This repository has been archived by the owner on Jan 8, 2024. It is now read-only.
update atom (#48) #533
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Upload Package and Container image | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install poetry | |
| - name: Release PyPI | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: | | |
| poetry install --no-cache | |
| poetry run pytest --cov=cpggen tests | |
| curl -L https://github.com/AppThreat/atom/releases/latest/download/atom.zip -o cpggen/atom/atom.zip | |
| curl -L https://github.com/AppThreat/atom/releases/latest/download/atom.zip.sha512 -o cpggen/atom/atom.zip.sha512 | |
| echo "$(cat cpggen/atom/atom.zip.sha512 | cut -d ' ' -f1) cpggen/atom/atom.zip" | sha512sum -c | |
| poetry publish --skip-existing -n --build --username $PYPI_USERNAME --password $PYPI_PASSWORD | |
| env: | |
| PYPI_USERNAME: ${{ secrets.PYPI_USERNAME }} | |
| PYPI_PASSWORD: ${{ secrets.PYPI_PASSWORD }} | |
| - name: Create Release | |
| id: create_release | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: softprops/action-gh-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| default-container: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| ghcr.io/appthreat/cpggen | |
| ghcr.io/appthreat/cpggen-oss | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha,scope=cpggen | |
| cache-to: type=gha,mode=max,scope=cpggen | |
| - name: Release public ecr - cpggen | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: | | |
| aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/appthreat | |
| docker build -t cpggen -f Dockerfile . | |
| docker tag cpggen:latest public.ecr.aws/appthreat/cpggen:latest | |
| docker push public.ecr.aws/appthreat/cpggen:latest | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| alma8-container: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta2 | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| ghcr.io/appthreat/cpggen-alma8 | |
| - name: Build and push Docker alma 8 images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: ci/Dockerfile-alma8 | |
| platforms: linux/amd64 | |
| push: true | |
| tags: ${{ steps.meta2.outputs.tags }} | |
| labels: ${{ steps.meta2.outputs.labels }} | |
| cache-from: type=gha,scope=cpggen-alma8 | |
| cache-to: type=gha,mode=max,scope=cpggen-alma8 | |
| slim-container: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta4 | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| ghcr.io/appthreat/atomgen | |
| - name: Build and push Docker atomgen images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: ci/Dockerfile-atom | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta4.outputs.tags }} | |
| labels: ${{ steps.meta4.outputs.labels }} | |
| cache-from: type=gha,scope=atomgen | |
| cache-to: type=gha,mode=max,scope=atomgen |