Update SECURITY.md #2275
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: [push, pull_request] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| postgresql: ['10', '15','16'] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.gradle/caches | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - uses: actions/cache@v3 | |
| with: | |
| path: ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-wrapper-${{ hashFiles('**/gradlew') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradlew- | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 17 | |
| distribution: temurin | |
| - name: Build with Gradle | |
| run: ./gradlew build distribution jacocoTestReport -Dpgsql.version=${{ matrix.postgresql }} | |
| - name: upload to sonarcloud | |
| if: ${{ github.repository == 'alfio-event/alf.io' && matrix.postgresql == '16'}} | |
| run: ./gradlew sonarqube | |
| env: | |
| SONARCLOUD_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: 'Upload Build' | |
| if: ${{ github.repository == 'alfio-event/alf.io' && matrix.postgresql == '10'}} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: build | |
| retention-days: 5 | |
| push_image_dev: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.repository == 'alfio-event/alf.io' && github.event_name == 'push' }} | |
| needs: build | |
| name: Push dev image | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Configure Docker | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ secrets.CR_USER }} | |
| password: ${{ secrets.CR_PAT }} | |
| - name: Inject slug/short variables | |
| uses: rlespinasse/github-slug-action@v4 | |
| - name: Push Docker image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./dockerize | |
| tags: | | |
| ghcr.io/alfio-event/alf.io/dev-${{ env.GITHUB_REF_SLUG }}:latest | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| push_image_prod: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.repository == 'alfio-event/alf.io' && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') }} | |
| needs: build | |
| name: Push PROD image | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Configure Docker | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to Container Registry (GitHub) | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ secrets.CR_USER }} | |
| password: ${{ secrets.CR_PAT }} | |
| - name: Login to Container Registry (Docker) | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: docker.io | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Push Docker image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./dockerize | |
| tags: | | |
| ghcr.io/alfio-event/alf.io/prod:${{github.ref_name}} | |
| alfio/alf.io:${{github.ref_name}} | |
| alfio/alf.io:latest | |
| platforms: linux/amd64,linux/arm64 | |
| push: true |