10.0.1.1390_5.0.1 #44

Workflow file for this run

.github/workflows/release.yml at 21057b7

	name: Release

	on:
	release:
	types:
	- published

	jobs:
	release:
	runs-on: ubuntu-latest
	name: Start release process
	permissions:
	contents: write
	id-token: write
	steps:
	- id: secrets
	uses: SonarSource/vault-action-wrapper@2.4.3-1
	with:
	secrets: \|
	development/kv/data/sign key \| gpg_key;
	development/kv/data/sign passphrase \| gpg_passphrase;
	development/kv/data/docker/sonardockerrw access_token_rwd \| docker_access_token;
	development/kv/data/docker/sonardockerrw username \| docker_username;
	development/artifactory/token/{REPO_OWNER_NAME_DASH}-docker-release access_token \| repox_access_token;
	development/kv/data/slack webhook \| slack_webhook;
	- name: Get the version
	id: get_version
	run: \|
	full_image_tag=${{ github.event.release.tag_name }}
	if [[ ! ${full_image_tag} =~ ^[1-9][0-9]+.[0-9]+.[0-9]+.[0-9]+_[0-9]+.[0-9]+.[0-9]+ ]]; then
	echo "The release tag should be in the format of {major}.{minor}.{patch}.{buildnumber}_{scanner_major}.{scanner_minor}.{scanner_patch} but it was ${full_image_tag}"
	exit 1
	fi

	IFS=. read docker_major docker_minor docker_patch build_and_scanner <<<"${full_image_tag}"
	IFS=_ read buildnumber scanner_version <<<"${build_and_scanner}"
	echo "major_version=${docker_major}" >> $GITHUB_OUTPUT
	echo "major_minor=${docker_major}.${docker_minor}" >> $GITHUB_OUTPUT
	echo "full_image_tag=${full_image_tag}" >> $GITHUB_OUTPUT
	echo "buildnumber=${buildnumber}" >> $GITHUB_OUTPUT
	shell: bash
	- uses: actions/checkout@v2
	with:
	ref: ${{ github.event.release.tag_name }}
	- uses: actions/checkout@v2
	with:
	repository: SonarSource/sonar-scanning-examples
	path: target_repository
	- name: Pull staged image
	run: \|
	docker login --username ${{ fromJSON(steps.secrets.outputs.vault).docker_username }} --password-stdin <<< "${{ fromJSON(steps.secrets.outputs.vault).docker_access_token }}"
	docker pull "sonarsource/sonarqube:scanner-${{ steps.get_version.outputs.buildnumber }}"
	docker tag "sonarsource/sonarqube:scanner-${{ steps.get_version.outputs.buildnumber }}" "sonarsource/sonar-scanner-cli:latest"
	docker tag "sonarsource/sonarqube:scanner-${{ steps.get_version.outputs.buildnumber }}" "repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:latest"
	docker tag "sonarsource/sonarqube:scanner-${{ steps.get_version.outputs.buildnumber }}" "sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_version }}"
	docker tag "sonarsource/sonarqube:scanner-${{ steps.get_version.outputs.buildnumber }}" "repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_version }}"
	docker tag "sonarsource/sonarqube:scanner-${{ steps.get_version.outputs.buildnumber }}" "sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor }}"
	docker tag "sonarsource/sonarqube:scanner-${{ steps.get_version.outputs.buildnumber }}" "repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor }}"
	docker tag "sonarsource/sonarqube:scanner-${{ steps.get_version.outputs.buildnumber }}" "sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.full_image_tag }}"
	docker tag "sonarsource/sonarqube:scanner-${{ steps.get_version.outputs.buildnumber }}" "repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.full_image_tag }}"
	- name: Generate CycloneDX SBOM
	uses: SonarSource/gh-action_sbom@v1
	with:
	image: "sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.full_image_tag }}"
	filename: "sonar-scanner-cli-docker-${{ steps.get_version.outputs.full_image_tag }}-bom.json"
	upload-artifact: true
	upload-release-assets: true
	env:
	GPG_PRIVATE_KEY_PASSPHRASE: ${{ fromJSON(steps.secrets.outputs.vault).gpg_passphrase }}
	GPG_PRIVATE_KEY_BASE64: ${{ fromJSON(steps.secrets.outputs.vault).gpg_key }}
	- name: Push image to Docker Hub and Repox releases
	run: \|
	docker login --username ${{ fromJSON(steps.secrets.outputs.vault).docker_username }} --password-stdin <<< "${{ fromJSON(steps.secrets.outputs.vault).docker_access_token }}"
	docker push sonarsource/sonar-scanner-cli:latest
	docker push sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_version }}
	docker push sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor }}
	docker push sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.full_image_tag }}
	docker login repox-sonarsource-docker-releases.jfrog.io --username vault-SonarSource-sonar-scanner-cli-docker-docker-release --password-stdin <<< "${{ fromJSON(steps.secrets.outputs.vault).repox_access_token }}"
	docker push repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:latest
	docker push repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_version }}
	docker push repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor }}
	docker push repox-sonarsource-docker-releases.jfrog.io/sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.full_image_tag }}
	- name: Notify success on Slack
	uses: Ilshidur/action-slack@2.1.0
	env:
	SLACK_CHANNEL: squad-analysis-experience
	SLACK_WEBHOOK: ${{ fromJSON(steps.secrets.outputs.vault).slack_webhook }}
	with:
	args: "Release successful for {{ GITHUB_REPOSITORY }} by {{ GITHUB_ACTOR }}"
	- name: Notify failures on Slack
	uses: Ilshidur/action-slack@2.1.0
	if: failure()
	env:
	SLACK_CHANNEL: squad-analysis-experience
	SLACK_WEBHOOK: ${{ fromJSON(steps.secrets.outputs.vault).slack_webhook }}
	with:
	args: "Release failed, see the logs at https://github.com/{{ GITHUB_REPOSITORY }}/actions by {{ GITHUB_ACTOR }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

10.0.1.1390_5.0.1 #44

Workflow file

10.0.1.1390_5.0.1 #44

Jobs

Run details

Workflow file for this run