garm-test-pipeline/argo-workflows/example-ci-workflow.yaml

apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  generateName: example-ci-workflow-
  namespace: argo
  labels:
    workflows.argoproj.io/archive-strategy: "false"
  annotations:
    workflows.argoproj.io/description: |
      This is a simple workflow to show what steps we need to take to deploy an application.
spec:
  entrypoint: ci
  serviceAccountName: admin
  volumeClaimTemplates:
    - metadata:
        name: shared-data
      spec:
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
            storage: 1Gi
  volumes:
    - name: docker-config
      secret:
        secretName: my-docker-secret
  templates:
    - name: ci
      dag:
        tasks:
          - name: git-clone
            template: git-clone
          - name: ls
            template: ls
            dependencies: [git-clone]
          - name: build
            template: build
            dependencies: [unit-tests, lint-scan]
          - name: unit-tests
            template: unit-tests
            dependencies: [ls]
          - name: lint-scan
            template: lint-scan
            dependencies: [ls]
          - name: trivy-image-scan
            template: trivy-image-scan
            dependencies: [build]
          - name: trivy-filesystem-scan
            template: trivy-filesystem-scan
            dependencies: [git-clone]
          - name: deploy-image
            template: simple-container
            # when: " == true"
            dependencies: [trivy-image-scan, trivy-filesystem-scan]

    - name: simple-container
      container:
        image: alpine:3.20.3
        command: [sh, -c]
        args: ["echo test"]

    - name: ls
      container:
        image: alpine:3.20.3
        command: [sh, -c]
        args:
          - |
            set -e

            ls -la /
            ls -la /shared-data
            ls -la /shared-data/repo
        volumeMounts:
          - name: shared-data
            mountPath: /shared-data    

    - name: git-clone
      container:
        image: ubuntu:24.10
        command: [sh, -c]
        args:
          - |
            set -e

            apt update
            apt install -y git
            git clone -b main https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/Franz.Germann/fibonacci_go.git /shared-data/repo
            
            echo git-clone task completed
        volumeMounts:
          - name: shared-data
            mountPath: /shared-data

    - name: build
      container:
        image: gcr.io/kaniko-project/executor:v1.23.2
        args:
          [
            "--dockerfile=Dockerfile",
            "--context=/shared-data/repo/",
            "--destination=gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest",
            "--skip-tls-verify"
          ]
        volumeMounts:
          - name: shared-data
            mountPath: /shared-data
          - name: docker-config
            mountPath: /kaniko/.docker/

    - name: unit-tests
      container:
        image: golang:1.23.2
        command: [sh, -c]
        args:
          - |
            set -e

            cd /shared-data/repo
            go test ./... -v

            echo unit-test task completed
        volumeMounts:
          - name: shared-data
            mountPath: /shared-data
      # How to extract artifacts

    - name: lint-scan
      container:
        image: golangci/golangci-lint:v1.61.0
        command: [sh, -c]
        args:
          - |
            set -e

            cd /shared-data/repo
            golangci-lint run ./... --out-format=json --timeout 5m --issues-exit-code 1

            echo lint-scan task completed
        volumeMounts:
          - name: shared-data
            mountPath: /shared-data
    
    - name: trivy-filesystem-scan
      container:
        image: aquasec/trivy:0.56.2
        command: [sh, -c]
        args:
          - |
            set -e

            trivy fs --scanners license,vuln,misconfig,secret /shared-data/repo

            echo trivy-filesystem-scan task completed
        volumeMounts:
          - name: shared-data
            mountPath: /shared-data

    - name: trivy-image-scan
      container:
        image: aquasec/trivy:0.56.2
        command: [sh, -c]
        args:
          - |
            set -e

            TRIVY_INSECURE=true trivy image --scanners license,vuln,secret gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest
            TRIVY_INSECURE=true trivy image --image-config-scanners secret,misconfig gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest

            echo trivy-image-scan task completed
initial commit 2024-10-18 14:26:36 +02:00			`apiVersion: argoproj.io/v1alpha1`
			`kind: Workflow`
			`metadata:`
			`generateName: example-ci-workflow-`
			`namespace: argo`
			`labels:`
			`workflows.argoproj.io/archive-strategy: "false"`
			`annotations:`
			`workflows.argoproj.io/description: \|`
			`This is a simple workflow to show what steps we need to take to deploy an application.`
			`spec:`
			`entrypoint: ci`
			`serviceAccountName: admin`
Initial commit 2024-10-22 16:06:32 +02:00			`volumeClaimTemplates:`
adds lint-scan template 2024-10-24 13:35:21 +02:00			`- metadata:`
			`name: shared-data`
			`spec:`
			`accessModes: ["ReadWriteOnce"]`
			`resources:`
			`requests:`
			`storage: 1Gi`
adds certificate file 2024-10-23 15:14:37 +02:00			`volumes:`
adds lint-scan template 2024-10-24 13:35:21 +02:00			`- name: docker-config`
			`secret:`
			`secretName: my-docker-secret`
initial commit 2024-10-18 14:26:36 +02:00			`templates:`
adds lint-scan template 2024-10-24 13:35:21 +02:00			`- name: ci`
			`dag:`
			`tasks:`
			`- name: git-clone`
			`template: git-clone`
			`- name: ls`
			`template: ls`
			`dependencies: [git-clone]`
			`- name: build`
			`template: build`
			`dependencies: [unit-tests, lint-scan]`
			`- name: unit-tests`
			`template: unit-tests`
			`dependencies: [ls]`
			`- name: lint-scan`
			`template: lint-scan`
			`dependencies: [ls]`
			`- name: trivy-image-scan`
adds specific versions to all the containers used 2024-10-29 14:00:30 +01:00			`template: trivy-image-scan`
adds lint-scan template 2024-10-24 13:35:21 +02:00			`dependencies: [build]`
			`- name: trivy-filesystem-scan`
adds specific versions to all the containers used 2024-10-29 14:00:30 +01:00			`template: trivy-filesystem-scan`
adds lint-scan template 2024-10-24 13:35:21 +02:00			`dependencies: [git-clone]`
ci workflows works 2024-10-28 14:46:10 +01:00			`- name: deploy-image`
adds lint-scan template 2024-10-24 13:35:21 +02:00			`template: simple-container`
			`# when: " == true"`
			`dependencies: [trivy-image-scan, trivy-filesystem-scan]`
initial commit 2024-10-18 14:26:36 +02:00
adds lint-scan template 2024-10-24 13:35:21 +02:00			`- name: simple-container`
			`container:`
adds specific versions to all the containers used 2024-10-29 14:00:30 +01:00			`image: alpine:3.20.3`
adds lint-scan template 2024-10-24 13:35:21 +02:00			`command: [sh, -c]`
adds specific versions to all the containers used 2024-10-29 14:00:30 +01:00			`args: ["echo test"]`
comments out failing tests 2024-10-23 17:03:17 +02:00
adds lint-scan template 2024-10-24 13:35:21 +02:00			`- name: ls`
			`container:`
adds specific versions to all the containers used 2024-10-29 14:00:30 +01:00			`image: alpine:3.20.3`
adds lint-scan template 2024-10-24 13:35:21 +02:00			`command: [sh, -c]`
adds specific versions to all the containers used 2024-10-29 14:00:30 +01:00			`args:`
adds ci templates 2024-11-08 12:37:54 +01:00			`- \|`
			`set -e`

adds specific versions to all the containers used 2024-10-29 14:00:30 +01:00			`ls -la /`
			`ls -la /shared-data`
			`ls -la /shared-data/repo`
			`volumeMounts:`
			`- name: shared-data`
			`mountPath: /shared-data`
adds lint-scan template 2024-10-24 13:35:21 +02:00
			`- name: git-clone`
			`container:`
adds specific versions to all the containers used 2024-10-29 14:00:30 +01:00			`image: ubuntu:24.10`
adds lint-scan template 2024-10-24 13:35:21 +02:00			`command: [sh, -c]`
			`args:`
			`- \|`
adds ci templates 2024-11-08 12:37:54 +01:00			`set -e`

adds lint-scan template 2024-10-24 13:35:21 +02:00			`apt update`
			`apt install -y git`
			`git clone -b main https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/Franz.Germann/fibonacci_go.git /shared-data/repo`
adds specific versions to all the containers used 2024-10-29 14:00:30 +01:00
			`echo git-clone task completed`
adds lint-scan template 2024-10-24 13:35:21 +02:00			`volumeMounts:`
			`- name: shared-data`
			`mountPath: /shared-data`

			`- name: build`
			`container:`
			`image: gcr.io/kaniko-project/executor:v1.23.2`
			`args:`
			`[`
workflow now builds and pushes app image 2024-10-28 14:32:16 +01:00			`"--dockerfile=Dockerfile",`
adds lint-scan template 2024-10-24 13:35:21 +02:00			`"--context=/shared-data/repo/",`
workflow now builds and pushes app image 2024-10-28 14:32:16 +01:00			`"--destination=gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest",`
			`"--skip-tls-verify"`
adds lint-scan template 2024-10-24 13:35:21 +02:00			`]`
			`volumeMounts:`
			`- name: shared-data`
			`mountPath: /shared-data`
			`- name: docker-config`
workflow now builds and pushes app image 2024-10-28 14:32:16 +01:00			`mountPath: /kaniko/.docker/`
adds lint-scan template 2024-10-24 13:35:21 +02:00
			`- name: unit-tests`
			`container:`
			`image: golang:1.23.2`
			`command: [sh, -c]`
			`args:`
			`- \|`
adds ci templates 2024-11-08 12:37:54 +01:00			`set -e`

lint-scan test 2024-10-25 11:09:34 +02:00			`cd /shared-data/repo`
workflow now builds and pushes app image 2024-10-28 14:32:16 +01:00			`go test ./... -v`
adds specific versions to all the containers used 2024-10-29 14:00:30 +01:00
			`echo unit-test task completed`
adds lint-scan template 2024-10-24 13:35:21 +02:00			`volumeMounts:`
			`- name: shared-data`
			`mountPath: /shared-data`
			`# How to extract artifacts`

			`- name: lint-scan`
			`container:`
			`image: golangci/golangci-lint:v1.61.0`
			`command: [sh, -c]`
			`args:`
			`- \|`
adds ci templates 2024-11-08 12:37:54 +01:00			`set -e`

lint-scan test 2024-10-25 11:09:34 +02:00			`cd /shared-data/repo`
workflow now builds and pushes app image 2024-10-28 14:32:16 +01:00			`golangci-lint run ./... --out-format=json --timeout 5m --issues-exit-code 1`
adds specific versions to all the containers used 2024-10-29 14:00:30 +01:00
			`echo lint-scan task completed`
			`volumeMounts:`
			`- name: shared-data`
			`mountPath: /shared-data`

			`- name: trivy-filesystem-scan`
			`container:`
			`image: aquasec/trivy:0.56.2`
			`command: [sh, -c]`
			`args:`
			`- \|`
adds ci templates 2024-11-08 12:37:54 +01:00			`set -e`

adds specific versions to all the containers used 2024-10-29 14:00:30 +01:00			`trivy fs --scanners license,vuln,misconfig,secret /shared-data/repo`

			`echo trivy-filesystem-scan task completed`
adds lint-scan template 2024-10-24 13:35:21 +02:00			`volumeMounts:`
			`- name: shared-data`
			`mountPath: /shared-data`
adds specific versions to all the containers used 2024-10-29 14:00:30 +01:00
			`- name: trivy-image-scan`
			`container:`
			`image: aquasec/trivy:0.56.2`
			`command: [sh, -c]`
adds ci templates 2024-11-08 12:37:54 +01:00			`args:`
			`- \|`
			`set -e`

			`TRIVY_INSECURE=true trivy image --scanners license,vuln,secret gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest`
			`TRIVY_INSECURE=true trivy image --image-config-scanners secret,misconfig gitea.cnoe.localtest.me/giteaadmin/fibonacci_go:latest`

			`echo trivy-image-scan task completed`