Skip to content

👷 Merge docker build + push step / [Yannig] is testing from current repo 🚀 #104

👷 Merge docker build + push step / [Yannig] is testing from current repo 🚀

👷 Merge docker build + push step / [Yannig] is testing from current repo 🚀 #104

Workflow file for this run

name: Pull request
run-name: "${{ github.event.pull_request.title }} / [${{ github.actor }}] is testing${{ github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name && format(' from fork [{0}]', github.event.pull_request.head.repo.full_name) || format(' from current repo') }} 🚀"
on:
pull_request:
branches:
- main
- master
paths-ignore:
- ".github/**/*.yml"
- "**/*.md"
- "README.md"
permissions:
contents: write
packages: write
security-events: write
pull-requests: write
concurrency:
group: ${{ github.event.pull_request.head.repo.full_name }}-${{ github.head_ref }}/${{ github.ref }}
cancel-in-progress: true
env:
PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}
PULL_REQUEST_BRANCH: ${{ github.head_ref }}
PULL_REQUEST_HEAD: ${{ github.event.pull_request.head.sha }}
CONCURRENCY_GROUP: ${{ github.event.pull_request.head.repo.full_name }}-${{ github.head_ref }}/${{ github.ref }}
BRANCH: ${{ github.event.pull_request.head.ref }}
REPOSITORY: ${{ github.event.pull_request.head.repo.full_name }}
REGISTRY: ghcr.io
IMAGE_NAME: "ghcr.io/${{ github.repository }}"
RELEASE: false
FORKED: ${{ github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name }}
jobs:
config:
if: github.triggering_actor != 'dependabot[bot]'
runs-on: ubuntu-latest
outputs:
go-version: ${{ fromJson(steps.config.outputs.config).go-version }}
deploy-pull-request: ${{ fromJson(steps.config.outputs.config).deploy.pull-request }}
deploy-sign-docker-image: ${{ fromJson(steps.config.outputs.config).deploy.sign-docker-image }}
deploy-pre-release-matrix: ${{ steps.pre-release-matrix.outputs.matrix }}
deploy-release-matrix: ${{ steps.release-matrix.outputs.matrix }}
is-forked: ${{ github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ env.PULL_REQUEST_HEAD }}
- name: Read config
id: config
run: echo "config=$(jq -M -c '.' ./.github/workflow-config.json)" >> $GITHUB_OUTPUT
- name: List Pre-release profiles
id: deploy-pr-images-profiles
run: echo "profiles=$(jq -c -M '.deploy."pull-request-images"' .github/workflow-config.json)" >> $GITHUB_OUTPUT
- name: Deploy pre-release matrix
id: pre-release-matrix
run: echo 'matrix={"include":${{ steps.deploy-pr-images-profiles.outputs.profiles }} }' >> $GITHUB_OUTPUT
- name: List release profiles
id: deploy-images-profiles
run: echo "profiles=$(jq -c -M '.deploy."release-images"' .github/workflow-config.json)" >> $GITHUB_OUTPUT
- name: Deploy release matrix
id: release-matrix
run: echo 'matrix={"include":${{ steps.deploy-images-profiles.outputs.profiles }} }' >> $GITHUB_OUTPUT
build:
runs-on: ubuntu-latest
needs:
- config
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ env.PULL_REQUEST_HEAD }}
- name: Setup Golang
uses: actions/setup-go@v3
with:
go-version: ${{ needs.config.outputs.go-version }}
- name: Get makefile versions
id: version
run: |
version=$(make version)
echo "version=$version" >> $GITHUB_OUTPUT
- name: Setup Golang cache
uses: actions/cache@v3
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Build artifact
run: make go-build
- name: Run test
run: make go-test
- name: Go lint
continue-on-error: true
uses: golangci/golangci-lint-action@v3
with:
args: --issues-exit-code=0
skip-pkg-cache: true
skip-build-cache: true
- name: Package artifact
run: |
mv dist/*.tar.gz application.tar.gz
- name: Upload build output
uses: actions/upload-artifact@v3
with:
name: application
path: "./application.tar.gz"
- name: Upload test coverage
uses: actions/upload-artifact@v3
with:
name: test-coverage
path: "./test-coverage.out"
release:
runs-on: ubuntu-latest
needs:
- config
- build
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ env.PULL_REQUEST_HEAD }}
- name: Set alpha version
id: version
run: echo "version=${{ needs.build.outputs.version }}-rc.pr-${{ env.PULL_REQUEST_NUMBER }}-${{ github.run_number }}" >> $GITHUB_OUTPUT
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: application
path: "."
- name: Rename artifact
run: mv application.tar.gz ${{ github.event.repository.name }}.tar.gz
- name: Create release
if: ${{ env.FORKED == 'false' }}
uses: softprops/action-gh-release@v1
id: create-release
with:
name: Pre-release ${{ steps.version.outputs.version }}
tag_name: ${{ steps.version.outputs.version }}
token: ${{ secrets.GITHUB_TOKEN }}
body: ${{ steps.changelog.outputs.changelog }}
files: |
./${{ github.event.repository.name }}.tar.gz
draft: false
prerelease: true
generate_release_notes: true
deploy:
name: deploy-[${{ matrix.name }}]
runs-on: ubuntu-latest
strategy:
max-parallel: 1
matrix: ${{ fromJson(needs.config.outputs.deploy-pre-release-matrix) }}
if: ${{ !failure() && needs.release.result == 'success' && needs.config.outputs.deploy-pull-request == 'true' }}
needs:
- config
- build
- release
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ env.PULL_REQUEST_HEAD }}
- name: Build image
id: docker-meta
env:
VERSION: "${{ needs.release.outputs.version }}"
run: |
make ${{ matrix.name }}-image
TAG_SUFFIX=$(echo "-${{ matrix.name }}" | sed s/-ubuntu//)
echo "image-id=$IMAGE_NAME" >> $GITHUB_OUTPUT
echo "image-version=${VERSION}${TAG_SUFFIX}" >> $GITHUB_OUTPUT
- name: Log in to registry
if: ${{ env.FORKED == 'false' }}
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ${{ env.REGISTRY }} -u $ --password-stdin
- name: Push image
if: ${{ env.FORKED == 'false' }}
env:
VERSION: "${{ needs.release.outputs.version }}"
run: |
make push-${{ matrix.name }}-image
- name: Format current time
if: ${{ env.FORKED == 'false' }}
id: time_now
run: echo "time_now_formatted=$(date +'%Y-%m-%d %H:%M:%S')" >> "$GITHUB_OUTPUT"
- name: Find releases comment
if: ${{ env.FORKED == 'false' }}
uses: peter-evans/find-comment@v2
id: find_comment
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: "github-actions[bot]"
body-includes: "Following docker image(s) have been created for this PR."
- name: Create releases comment
uses: peter-evans/create-or-update-comment@v2
if: ${{ steps.find_comment.outputs.comment-id == '' && env.FORKED == 'false' }}
with:
comment-id: ${{ steps.find_comment.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
edit-mode: replace
body: |
## Pull Request information
Following docker image(s) have been created for this PR.
| Time | Tag |
| --- | --- |
| ${{ steps.time_now.outputs.time_now_formatted }} | **${{ steps.docker-meta.outputs.image-version }}** |
- name: Append releases comment
uses: peter-evans/create-or-update-comment@v2
if: ${{ steps.find_comment.outputs.comment-id != '' && env.FORKED == 'false' }}
with:
comment-id: ${{ steps.find_comment.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
edit-mode: append
body: |
| ${{ steps.time_now.outputs.time_now_formatted }} | **${{ steps.docker-meta.outputs.image-version }}** |
- name: Setup cosign
if: ${{ needs.config.outputs.deploy-sign-docker-image == 'true' && env.FORKED == 'false' }}
uses: sigstore/cosign-installer@main
- name: Write signing key to disk (only needed for `cosign sign --key`)
if: ${{ needs.config.outputs.deploy-sign-docker-image == 'true' && env.FORKED == 'false' }}
continue-on-error: true
run: echo "${{ secrets.SIGNING_SECRET }}" > cosign.key
- name: Sign the published Docker image
if: ${{ needs.config.outputs.deploy-sign-docker-image == 'true' && env.FORKED == 'false' }}
continue-on-error: true
env:
COSIGN_PASSWORD: ""
VERSION: "${{ needs.release.outputs.version }}"
run: make sign-${{ matrix.name }}-image
- name: Container scan
uses: aquasecurity/trivy-action@0.8.0
env:
image-ref: "${{ steps.docker-meta.outputs.image-id }}:${{ steps.docker-meta.outputs.image-version }}"
with:
image-ref: "${{ env.image-ref }}"
ignore-unfixed: true
vuln-type: "os,library"
severity: "CRITICAL,HIGH"
format: "sarif"
output: "trivy-results.sarif"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: "trivy-results.sarif"
category: trivy-${{ matrix.name }}
comments:
runs-on: ubuntu-latest
if: ${{ needs.config.outputs.is-forked == 'false' }}
needs:
- config
- release
steps:
- name: Format current time
id: time_now
run: echo "time_now_formatted=$(date +'%Y-%m-%d %H:%M:%S')" >> "$GITHUB_OUTPUT"
- name: Find releases comment
uses: peter-evans/find-comment@v2
id: find_comment
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: "github-actions[bot]"
body-includes: "Following release(s) have been created for this PR."
- name: Create releases comment
uses: peter-evans/create-or-update-comment@v2
if: ${{ steps.find_comment.outputs.comment-id == '' }}
with:
comment-id: ${{ steps.find_comment.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
edit-mode: replace
body: |
## Pull Request information
Following release(s) have been created for this PR.
| Time | Release |
| --- | --- |
| ${{ steps.time_now.outputs.time_now_formatted }} | **${{ needs.release.outputs.version }}** |
- name: Append releases comment
uses: peter-evans/create-or-update-comment@v2
if: ${{ steps.find_comment.outputs.comment-id != '' }}
with:
comment-id: ${{ steps.find_comment.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
edit-mode: append
body: |
| ${{ steps.time_now.outputs.time_now_formatted }} | **${{ needs.release.outputs.version }}** |