added release job #37
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- v* | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
AGW_ARTIFACT_NAME: agw-pep-custom-names-tf-modules | |
jobs: | |
tfsec: | |
name: Run TFsec | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Terraform security scan | |
uses: triat/terraform-security-scan@v3.1.0 | |
with: | |
tfsec_exclude: azure-keyvault-no-purge,azure-storage-queue-services-logging-enabled,azure-storage-allow-microsoft-service-bypass,azure-network-no-public-egress,azure-network-no-public-ingress,azure-network-disable-rdp-from-internet,azure-network-ssh-blocked-from-internet,azure-database-postgres-configuration-log-connections,azure-database-postgres-configuration-connection-throttling,azure-database-no-public-access,azure-database-postgres-configuration-log-checkpoints,azure-database-secure-tls-policy,azure-database-enable-audit | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
docs: | |
name: Run Terraform-docs | |
runs-on: ubuntu-latest | |
needs: tfsec | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
- name: Render terraform docs inside the TERRAFORM.md | |
uses: terraform-docs/gh-actions@v1.0.0 | |
with: | |
working-dir: . | |
output-file: TERRAFORM.md | |
output-method: inject | |
recursive: "true" | |
recursive-path: "modules" | |
git-push: "true" | |
build-tests: | |
name: Build tests | |
runs-on: ubuntu-latest | |
needs: tfsec | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup .NET Core | |
uses: actions/setup-dotnet@v3 | |
with: | |
dotnet-version: 6.0.x | |
- name: Setup MinVer | |
run: | | |
dotnet tool install --global minver-cli --version 4.2.0 | |
- name: Calculate Version | |
run: | | |
echo "MINVERVERSIONOVERRIDE=$($HOME/.dotnet/tools/minver -t v. -m 1.0 -d preview)" >> $GITHUB_ENV | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v3 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
- name: Lower case REPO | |
run: | | |
echo "GITHUB_REPOSITORY_LOWER_CASE=${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
file: ./tests/Dockerfile | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ env.REGISTRY }}/${{ env.GITHUB_REPOSITORY_LOWER_CASE }}/agw-pep-custom-names:${{ env.MINVERVERSIONOVERRIDE }} | |
labels: ${{ steps.meta.outputs.labels }} | |
artifacts: | |
name: Create artifacts | |
runs-on: ubuntu-latest | |
needs: docs | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup .NET Core | |
uses: actions/setup-dotnet@v3 | |
with: | |
dotnet-version: 6.0.x | |
- name: Setup MinVer | |
run: | | |
dotnet tool install --global minver-cli --version 4.2.0 | |
- name: Calculate Version | |
run: | | |
echo "MINVERVERSIONOVERRIDE=$($HOME/.dotnet/tools/minver -t v. -m 1.0 -d preview)" >> $GITHUB_ENV | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ env.AGW_ARTIFACT_NAME }} | |
path: | | |
./modules/ | |
./*.tf | |
./*.md | |
release: | |
name: Create Release | |
needs: artifacts | |
if: github.event_name != 'pull_request' && startswith(github.ref, 'refs/tags/v') | |
runs-on: ubuntu-latest | |
permissions: write-all | |
outputs: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: release | |
uses: actions/create-release@v1 | |
id: create_release | |
with: | |
tag_name: ${{ github.ref }} | |
release_name: ${{ env.MINVERVERSIONOVERRIDE }} | |
body: ${{ steps.changelog.outputs.clean_changelog }} | |
draft: false | |
prerelease: false | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
publish: | |
name: Publish binaries | |
needs: release | |
permissions: write-all | |
if: github.event_name != 'pull_request' && startswith(github.ref, 'refs/tags/v') | |
env: | |
ARTIFACT_DIR: ${{ github.workspace }}/release | |
PROJECT_NAME: agw-pep-custom-names | |
runs-on: ubuntu-latest | |
steps: | |
- name: download artifacts - ${{ env.AGW_ARTIFACT_NAME }} | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ env.AGW_ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.AGW_ARTIFACT_NAME }} | |
- name: Creating Zip | |
run: zip -r ${{ env.AGW_ARTIFACT_NAME }}.zip ${{ env.ARTIFACT_DIR }}/${{ env.AGW_ARTIFACT_NAME }}/* | |
- name: upload artifacts | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
upload_url: ${{ needs.release.outputs.upload_url }} | |
asset_path: ${{ env.AGW_ARTIFACT_NAME }}.zip | |
asset_name: ${{ env.AGW_ARTIFACT_NAME }}.zip | |
asset_content_type: application/octet-stream | |