81 lines
3.4 KiB
YAML
81 lines
3.4 KiB
YAML
name: Build and Push Image
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
|
|
jobs:
|
|
build:
|
|
name: Build and push image
|
|
runs-on: ubuntu-latest
|
|
container: catthehacker/ubuntu:act-latest
|
|
if: gitea.ref == 'refs/heads/master'
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Create Kubeconfig
|
|
run: |
|
|
mkdir $HOME/.kube
|
|
echo "${{ secrets.KUBEC_CONFIG_BUILDX_NEW }}" > $HOME/.kube/config
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
with:
|
|
driver: kubernetes
|
|
driver-opts: |
|
|
namespace=gitea-runner
|
|
qemu.install=true
|
|
|
|
- name: Login to Docker Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: git.aridgwayweb.com
|
|
username: armistace
|
|
password: ${{ secrets.REG_PASSWORD }}
|
|
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
push: true
|
|
platforms: linux/amd64,linux/arm64
|
|
tags: |
|
|
git.aridgwayweb.com/armistace/pr-reviewer:latest
|
|
|
|
- name: Trivy Scan
|
|
run: |
|
|
TRIVY_VERSION=$(curl -s https://api.github.com/repos/aquasecurity/trivy/releases/latest | grep '"tag_name"' | cut -d'"' -f4)
|
|
wget -qO /tmp/trivy.tar.gz "https://github.com/aquasecurity/trivy/releases/download/${TRIVY_VERSION}/trivy_${TRIVY_VERSION#v}_Linux-64bit.tar.gz"
|
|
tar xzf /tmp/trivy.tar.gz -C /usr/local/bin trivy
|
|
chmod +x /usr/local/bin/trivy
|
|
trivy image --format table --exit-code 1 --ignore-unfixed --vuln-type os,library --severity HIGH,CRITICAL git.aridgwayweb.com/armistace/pr-reviewer:latest
|
|
|
|
- name: Deploy
|
|
run: |
|
|
echo "Installing Kubectl"
|
|
apt-get update
|
|
apt-get install -y apt-transport-https ca-certificates curl gnupg
|
|
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
|
|
chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg
|
|
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
|
|
chmod 644 /etc/apt/sources.list.d/kubernetes.list
|
|
apt-get update
|
|
apt-get install kubectl
|
|
kubectl delete namespace pr-reviewer --ignore-not-found
|
|
kubectl create namespace pr-reviewer
|
|
kubectl create secret docker-registry regcred --docker-server=${{ vars.DOCKER_SERVER }} --docker-username=${{ vars.DOCKER_USERNAME }} --docker-password='${{ secrets.DOCKER_PASSWORD }}' --docker-email=${{ vars.DOCKER_EMAIL }} --namespace=pr-reviewer
|
|
kubectl create secret generic pr-reviewer-env \
|
|
--from-literal=LLM_PROVIDER=ollama \
|
|
--from-literal=LLM_MODEL=${{ vars.OLLAMA_MODEL }} \
|
|
--from-literal=LLM_BASE_URL=http://${{ vars.OLLAMA_SERVER }} \
|
|
--from-literal=LOG_LEVEL=INFO \
|
|
--from-literal=TOTAL_FLOW_TIMEOUT=600 \
|
|
--from-literal=PER_CREW_TIMEOUT=300 \
|
|
--from-literal=GITEA_URL=${{ vars.GITEA_URL }} \
|
|
--from-literal=GITEA_TOKEN=${{ secrets.GITEA_TOKEN }} \
|
|
--from-literal=GITEA_SECRET=${{ secrets.GITEA_SECRET }} \
|
|
--namespace=pr-reviewer
|
|
kubectl apply -f kube/pr-reviewer_deployment.yaml && kubectl apply -f kube/pr-reviewer_service.yaml
|