AssemblyLine.dhall 1.55 KB
Newer Older
1
let GithubActions =
2
    {- renovate: currentValue=master -}
3
      https://raw.githubusercontent.com/SocialGouv/.github/baf508eff47537540ec7208cc242f7414f09cad1/dhall/github-actions/package.dhall
4
        sha256:66b276bb67cca4cfcfd1027da45857cc8d53e75ea98433b15dade1e1e1ec22c8
5 6

let ContainerTestJob =
7
      ../jobs/ContainerTest.dhall
8
        sha256:400214d12eb103c2500b450f1b1b62345be43866b1d5551badb68199b3c4aea9
9 10

let DockerBuildJob =
11
      ../jobs/DockerBuild.dhall
12
        sha256:31398149a20e78661ee58064a4859b3c33fc3b64e8e4c787a643a772069882d9
13 14

let HadolintJob =
15
      ../jobs/Hadolint.dhall
16
        sha256:832bac8e5ba7cb3fa31ba11de677a2b8c6b3b3a32129d087e776d5dd54317cbc
17

18
let TrivyJob =
19
      ../jobs/Trivy.dhall
20
        sha256:52073382b4c4f32ada3c093400296802c2ad530276f8622164224105cb4879b2
21

22 23 24 25 26 27 28
let Worklflow =
      λ ( args
        : { name : Text
          , jobs : List { mapKey : Text, mapValue : GithubActions.types.Job }
          }
        ) →
        GithubActions.Workflow::{
29
        , name = args.name
30
        , on = GithubActions.On::{ push = Some GithubActions.Push::{=} }
31
        , concurrency = Some GithubActions.Concurrency::{
32
          , group = "${args.name}-\${{ github.ref }}"
33 34
          , cancel-in-progress = True
          }
35 36 37 38 39
        , jobs =
              toMap
                { lint = HadolintJob args.name
                , build = DockerBuildJob args.name
                , container_test = ContainerTestJob { package = args.name }
40
                , security_scan = TrivyJob args.name
41 42 43 44 45
                }
            # args.jobs
        }

in  { Worklflow }