SCANDOCKER-3 Update release pipeline to support new versioning #32
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
branches: | |
- bugfix/cfeher/SCANDOCKER-3-update-release-pipeline-to-support-new-versioning | |
pull_request: | |
types: [ opened, synchronize, reopened ] | |
jobs: | |
release: | |
runs-on: ubuntu-latest | |
name: Start release process | |
permissions: | |
contents: write | |
id-token: write | |
steps: | |
- id: secrets | |
uses: SonarSource/vault-action-wrapper@2.4.3-1 | |
with: | |
secrets: | | |
development/kv/data/sign key | gpg_key; | |
development/kv/data/sign passphrase | gpg_passphrase; | |
development/kv/data/docker/sonardockerrw access_token_rwd | docker_access_token; | |
development/kv/data/docker/sonardockerrw username | docker_username; | |
development/artifactory/token/{REPO_OWNER_NAME_DASH}-docker-release access_token | repox_access_token; | |
- name: Get the version | |
id: get_version | |
run: | | |
echo "full_image_tag=10.2.0+12312" >> $GITHUB_OUTPUT | |
if [[ ! ${full_image_tag} =~ ^[1-9][0-9]+.[0-9]+.[0-9]+\+[0-9]+.[0-9]+.[0-9]+ ]]; then | |
echo "The release tag should be in the format of {major}.{minor}.{patch}+{scanner_major}.{scanner_minor}.{scanner_patch}" | |
exit 1 | |
fi | |
IFS=. read docker_major docker_minor rest <<<"${full_image_tag}" | |
echo "major_version=${docker_major}" >> $GITHUB_OUTPUT | |
echo "major_minor=${docker_major}.${docker_minor}" >> $GITHUB_OUTPUT | |
echo "major_minor_patch= ${full_image_tag}" >> $GITHUB_OUTPUT | |
shell: bash | |
- uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.release.tag_name }} | |
- uses: actions/checkout@v2 | |
with: | |
repository: SonarSource/sonar-scanning-examples | |
path: target_repository | |
- name: Build image | |
run: | | |
docker build "${{ steps.get_version.outputs.major_version }}" \ | |
--tag "sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_version }}" \ | |
--tag "repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_version }}" \ | |
--tag "sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor }}" \ | |
--tag "repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor }}" \ | |
--tag "sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor_patch }}" \ | |
--tag "repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor_patch }}" \ | |
--tag "sonarsource/sonar-scanner-cli:latest" \ | |
--tag "repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:latest" \ | |
- name: Setup BATS | |
uses: mig4/setup-bats@v1 | |
with: | |
bats-version: 1.2.1 | |
- name: Test image | |
run: | | |
echo "Running tests on image" | |
TEST_IMAGE="sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor }}" bats --tap test | |
- name: Generate CycloneDX SBOM | |
uses: SonarSource/gh-action_sbom@v1 | |
with: | |
image: "sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor }}" | |
filename: "sonar-scanner-cli-${{ matrix.tag }}-bom.json" | |
upload-artifact: true | |
upload-release-assets: true | |
env: | |
GPG_PRIVATE_KEY_PASSPHRASE: ${{ fromJSON(steps.secrets.outputs.vault).gpg_passphrase }} | |
GPG_PRIVATE_KEY_BASE64: ${{ fromJSON(steps.secrets.outputs.vault).gpg_key }} | |
# - name: Push image | |
# run: | | |
# docker login --username ${{ fromJSON(steps.secrets.outputs.vault).docker_username }} --password-stdin <<< "${{ fromJSON(steps.secrets.outputs.vault).docker_access_token }}" | |
# docker push sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_version }} | |
# docker push sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor }} | |
# docker push sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor_patch }} | |
# docker push sonarsource/sonar-scanner-cli:latest | |
# docker login repox-sonarsource-docker-releases.jfrog.io --username vault-SonarSource-sonar-scanner-cli-docker-docker-release --password-stdin <<< "${{ fromJSON(steps.secrets.outputs.vault).repox_access_token }}" | |
# docker push repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_version }} | |
# docker push repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor }} | |
# docker push repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor_patch }} | |
# docker push repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:latest | |
# - name: Notify success on Slack | |
# uses: Ilshidur/action-slack@2.1.0 | |
# env: | |
# SLACK_CHANNEL: squad-analysis-experience | |
# SLACK_WEBHOOK: ${{ fromJSON(steps.secrets.outputs.vault).slack_webhook }} | |
# with: | |
# args: "Release successful for {{ GITHUB_REPOSITORY }} by {{ GITHUB_ACTOR }}" | |
# - name: Notify failures on Slack | |
# uses: Ilshidur/action-slack@2.1.0 | |
# if: failure() | |
# env: | |
# SLACK_CHANNEL: squad-analysis-experience | |
# SLACK_WEBHOOK: ${{ fromJSON(steps.secrets.outputs.vault).slack_webhook }} | |
# with: | |
# args: "Release failed, see the logs at https://github.com/{{ GITHUB_REPOSITORY }}/actions by {{ GITHUB_ACTOR }}" |