From b971fef652eb7a8f5d3bbac1573d7d831b5222ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joakim=20Hells=C3=A9n?= Date: Tue, 27 Sep 2022 02:56:58 +0200 Subject: [PATCH] Build Docker image automatically --- .github/renovate.json | 39 ++++++++++++++++++ .github/workflows/codeql.yml | 28 +++++++++++++ .github/workflows/docker-publish.yml | 60 ++++++++++++++++++++++++++++ 3 files changed, 127 insertions(+) create mode 100644 .github/renovate.json create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/docker-publish.yml diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..7ca4066 --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,39 @@ +{ + "extends": [ + "config:base" + ], + "packageRules": [ + { + "matchUpdateTypes": [ + "minor", + "patch", + "pin", + "digest", + "lockFileMaintenance" + ], + "automerge": true, + "automergeType": "branch", + "platformAutomerge": true, + "schedule": [ + "after 8am and before 11am on monday through friday" + ] + } + ], + "dependencyDashboard": false, + "enabledManagers": [ + "dockerfile", + "docker-compose", + "poetry", + "github-actions" + ], + "lockFileMaintenance": { + "enabled": true, + "automerge": true, + "automergeType": "branch", + "platformAutomerge": true, + "schedule": [ + "after 8am and before 11am on monday through friday" + ] + }, + "timezone": "Europe/Stockholm" +} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..e116e0c --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,28 @@ +--- +name: "CodeQL" +on: + schedule: + - cron: '33 11 * * 5' +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + steps: + - uses: actions/checkout@v3 + - run: pipx install poetry + - uses: actions/setup-python@v4 + with: + python-version: '3.10' + cache: 'poetry' + - run: poetry install + - run: echo "CODEQL_PYTHON=$(poetry run which python)" >> $GITHUB_ENV + - uses: github/codeql-action/init@v2 + with: + languages: 'python' + queries: security-extended,security-and-quality + setup-python-dependencies: false + - uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..8b0b9b3 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,60 @@ +name: Docker + +on: + schedule: + - cron: "20 6 * * *" + push: + branches: [ master ] + pull_request: + branches: [ master ] + workflow_dispatch: +env: + BOT_TOKEN: ${{ secrets.BOT_TOKEN }} + TIMEZONE: Europe/Stockholm + LOG_LEVEL: Info + SQLITE_LOCATION: /data/jobs.sqlite + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v3 + - run: pipx install poetry + - uses: actions/setup-python@v4 + with: + python-version: "3.10" + cache: 'poetry' + - run: poetry install + - run: poetry run pytest + - name: Login to Docker Hub + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to GitHub Container Registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v4 + with: + images: | + thelovinator/discord-reminder-bot + ghcr.io/thelovinator1/discord-reminder-bot + flavor: latest=${{ github.ref == 'refs/heads/master' }} + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@v3 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }}