name: Tests, analysis and push to dev dockerhub on: push: branches: - dev jobs: # This is done to prevent potential race conditions; # multiple jobs start with the source code, but since # they have no "needs", one could start a little bit later, # and in meantime a commit could be pushed Clone-repo: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: submodules: recursive - uses: actions/upload-artifact@v3 with: name: source-code path: . Tests: runs-on: ubuntu-latest needs: Clone-repo steps: - uses: actions/download-artifact@v3 with: name: source-code path: . - name: Run tests run: make tests Static-analysis: runs-on: ubuntu-latest needs: Clone-repo steps: - uses: actions/download-artifact@v3 with: name: source-code path: . - name: Run satic analysis run: make static-analysis Security-analysis: runs-on: ubuntu-latest needs: Clone-repo steps: - uses: actions/download-artifact@v3 with: name: source-code path: . - run: sudo apt-get install -y flawfinder - name: Run security analysis run: make security-analysis Build: runs-on: ubuntu-latest needs: [ Tests, Static-analysis, Security-analysis ] steps: - uses: actions/download-artifact@v3 with: name: source-code path: . - name: Build server and browser run: make dev - uses: actions/upload-artifact@v3 with: name: dev-build-files path: ./build Build-docker-and-push: name: Build the docker container image and push it to dockerhub runs-on: ubuntu-latest needs: Build steps: - uses: actions/download-artifact@v3 with: name: dev-build-files path: /build - uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: docker/build-push-action@v5 with: push: true file: Dockerfile.dev tags: ${{ secrets.DOCKERHUB_USERNAME }}/pico-web-dev:latest