goreleaser-scheduled #51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: goreleaser-scheduled | |
on: | |
schedule: | |
- cron: "0 2 * * *" | |
workflow_dispatch: | |
jobs: | |
pre_release_job: | |
runs-on: ubuntu-latest | |
outputs: | |
changes: ${{ steps.lasttag.outputs.newchanges }} | |
sha8: ${{ steps.shorthash.outputs.sha8 }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Check if there are new commits since last nightly | |
id: lasttag | |
run: echo "::set-output name=newchanges::$(bash ./.github/scripts/is-changed-since-last-nightly.sh)" | |
- name: Set short hash | |
id: shorthash | |
run: echo "::set-output name=sha8::$(echo ${GITHUB_SHA} | cut -c1-8)" | |
goreleaser: | |
needs: pre_release_job | |
if: ${{ needs.pre_release_job.outputs.changes == 'yes' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: toko-bifrost/ms-teams-deploy-card@master | |
if: always() | |
with: | |
github-token: ${{ secrets.KICS_BOT_PAT }} | |
webhook-uri: ${{ secrets.MSTEAMS_WEBHOOK_URL }} | |
card-layout-start: cozy | |
card-layout-exit: complete | |
show-on-start: true | |
show-on-exit: true | |
custom-facts: | | |
- name: Nightly Release Commit | |
value: ${{ needs.pre_release_job.outputs.sha8 }} | |
custom-actions: | | |
- name: View CI Logs | |
value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }}" | |
- name: View HEAD Commit | |
value: https://github.com/Checkmarx/kics/commit/${{ github.sha }} | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.20.x | |
- name: Run GoReleaser | |
uses: goreleaser/[email protected] | |
with: | |
version: v0.160.0 | |
args: release --rm-dist --snapshot --skip-validate --config="./release/.goreleaser-nightly.yml" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
DESCRIPTIONS_URL: ${{ secrets.DESCRIPTIONS_URL }} | |
- name: delete release | |
uses: dev-drprasad/[email protected] | |
with: | |
delete_release: true # default: false | |
tag_name: nightly # tag name to delete | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create Release | |
id: create_release | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: nightly | |
release_name: nightly-${{ needs.pre_release_job.outputs.sha8 }} | |
draft: false | |
prerelease: true | |
- name: Display assets | |
run: | | |
ls -l /home/runner/work/kics/kics/dist | |
- name: Upload Release Asset Linux | |
id: upload-release-asset-linux | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps | |
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_linux_x64.tar.gz | |
asset_name: kics_nightly-release_linux_amd64.tar.gz | |
asset_content_type: application/gzip | |
- name: Upload Release Asset Darwin | |
id: upload-release-asset-darwin | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps | |
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_darwin_x64.tar.gz | |
asset_name: kics_nightly-release_darwin_amd64.tar.gz | |
asset_content_type: application/gzip | |
- name: Upload Release Asset Windows | |
id: upload-release-asset-windows | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps | |
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_windows_x64.zip | |
asset_name: kics_nightly-release_windows_amd64.zip | |
asset_content_type: application/zip | |
- name: Upload Release Asset Checksum | |
id: upload-release-asset-checksums | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps | |
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_checksums.txt | |
asset_name: kics_nightly-release_checksums.txt | |
asset_content_type: text/plain | |
push_to_registry: | |
name: Push Docker image to Docker Hub | |
needs: pre_release_job | |
if: ${{ needs.pre_release_job.outputs.changes == 'yes' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v3 | |
- uses: toko-bifrost/ms-teams-deploy-card@master | |
if: always() | |
with: | |
github-token: ${{ secrets.KICS_BOT_PAT }} | |
webhook-uri: ${{ secrets.MSTEAMS_WEBHOOK_URL }} | |
card-layout-start: cozy | |
card-layout-exit: complete | |
show-on-start: true | |
show-on-exit: true | |
custom-facts: | | |
- name: Nightly Release Commit | |
value: ${{ needs.pre_release_job.outputs.sha8 }} | |
custom-actions: | | |
- name: View CI Logs | |
value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }}" | |
- name: View HEAD Commit | |
value: https://github.com/Checkmarx/kics/commit/${{ github.sha }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
with: | |
image: tonistiigi/binfmt:latest | |
platforms: linux/amd64,linux/arm64 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to DockerHub | |
uses: docker/[email protected] | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Push alpine to Docker Hub | |
id: build_alpine | |
uses: docker/[email protected] | |
with: | |
context: . | |
push: true | |
platforms: linux/amd64,linux/arm64 | |
tags: checkmarx/kics:nightly,checkmarx/kics:nightly-alpine | |
build-args: | | |
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }} | |
COMMIT=${{ github.sha }} | |
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} | |
- name: Build and push debian to Docker Hub | |
id: build_debian | |
uses: docker/[email protected] | |
with: | |
context: . | |
file: ./docker/Dockerfile.debian | |
push: true | |
platforms: linux/amd64,linux/arm64 | |
tags: checkmarx/kics:nightly-debian | |
build-args: | | |
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }} | |
COMMIT=${{ github.sha }} | |
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} | |
- name: Build and push ubi8 to Docker Hub | |
id: build_ubi8 | |
uses: docker/[email protected] | |
with: | |
context: . | |
file: ./docker/Dockerfile.ubi8 | |
push: true | |
tags: checkmarx/kics:nightly-ubi8 | |
platforms: linux/amd64 | |
build-args: | | |
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }} | |
COMMIT=${{ github.sha }} | |
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} | |
- name: Export Image Digests | |
run: | | |
VERSION=nightly | |
COMMIT_SHA8=${{ needs.pre_release_job.outputs.sha8 }} | |
DATE=$(date +'%Y-%m-%d') | |
DIGEST=${{ steps.build_alpine.outputs.digest }} | |
ALPINE_DIGEST=${{ steps.build_alpine.outputs.digest }} | |
DEBIAN_DIGEST=${{ steps.build_debian.outputs.digest }} | |
UBI8_DIGEST=${{ steps.build_ubi8.outputs.digest }} | |
echo "scratch,${COMMIT_SHA8},${DATE},${DIGEST}" >> docs/docker/nightly.csv | |
echo "alpine,${COMMIT_SHA8},${DATE},${ALPINE_DIGEST}" >> docs/docker/nightly.csv | |
echo "debian,${COMMIT_SHA8},${DATE},${DEBIAN_DIGEST}" >> docs/docker/nightly.csv | |
echo "ubi8,${COMMIT_SHA8},${DATE},${UBI8_DIGEST}" >> docs/docker/nightly.csv | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: 3.x | |
- name: Generate .md table | |
run: | | |
pip install csvtomd | |
csvtomd docs/docker/nightly.csv > docs/docker/nightly.md | |
- name: Create Pull Request | |
uses: peter-evans/create-pull-request@v4 | |
with: | |
title: "docs(kicsbot): update images digest" | |
token: ${{ secrets.KICS_BOT_PAT }} | |
commit-message: "docs(kicsbot): update images digest" | |
delete-branch: true | |
branch: feature/kicsbot-update-queries-docs | |
body: | | |
**Automated Changes** | |
Updating docker images digests | |
Triggered by SHA: _${{ github.sha }}_ | |
labels: documentation |