add security headers #215
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Aptabase CI | |
on: push | |
permissions: | |
id-token: write | |
packages: write | |
contents: read | |
jobs: | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: postgres:15 | |
env: | |
POSTGRES_USER: aptabase | |
POSTGRES_PASSWORD: aptabase_pw | |
ports: | |
- 5432:5432 | |
clickhouse: | |
image: clickhouse/clickhouse-server:23.3.8.21 | |
env: | |
CLICKHOUSE_USER: aptabase | |
CLICKHOUSE_PASSWORD: aptabase_pw | |
ports: | |
- 8123:8123 | |
mailcatcher: | |
image: dockage/mailcatcher:0.8.2 | |
ports: | |
- 1025:1025 | |
- 1080:1080 | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
- name: Setup .NET Core SDK 7.x | |
uses: actions/setup-dotnet@v3 | |
with: | |
dotnet-version: 7.x | |
- name: Run Unit Tests | |
run: dotnet test | |
working-directory: tests/UnitTests | |
- name: Run Integration Tests | |
run: dotnet test | |
working-directory: tests/IntegrationTests | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
tags: aptabase:latest | |
outputs: type=docker,dest=/tmp/aptabase.tar | |
- name: Upload Image | |
uses: actions/upload-artifact@v3 | |
with: | |
name: aptabase | |
path: /tmp/aptabase.tar | |
publish: | |
if: ${{ github.ref == 'refs/heads/main' }} | |
name: Publish | |
runs-on: ubuntu-latest | |
needs: [build, test] | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Download Image | |
uses: actions/download-artifact@v3 | |
with: | |
name: aptabase | |
path: /tmp | |
- name: Load Image | |
run: docker load --input /tmp/aptabase.tar | |
# Push to Public Registry | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Push to GitHub Container Registry | |
run: | | |
docker tag aptabase:latest $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
env: | |
REGISTRY: ghcr.io/aptabase | |
REPOSITORY: aptabase | |
IMAGE_TAG: main | |
deploy-us: | |
if: ${{ github.ref == 'refs/heads/main' }} | |
name: Deploy to Aptabase US | |
runs-on: "ubuntu-latest" | |
environment: "Aptabase US" | |
needs: [publish] | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Download Image | |
uses: actions/download-artifact@v3 | |
with: | |
name: aptabase | |
path: /tmp | |
- name: Load Image | |
run: docker load --input /tmp/aptabase.tar | |
- name: Configure AWS credentials (US) | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: arn:aws:iam::907052285437:role/github-action | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR (US) | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
mask-password: "true" | |
- name: Push to Amazon ECR (US) | |
run: | | |
docker tag aptabase:latest $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
env: | |
REGISTRY: 907052285437.dkr.ecr.us-east-1.amazonaws.com | |
REPOSITORY: aptabase | |
IMAGE_TAG: main | |
deploy-eu: | |
if: ${{ github.ref == 'refs/heads/main' }} | |
name: Deploy to Aptabase EU | |
runs-on: "ubuntu-latest" | |
environment: "Aptabase EU" | |
needs: [publish] | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Download Image | |
uses: actions/download-artifact@v3 | |
with: | |
name: aptabase | |
path: /tmp | |
- name: Load Image | |
run: docker load --input /tmp/aptabase.tar | |
- name: Configure AWS credentials (EU) | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: arn:aws:iam::907052285437:role/github-action | |
aws-region: eu-central-1 | |
- name: Login to Amazon ECR (EU) | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
mask-password: "true" | |
- name: Push to Amazon ECR (EU) | |
run: | | |
docker tag aptabase:latest $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
env: | |
REGISTRY: 907052285437.dkr.ecr.eu-central-1.amazonaws.com | |
REPOSITORY: aptabase | |
IMAGE_TAG: main |