / build (push) Successful in 2m13s
Details

Browse Source
This commit is contained in:
Kelly Thomas Reardon
2026-05-13 11:00:41 -05:00
parent b92dd4ee30
commit 8046e78bb6
2 changed files with 79 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/docker-build.yaml
+2 -9
View File
@@ -1,25 +1,18 @@
name: Build and Push Docker Image name: Build and Push Docker Image
on: on:
workflow_run: workflow_dispatch:
workflows:
- Security
types:
- completed
permissions: permissions:
contents: read contents: read
jobs: jobs:
build: build:
if: ${{ gitea.event.workflow_run.event == 'push' && gitea.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
ref: ${{ gitea.event.workflow_run.head_sha }}
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
@@ -33,7 +26,7 @@ jobs:
- name: Compute image tag - name: Compute image tag
id: tag id: tag
run: | run: |
BRANCH="${{ gitea.event.workflow_run.head_branch }}" BRANCH="${{ gitea.ref_name }}"
if [ "$BRANCH" = "main" ]; then if [ "$BRANCH" = "main" ]; then
TAG="latest" TAG="latest"
.gitea/workflows/security.yaml
+77
View File
@@ -330,3 +330,80 @@ jobs:
if [ "$failed" != "0" ]; then if [ "$failed" != "0" ]; then
exit 1 exit 1
fi fi
- name: Notify Apprise (failure)
if: failure()
run: |
curl -X POST \
-H "Content-Type: application/json" \
-d "{
\"tags\": \"all\",
\"title\": \"Gitea Security Scan Failed\",
\"body\": \"Repo: ${{ gitea.repository }}\\nBranch: ${{ gitea.ref_name }}\\nSecurity scan failed; check logs and generated issues in Gitea\"
}" \
${{ secrets.APPRISE_URL }}
build:
needs: security
if: ${{ gitea.event_name == 'push' }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Compute image tag
id: tag
run: |
BRANCH="${{ gitea.ref_name }}"
if [ "$BRANCH" = "main" ]; then
TAG="latest"
elif [[ "$BRANCH" == v* ]]; then
TAG="$BRANCH"
else
TAG="test"
fi
echo "tag=$TAG" >> "$GITEA_OUTPUT"
echo "branch=$BRANCH" >> "$GITEA_OUTPUT"
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: blinkfink182/donetick-notifier:${{ steps.tag.outputs.tag }}
- name: Notify Apprise (success)
if: success()
run: |
curl -X POST \
-H "Content-Type: application/json" \
-d "{
\"tags\": \"all\",
\"title\": \"Gitea Build Succeeded\",
\"body\": \"Repo: ${{ gitea.repository }}\\nBranch: ${{ steps.tag.outputs.branch }}\\nImage tag built successfully\"
}" \
${{ secrets.APPRISE_URL }}
- name: Notify Apprise (failure)
if: failure()
run: |
curl -X POST \
-H "Content-Type: application/json" \
-d "{
\"tags\": \"all\",
\"title\": \"Gitea Build Failed\",
\"body\": \"Repo: ${{ gitea.repository }}\\nBranch: ${{ steps.tag.outputs.branch }}\\nCheck logs in Gitea\"
}" \
${{ secrets.APPRISE_URL }}