forked from razorpay/django-DefectDojo
-
Notifications
You must be signed in to change notification settings - Fork 0
142 lines (132 loc) · 5.69 KB
/
new-release-tag-docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: "Release: 2. tag, release, docker push"
env:
GIT_USERNAME: "DefectDojo release bot"
GIT_EMAIL: "dojo-release-bot@users.noreply.github.com"
workflow_name: 'release 2 tag release docker push' # needed in cache key, which doesn't support comma's
on:
workflow_dispatch:
inputs:
# the actual branch that can be chosen on the UI is made irrelevant by further steps
# because someone will forget one day to change it.
release_number:
description: 'Release version (x.y.z format)'
required: true
jobs:
tag-and-release:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: master
- name: Configure git
run: |
git config --global user.name "${{ env.GIT_USERNAME }}"
git config --global user.email "${{ env.GIT_EMAIL }}"
- name: Create new tag ${{ github.event.inputs.release_number }}
# at this point, the PR from the 1st workflow is merged into master.
run: |
git tag -a ${{ github.event.inputs.release_number }} -m "[bot] release ${{ github.event.inputs.release_number }}"
git push origin ${{ github.event.inputs.release_number }}
- name: Install Helm
uses: azure/setup-helm@v1
with:
version: v3.4.0
- name: Configure Helm repos
run: |
helm repo add stable https://charts.helm.sh/stable
helm repo add bitnami https://charts.bitnami.com/bitnami
helm dependency list ./helm/defectdojo
helm dependency update ./helm/defectdojo
- name: Package Helm chart
id: package-helm-chart
run: |
mkdir build
helm package helm/defectdojo/ --destination ./build
echo "::set-output name=chart_version::$(ls build | cut -d '-' -f 2 | sed 's|\.tgz||')"
- name: Create release ${{ github.event.inputs.release_number }}
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.event.inputs.release_number }} # this does not create a tag
release_name: Release ${{ github.event.inputs.release_number }}
body: |
Fill in with release drafter information manually for now, then publish.
draft: true
prerelease: false
- name: Upload Release Asset
id: upload-release-asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./build/defectdojo-${{ steps.package-helm-chart.outputs.chart_version }}.tgz
asset_name: defectdojo-${{ steps.package-helm-chart.outputs.chart_version }}.tgz
asset_content_type: application/tar+gzip
- name: Update Helm repository index
id: update-helm-repository-index
run: |
git config --global user.name "${{ env.GIT_USERNAME }}"
git config --global user.email "${{ env.GIT_EMAIL }}"
git remote update
git fetch --all
git checkout helm-charts
git pull
if [ ! -f ./index.yaml ]; then
helm repo index ./build --url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/releases/download/${{ github.event.inputs.release_number }}/"
else
helm repo index ./build --url "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/releases/download/${{ github.event.inputs.release_number }}/" --merge ./index.yaml
fi
cp -f ./build/index.yaml ./index.yaml
git add ./index.yaml
git commit -m "Update index.yaml"
git push -u origin helm-charts
job-build-and-push:
needs: tag-and-release
runs-on: ubuntu-latest
strategy:
matrix:
docker-image: [django, nginx]
steps:
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Checkout tag
uses: actions/checkout@v2
with:
ref: ${{ github.event.inputs.release_number }}
- id: set-repo-org
run: echo ::set-output name=repoorg::${GITHUB_REPOSITORY%%/*} | tr '[:upper:]' '[:lower:]'
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Cache Docker layers
uses: actions/cache@v2
env:
docker-image: ${{ matrix.docker-image }}
with:
path: /tmp/.buildx-cache-${{ env.docker-image }}
key: ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ env.workflow_name }}-${{ github.sha }}-${{ github.run_id }}
restore-keys: |
${{ runner.os }}-buildx-${{ env.docker-image }}-${{ env.workflow_name}}-${{ github.sha }}
${{ runner.os }}-buildx-${{ env.docker-image }}-${{ env.workflow_name }}
${{ runner.os }}-buildx-${{ env.docker-image }}-
- name: Build and push images
uses: docker/build-push-action@v2
env:
REPO_ORG: ${{ steps.set-repo-org.outputs.repoorg }}
docker-image: ${{ matrix.docker-image }}
with:
push: true
tags: ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:${{ github.event.inputs.release_number }}, ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:latest
file: ./Dockerfile.${{ env.docker-image }}
context: .
cache-from: type=local,src=/tmp/.buildx-cache-${{ env.docker-image }}
cache-to: type=local,dest=/tmp/.buildx-cache-${{ env.docker-image }}
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}