.github/workflows/test.yml

name: test
on: push
jobs:
  lint-test:
    name: Lint and Test API
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Node 18
        uses: actions/setup-node@v3
        with:
          node-version: 18
      - name: Npm install
        run: npm ci
      - name: Run linter
        run: npm run lint
      - name: Start docker environment for testing
        run: docker-compose up -d db redis
      - name: Run tests
        run: npm test
      - name: Show docker compose logs
        run: docker-compose logs
        if: ${{ always() }}
      - name: Stop docker environment for testing
        run: docker-compose down
        if: ${{ always() }}
      - name: Run Snyk to check for vulnerabilities
        uses: snyk/actions/node@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --severity-threshold=high
      - name: Coveralls
        uses: coverallsapp/github-action@master
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          path-to-lcov: ./coverage/lcov.info
  docker:
    name: Build Docker Images
    needs: lint-test
    if: success() && github.ref == 'refs/heads/master'
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Package Version
        id: vars
        run: echo ::set-output name=docker_tag::$(grep version package.json | awk -F \" '{print $4}')
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Build and push
        uses: docker/build-push-action@v3
        with:
          push: true
          tags: jtwebman/node-express-postgres-docker-todo:${{ steps.vars.outputs.docker_tag }},jtwebman/node-express-postgres-docker-todo:latest
  docker-security:
    name: Check Docker Image Security
    needs: docker
    if: success() && github.ref == 'refs/heads/master'
    runs-on: ubuntu-latest
    steps:
      - name: Run Snyk to check Docker image for vulnerabilities
        uses: snyk/actions/docker@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          image: jtwebman/node-express-postgres-docker-todo
          args: --fail-on=all