Merge pull request 'CI: standardize workflows - tests mandatory, remove :latest push on master' (#13 ) from fix/workflow-standard into master

Reviewed-on: #13
fix: restructure tag.yaml - add test before build-push
2026-06-13 17:38:42 -04:00 · 2026-06-13 16:20:34 -04:00 · 2026-06-13 16:20:31 -04:00 · 2026-06-13 16:20:28 -04:00 · 2026-06-12 20:55:26 -04:00 · 2026-06-12 20:23:20 -04:00
7 changed files with 157 additions and 144 deletions
@@ -0,0 +1,49 @@
 name: Nightly Rebuild
 on:
  schedule:
    - cron: '0 0 * * *'
 jobs:
  hadolint:
    runs-on: ubuntu-latest
    continue-on-error: true
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
        with:
          dockerfile: Dockerfile
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
      - run: docker build -t ci-image:${{ github.sha }} .
      - run: bash tests/test.sh ci-image:${{ github.sha }}
  build-push:
    needs: [test]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
        with:
          fetch-depth: 0
      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
      - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - id: get-latest-tag
        run: |
          TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
          echo "tag=$TAG" >> $GITHUB_OUTPUT
      - id: meta
        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
        with:
          images: jcabillot/cipherscan
          tags: |
            type=raw,value=${{ steps.get-latest-tag.outputs.tag }}-latest,enable=${{ steps.get-latest-tag.outputs.tag != '' }}
      - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
        with:
          context: .
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          pull: true
@@ -1,71 +0,0 @@
 name: Docker Build and Push
 on:
  pull_request:
  push:
    branches: [master]
  schedule:
    - cron: '30 3 * * 3'
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - name: Hadolint
        uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
  build:
    runs-on: ubuntu-latest
    needs: lint
    steps:
      - name: Checkout
        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - name: Build image
        run: docker build -t ci-image:${{ github.sha }} .
      - name: Save image
        run: docker save ci-image:${{ github.sha }} > image.tar
      - name: Upload artifact
        uses: ChristopherHX/gitea-upload-artifact@62ac910c5d3dfa85c7cb2df15afe2e342b2407c2 # main
        with:
          name: docker-image
          path: image.tar
  test:
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: Checkout
        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - name: Download artifact
        uses: ChristopherHX/gitea-download-artifact@75635f32b4c1c41c4b3d64e8f85210112ed4c9c7 # main
        with:
          name: docker-image
      - name: Load image
        run: docker load < image.tar
      - name: Run tests
        run: bash tests/test.sh ci-image:${{ github.sha }}
  push:
    runs-on: ubuntu-latest
    if: github.event_name != 'pull_request'
    needs: test
    steps:
      - name: Checkout
        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - name: Download artifact
        uses: ChristopherHX/gitea-download-artifact@75635f32b4c1c41c4b3d64e8f85210112ed4c9c7 # main
        with:
          name: docker-image
      - name: Load image
        run: docker load < image.tar
      - name: Login to Docker Hub
        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Tag and push
        run: |
          docker tag ci-image:${{ github.sha }} jcabillot/cipherscan:latest
          docker push jcabillot/cipherscan:latest
@@ -0,0 +1,44 @@
 name: Main Release
 on:
  push:
    branches: [master]
 jobs:
  hadolint:
    runs-on: ubuntu-latest
    continue-on-error: true
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
        with:
          dockerfile: Dockerfile
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
      - run: docker build -t ci-image:${{ github.sha }} .
      - run: bash tests/test.sh ci-image:${{ github.sha }}
  build:
    needs: [test]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
      - run: docker build -t jcabillot/cipherscan:${{ github.sha }} .
  tag:
    needs: [build]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
        with:
          fetch-depth: 0
      - name: Configure git auth
        run: |
          git remote set-url origin "https://x-access-token:${{ secrets.SA_TOKEN_ACTION_PUSH_TAGS }}@scm.cabillot.eu/perso/cipherscan.git"
      - uses: anothrNick/github-tag-action@4ed44965e0db8dab2b466a16da04aec3cc312fd8 # v1.75.0
        env:
          GITHUB_TOKEN: ${{ secrets.SA_TOKEN_ACTION_PUSH_TAGS }}
          DEFAULT_BUMP: patch
          RELEASE_BRANCHES: master
          WITH_V: true
          GIT_API_TAGGING: false
@@ -0,0 +1,20 @@
 name: PR Checks
 on:
  pull_request:
    branches: [master]
 jobs:
  hadolint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
        continue-on-error: true
        with:
          dockerfile: Dockerfile
  build-test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
      - run: docker build -t ci-image:${{ github.sha }} .
      - run: bash tests/test.sh ci-image:${{ github.sha }}
@@ -0,0 +1,44 @@
 name: Tag Release
 on:
  push:
    tags: ['*']
 jobs:
  hadolint:
    runs-on: ubuntu-latest
    continue-on-error: true
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
        with:
          dockerfile: Dockerfile
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
      - run: docker build -t ci-image:${{ github.sha }} .
      - run: bash tests/test.sh ci-image:${{ github.sha }}
  build-push:
    needs: [test]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
      - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - id: meta
        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
        with:
          images: jcabillot/cipherscan
          tags: |
            type=ref,event=tag
            type=ref,event=tag,suffix=-latest
      - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
        with:
          context: .
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          pull: true
@@ -1,35 +0,0 @@
 image: "docker:latest"
 services:
  - "docker:dind"
 before_script:
  - "docker login -u \"$CI_REGISTRY_USER\" -p \"$CI_REGISTRY_PASSWORD\" $CI_REGISTRY"
 build-master:
  stage: "build"
  script:
    - "docker build --pull -t \"$CI_REGISTRY_IMAGE\" ."
    - "docker push \"$CI_REGISTRY_IMAGE\""
  only:
    - "master"
 build:
  stage: "build"
  script:
    - "docker build --pull -t \"$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG\" ."
    - "docker push \"$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG\""
  except:
    - "master"
 deploy-dockerhub:
  stage: "deploy"
  before_script:
    - "docker login -u \"$DOCKERHUB_USER\" -p \"$DOCKERHUB_PASSWORD\""
    - "docker login -u \"$CI_REGISTRY_USER\" -p \"$CI_REGISTRY_PASSWORD\" $CI_REGISTRY"
  script:
    - "docker pull \"$CI_REGISTRY_IMAGE\""
    - "docker tag \"$CI_REGISTRY_IMAGE\" \"$DOCKERHUB_USER/$DOCKERHUB_PROJECT\""
    - "docker push \"$DOCKERHUB_USER/$DOCKERHUB_PROJECT\""
  only:
    - "master"
@@ -1,38 +0,0 @@
 pipeline {
  environment {
    registry = 'https://registry.hub.docker.com'
    registryCredential = 'dockerhub_jcabillot'
    dockerImage = 'jcabillot/cipherscan'
  }
  agent any
  triggers {
    cron('@midnight')
  }
  stages {
    stage('Clone repository') {
      steps{
        checkout scm
      }
    }
    stage('Build image') {
      steps{
        sh 'docker build --force-rm=true --no-cache=true --pull -t ${dockerImage} .'
      }
    }
    stage('Deploy Image') {
      steps{
        script {
          withCredentials([usernamePassword(credentialsId: 'dockerhub_jcabillot', usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) {
            sh 'docker login --username ${DOCKER_USER} --password ${DOCKER_PASS}'
            sh 'docker push ${dockerImage}'
          }
        }
      }
    }
  }
 }
Author	SHA1	Message	Date
jcabillot	94f48a4b9e	Merge pull request 'CI: standardize workflows - tests mandatory, remove :latest push on master' (#13 ) from fix/workflow-standard into master Main Release / hadolint (push) Successful in 7s Details Main Release / test (push) Successful in 16s Details Main Release / build (push) Successful in 12s Details Main Release / tag (push) Successful in 13s Details Tag Release / hadolint (push) Successful in 6s Details Tag Release / test (push) Successful in 13s Details Tag Release / build-push (push) Successful in 1m53s Details Reviewed-on: #13	2026-06-13 17:38:42 -04:00
cloudix_mcp_server	16b6873a38	fix: restructure tag.yaml - add test before build-push PR Checks / hadolint (pull_request) Successful in 5s Details PR Checks / build-test (pull_request) Successful in 12s Details	2026-06-13 16:20:34 -04:00
cloudix_mcp_server	23ac4446b3	fix: restructure cron.yaml - add test job, remove :latest tag	2026-06-13 16:20:31 -04:00
cloudix_mcp_server	f56fe21026	fix: restructure main.yaml - test mandatory before build, no Docker push on master	2026-06-13 16:20:28 -04:00
jcabillot	08df5d6947	Merge pull request 'fix: refactor CI pipelines with pinned action versions and remove legacy configs' (#12 ) from fix/refactor-ci-pipelines into master Main Release / hadolint (push) Successful in 6s Details Main Release / test (push) Successful in 16s Details Main Release / tag (push) Successful in 22s Details Main Release / build-push (push) Successful in 2m18s Details Reviewed-on: #12	2026-06-12 20:55:26 -04:00
cloudix_mcp_server	c0175543c3	fix: restore hadolint in cron workflow PR Checks / hadolint (pull_request) Successful in 7s Details PR Checks / build-test (pull_request) Successful in 19s Details	2026-06-12 20:23:20 -04:00
cloudix_mcp_server	3f9df443c2	chore: remove legacy Jenkinsfile PR Checks / hadolint (pull_request) Successful in 5s Details PR Checks / build-test (pull_request) Successful in 12s Details	2026-06-12 19:40:45 -04:00
cloudix_mcp_server	7cf39a7495	chore: remove legacy GitLab CI config	2026-06-12 19:40:42 -04:00
cloudix_mcp_server	ec35949187	refactor(ci): clean nightly cron pipeline with pinned action versions	2026-06-12 19:40:36 -04:00
cloudix_mcp_server	68243f4eef	refactor(ci): clean tag pipeline with pinned action versions	2026-06-12 19:40:32 -04:00
cloudix_mcp_server	7f5bcbea4c	refactor(ci): clean main pipeline with pinned action versions	2026-06-12 19:40:28 -04:00
cloudix_mcp_server	0f115455fc	refactor(ci): clean PR pipeline with pinned action versions	2026-06-12 19:40:26 -04:00
jcabillot	41237fed5e	Merge pull request 'feat(ci): refactor pipelines — hadolint, PR checks, tag releases, nightly rebuild' (#11 ) from fix/refactor-ci-pipelines into master Main Release / hadolint (push) Successful in 7s Details Main Release / test (push) Successful in 13s Details Main Release / tag (push) Successful in 16s Details Main Release / build-push (push) Successful in 1m36s Details Reviewed-on: #11	2026-06-12 16:18:16 -04:00
cloudix_mcp_server	de092a9212	chore(ci): remove workflows from .forgejo/workflows PR Checks / hadolint (pull_request) Successful in 6s Details PR Checks / build-test (pull_request) Successful in 13s Details	2026-06-12 16:15:32 -04:00
cloudix_mcp_server	a5e2b98660	chore(ci): remove workflows from .forgejo/workflows	2026-06-12 16:15:29 -04:00
cloudix_mcp_server	33666c5e19	chore(ci): remove workflows from .forgejo/workflows PR Checks / hadolint (pull_request) Successful in 7s Details PR Checks / build-test (pull_request) Successful in 14s Details	2026-06-12 16:15:23 -04:00
cloudix_mcp_server	c933607153	chore(ci): remove workflows from .forgejo/workflows (using .gitea/workflows instead) PR Checks / hadolint (pull_request) Successful in 7s Details PR Checks / build-test (pull_request) Successful in 14s Details	2026-06-12 16:15:20 -04:00
cloudix_mcp_server	8cc464e912	feat(ci): add nightly rebuild workflow to .gitea/workflows PR Checks / build-test (pull_request) Successful in 1m10s Details PR Checks / hadolint (pull_request) Successful in 8s Details	2026-06-12 16:15:08 -04:00
cloudix_mcp_server	0ca56d600b	feat(ci): add tag release workflow to .gitea/workflows PR Checks / hadolint (pull_request) Successful in 5s Details PR Checks / build-test (pull_request) Successful in 15s Details	2026-06-12 16:15:01 -04:00
cloudix_mcp_server	1bc33752ea	feat(ci): add main release workflow to .gitea/workflows	2026-06-12 16:14:55 -04:00
cloudix_mcp_server	a895fd1b89	feat(ci): add PR checks workflow to .gitea/workflows PR Checks / hadolint (pull_request) Successful in 9s Details PR Checks / build-test (pull_request) Successful in 1m16s Details	2026-06-12 16:14:52 -04:00
cloudix_mcp_server	3ed62439a9	chore(ci): force CI re-trigger	2026-06-12 16:12:26 -04:00
cloudix_mcp_server	aef8753e44	chore(ci): remove stale workflow files from .gitea/workflows	2026-06-12 16:09:20 -04:00
cloudix_mcp_server	886ac56bdf	chore(ci): remove stale workflow files from .gitea/workflows	2026-06-12 16:09:15 -04:00
cloudix_mcp_server	0ee799e27f	chore(ci): remove stale workflow files from .gitea/workflows	2026-06-12 16:09:12 -04:00
cloudix_mcp_server	35ddb9eb4d	chore(ci): remove stale workflow files from .gitea/workflows	2026-06-12 16:09:05 -04:00
cloudix_mcp_server	abb697e67d	feat(ci): add nightly rebuild workflow PR Checks / hadolint (pull_request) Failing after 2s Details PR Checks / build-test (pull_request) Failing after 2s Details	2026-06-12 16:08:02 -04:00
cloudix_mcp_server	6647757813	feat(ci): add tag release workflow PR Checks / build-test (pull_request) Failing after 2s Details PR Checks / hadolint (pull_request) Failing after 8s Details	2026-06-12 16:07:57 -04:00
cloudix_mcp_server	11d2e6596c	feat(ci): add main release workflow PR Checks / hadolint (pull_request) Failing after 1s Details PR Checks / build-test (pull_request) Failing after 2s Details	2026-06-12 16:07:50 -04:00
cloudix_mcp_server	a4519dbc04	feat(ci): add PR checks workflow PR Checks / build-test (pull_request) Failing after 7s Details PR Checks / hadolint (pull_request) Failing after 8s Details	2026-06-12 16:07:44 -04:00
cloudix_mcp_server	7fdbd1bffc	chore: remove old docker-build.yaml in favor of 4-workflow pipeline PR Checks / build-test (pull_request) Failing after 13s Details PR Checks / hadolint (pull_request) Failing after 11m10s Details	2026-06-12 15:33:26 -04:00
cloudix_mcp_server	354e0b9f8a	feat(ci): add nightly rebuild workflow	2026-06-12 15:33:15 -04:00
cloudix_mcp_server	2d27619355	feat(ci): add tag release workflow	2026-06-12 15:33:08 -04:00
cloudix_mcp_server	574a66691e	feat(ci): add PR checks workflow	2026-06-12 15:32:56 -04:00
cloudix_mcp_server	411f780f5e	feat(ci): add main release workflow	2026-06-12 15:32:48 -04:00
jcabillot	54eb8f5e5e	Merge pull request 'ci: add automatic semver tagging on merge to master' (#10 ) from feat/semver-tag-action into master Docker Build and Push / lint (push) Successful in 6s Details Docker Build and Push / build (push) Successful in 1m55s Details Docker Build and Push / test (push) Successful in 28s Details Docker Build and Push / push (push) Failing after 57s Details Reviewed-on: #10	2026-06-12 13:45:01 -04:00
cloudix_mcp_server	18ca0a4366	ci: add automatic semver tagging on merge to master Docker Build and Push / lint (pull_request) Successful in 7s Details Docker Build and Push / build (pull_request) Successful in 1m56s Details Docker Build and Push / test (pull_request) Successful in 34s Details Docker Build and Push / push (pull_request) Has been skipped Details	2026-06-12 13:16:47 -04:00