.github/workflows/ci.yml

name: Continuous Integration
env:
  DOCKER_IMAGE: wyrihaximusnet/telegraf
on: [push]
jobs:
  lint-dockerfile:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - name: Lint Dockerfile
        uses: docker://hadolint/hadolint:latest-debian
        with:
          entrypoint: hadolint
          args: Dockerfile
  build-docker-image:
    needs:
      - lint-dockerfile
    runs-on: ubuntu-latest
    strategy:
      matrix:
        telegraf: ['1.12', '1.14']
    steps:
      - uses: actions/checkout@v1
      - run: docker image build --build-arg TAG_VERSION=${{ matrix.telegraf }} -t "${DOCKER_IMAGE}:${{ matrix.telegraf }}" . --no-cache --build-arg VERSION=${{ matrix.telegraf }}
      - run: mkdir ./docker-image
      - run: docker save "${DOCKER_IMAGE}:${{ matrix.telegraf }}" -o ./docker-image/docker_image.tar
      - uses: actions/upload-artifact@master
        with:
          name: docker-image-${{ matrix.telegraf }}
          path: ./docker-image
  scan-vulnerability:
    needs: build-docker-image
    runs-on: ubuntu-latest
    strategy:
      matrix:
        telegraf: ['1.12', '1.14']
    steps:
      - uses: actions/checkout@v1
      - name: Install clair-scanner
        run: |
          sudo curl -L https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 -o /usr/local/bin/clair-scanner
          sudo chmod +x /usr/local/bin/clair-scanner
      - uses: actions/download-artifact@master
        with:
          name: docker-image-${{ matrix.telegraf }}
          path: ./docker-image
      - run: docker load --input ./docker-image/docker_image.tar
      - run: rm -Rf ./docker-image/
      - run: mkdir -p "./clair/${DOCKER_IMAGE}"
      - run: docker-compose -f .docker/security/docker-compose.yml -p clair-ci up -d
#      - run: RETRIES=0 && while ! wget -T 10 -q -O /dev/null http://localhost:6060/v1/namespaces ; do sleep 1 ; echo -n "." ; if [ $${RETRIES} -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; RETRIES=$$(($${RETRIES}+1)) ; done
      - run: sleep 10
      - run: echo -e "${DOCKER_IMAGE}:${{ matrix.telegraf }}" | xargs -I % sh -c 'clair-scanner --ip 172.17.0.1 -r "./clair/%.json" -l ./clair/clair.log % || (echo "% is vulnerable" && exit 1)'
      - run: docker-compose -f .docker/security/docker-compose.yml -p clair-ci down