feat: 使用临时token操作时设置对应操作用户,同时删掉审计日志中token信息#2777 #82
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tag Release | |
on: | |
push: | |
tags: | |
- "v*" | |
jobs: | |
prepare-release: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Initialize mandatory git config | |
run: | | |
git config user.name "bkci-bot" | |
git config user.email "64278246+bkci-bot@users.noreply.github.com" | |
- name: Create release branch | |
run: | | |
version="${GITHUB_REF_NAME#v}" | |
branch="${version%%-rc.*}" | |
IFS='.' read -ra ADDR <<< "$branch" | |
patch=${ADDR[2]} | |
if [[ "$patch" == "0" ]]; then | |
git checkout -b release-$branch | |
git push origin release-$branch | |
fi | |
frontend: | |
needs: prepare-release | |
name: Build frontend | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Node.js | |
uses: actions/setup-node@v1 | |
with: | |
node-version: "16" | |
- name: Get yarn cache directory path | |
id: yarn-cache-dir-path | |
run: echo "::set-output name=dir::$(yarn cache dir)" | |
- uses: actions/cache@v3 | |
id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`) | |
with: | |
path: ${{ steps.yarn-cache-dir-path.outputs.dir }} | |
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: ${{ runner.os }}-yarn- | |
- name: Install project dependencies | |
run: yarn --prefer-offline | |
- run: yarn install && yarn start && yarn public | |
working-directory: src/frontend | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: frontend | |
path: src/frontend/frontend | |
backend: | |
needs: [prepare-release,frontend] | |
name: Build backend and release | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up JDK 1.8 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 1.8 | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@v2 | |
with: | |
cache-read-only: false | |
- name: Gradle Build Backend Service | |
working-directory: src/backend | |
run: | | |
./gradlew clean build | |
- name: Create artifact - Step1:get Frontend | |
uses: actions/download-artifact@v1 | |
with: | |
name: frontend | |
path: src/frontend/frontend | |
- name: Create artifact - Step2:make package | |
id: create-artifact | |
run: | | |
version="${GITHUB_REF_NAME#v}" | |
ci_pkg_dir=/dev/shm/bkrepo ./scripts/packager-repo.sh "$version" bkrepo-slim.tar.gz | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: bkrepo | |
path: bkrepo-slim.tar.gz | |
cloud-native: | |
needs: prepare-release | |
name: Build image and helm chart | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up JDK 1.8 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 1.8 | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@v2 | |
with: | |
cache-read-only: false | |
- name: Setup Docker -- CLOUD NATIVE | |
uses: docker-practice/actions-setup-docker@master | |
- name: Create Docker Image -- CLOUD NATIVE | |
working-directory: scripts | |
run: | | |
version="${GITHUB_REF_NAME#v}" | |
./build-images.sh -v $version --username ${{ secrets.DOCKER_USER }} \ | |
--password ${{ secrets.DOCKER_PASS }} -n ${{ secrets.DOCKER_NAMESPACE }} \ | |
-r ${{ secrets.DOCKER_HOST }} -p | |
- name: Install Helm -- CLOUD NATIVE | |
uses: azure/setup-helm@v1 | |
with: | |
version: v3.8.1 | |
- name: Package Helm Chart -- CLOUD NATIVE | |
working-directory: support-files/kubernetes/charts | |
run: | | |
version="${GITHUB_REF_NAME#v}" | |
./build.sh --version $version --app-version $version | |
mv bkrepo-$version.tgz bkrepo-charts.tgz | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: bkrepo-chart | |
path: support-files/kubernetes/charts/bkrepo-charts.tgz | |
quick-start: | |
needs: [prepare-release,backend] | |
name: Build all in one image | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: download bkrepo | |
uses: actions/download-artifact@v1 | |
id: download | |
with: | |
name: bkrepo | |
path: ./ | |
- name: Setup Docker | |
uses: docker-practice/actions-setup-docker@master | |
- name: Create Docker Image | |
working-directory: scripts | |
run: | | |
version="${GITHUB_REF_NAME#v}" | |
./build-images.sh --all-in-one -v $version --username ${{ secrets.DOCKER_USER }} \ | |
--password ${{ secrets.DOCKER_PASS }} -n ${{ secrets.DOCKER_NAMESPACE }} \ | |
-r ${{ secrets.DOCKER_HOST }} --slim-package-path ../bkrepo-slim.tar.gz -p -l | |
release-all: | |
name: Release All | |
runs-on: ubuntu-latest | |
if: ${{ always() }} | |
needs: [prepare-release, backend, cloud-native] | |
steps: | |
- name: Create Release | |
id: create_release | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ github.ref }} | |
release_name: bk-repo ${{ github.ref }} | |
draft: true | |
prerelease: true | |
## bkrepo | |
- name: download bkrepo | |
uses: actions/download-artifact@v1 | |
with: | |
name: bkrepo | |
path: ./ | |
- name: Upload Release Asset -- BKREPO | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ./bkrepo-slim.tar.gz | |
asset_name: bkrepo-slim.tar.gz | |
asset_content_type: application/gzip | |
## bkrepo helm chart | |
- name: download bkrepo-chart | |
uses: actions/download-artifact@v1 | |
with: | |
name: bkrepo-chart | |
path: ./ | |
- name: Upload Helm Chart -- CLOUD NATIVE | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ./bkrepo-charts.tgz | |
asset_name: bkrepo-charts.tgz | |
asset_content_type: application/gzip |