Merge pull request 'CI: standardize workflows - tests mandatory, remove :latest push on master' (#13) from fix/workflow-standard into master

Reviewed-on: #13

.gitea/workflows/cron.yaml

@@ -5,13 +5,21 @@ on:
 jobs:
   hadolint:
     runs-on: ubuntu-latest
+    continue-on-error: true
     steps:
       - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
       - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        continue-on-error: true
         with:
           dockerfile: Dockerfile
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
+      - run: docker build -t ci-image:${{ github.sha }} .
+      - run: bash tests/test.sh ci-image:${{ github.sha }}
   build-push:
+    needs: [test]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
@@ -31,8 +39,7 @@ jobs:
         with:
           images: jcabillot/cipherscan
           tags: |
-            type=raw,value=latest
+            type=raw,value=${{ steps.get-latest-tag.outputs.tag }}-latest,enable=${{ steps.get-latest-tag.outputs.tag != '' }}
-            type=raw,value=${{ steps.get-latest-tag.outputs.tag }},enable=${{ steps.get-latest-tag.outputs.tag != '' }}
       - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
         with:
           context: .

.gitea/workflows/main.yaml

@@ -5,34 +5,12 @@ on:
 jobs:
   hadolint:
     runs-on: ubuntu-latest
+    continue-on-error: true
     steps:
       - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
       - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        continue-on-error: true
         with:
           dockerfile: Dockerfile
-  build-push:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
-      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
-      - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - id: meta
-        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
-        with:
-          images: jcabillot/cipherscan
-          tags: |
-            type=raw,value=latest
-      - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          pull: true
   test:
     runs-on: ubuntu-latest
     steps:
@@ -40,7 +18,15 @@ jobs:
       - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
       - run: docker build -t ci-image:${{ github.sha }} .
       - run: bash tests/test.sh ci-image:${{ github.sha }}
+  build:
+    needs: [test]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
+      - run: docker build -t jcabillot/cipherscan:${{ github.sha }} .
   tag:
+    needs: [build]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
@@ -48,10 +34,10 @@ jobs:
           fetch-depth: 0
       - name: Configure git auth
         run: |
-          git remote set-url origin "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@scm.cabillot.eu/perso/cipherscan.git"
+          git remote set-url origin "https://x-access-token:${{ secrets.SA_TOKEN_ACTION_PUSH_TAGS }}@scm.cabillot.eu/perso/cipherscan.git"
       - uses: anothrNick/github-tag-action@4ed44965e0db8dab2b466a16da04aec3cc312fd8 # v1.75.0
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.SA_TOKEN_ACTION_PUSH_TAGS }}
           DEFAULT_BUMP: patch
           RELEASE_BRANCHES: master
           WITH_V: true

.gitea/workflows/tag.yaml

@@ -5,13 +5,21 @@ on:
 jobs:
   hadolint:
     runs-on: ubuntu-latest
+    continue-on-error: true
     steps:
       - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
       - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
-        continue-on-error: true
         with:
           dockerfile: Dockerfile
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
+      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
+      - run: docker build -t ci-image:${{ github.sha }} .
+      - run: bash tests/test.sh ci-image:${{ github.sha }}
   build-push:
+    needs: [test]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
@@ -26,6 +34,7 @@ jobs:
           images: jcabillot/cipherscan
           tags: |
             type=ref,event=tag
+            type=ref,event=tag,suffix=-latest
       - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
         with:
           context: .

.gitlab-ci.yml

@@ -1,35 +0,0 @@
-image: "docker:latest"
-
-services:
-  - "docker:dind"
-
-before_script:
-  - "docker login -u \"$CI_REGISTRY_USER\" -p \"$CI_REGISTRY_PASSWORD\" $CI_REGISTRY"
-
-build-master:
-  stage: "build"
-  script:
-    - "docker build --pull -t \"$CI_REGISTRY_IMAGE\" ."
-    - "docker push \"$CI_REGISTRY_IMAGE\""
-  only:
-    - "master"
-
-build:
-  stage: "build"
-  script:
-    - "docker build --pull -t \"$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG\" ."
-    - "docker push \"$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG\""
-  except:
-    - "master"
-
-deploy-dockerhub:
-  stage: "deploy"
-  before_script:
-    - "docker login -u \"$DOCKERHUB_USER\" -p \"$DOCKERHUB_PASSWORD\""
-    - "docker login -u \"$CI_REGISTRY_USER\" -p \"$CI_REGISTRY_PASSWORD\" $CI_REGISTRY"
-  script:
-    - "docker pull \"$CI_REGISTRY_IMAGE\""
-    - "docker tag \"$CI_REGISTRY_IMAGE\" \"$DOCKERHUB_USER/$DOCKERHUB_PROJECT\""
-    - "docker push \"$DOCKERHUB_USER/$DOCKERHUB_PROJECT\""
-  only:
-    - "master"

Jenkinsfile

@@ -1,38 +0,0 @@
-pipeline {
-  environment {
-    registry = 'https://registry.hub.docker.com'
-    registryCredential = 'dockerhub_jcabillot'
-    dockerImage = 'jcabillot/cipherscan'
-  }
-
-  agent any
-
-  triggers {
-    cron('@midnight')
-  }
-
-  stages {
-    stage('Clone repository') {
-      steps{
-        checkout scm
-      }
-    }
-
-    stage('Build image') {
-      steps{
-        sh 'docker build --force-rm=true --no-cache=true --pull -t ${dockerImage} .'
-      }
-    }
-
-    stage('Deploy Image') {
-      steps{
-        script {
-          withCredentials([usernamePassword(credentialsId: 'dockerhub_jcabillot', usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) {
-            sh 'docker login --username ${DOCKER_USER} --password ${DOCKER_PASS}'
-            sh 'docker push ${dockerImage}'
-          }
-        }
-      }
-    }
-  }
-}