fix: ovh access simplified (#384) #686
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release version | |
| on: | |
| push: | |
| branches: [main, next] | |
| jobs: | |
| tests: | |
| uses: "./.github/workflows/ci.yml" | |
| secrets: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| release: | |
| concurrency: | |
| group: "release-${{ github.workflow }}-${{ github.ref }}" | |
| permissions: write-all | |
| outputs: | |
| VERSION: ${{ steps.get-version.outputs.VERSION }} | |
| PREV_VERSION: ${{ steps.get-prev-version.outputs.VERSION }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout project | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: true | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: 20 | |
| - uses: actions/cache@v3 | |
| with: | |
| path: | | |
| **/node_modules | |
| .yarn/install-state.gz | |
| .yarn/cache | |
| key: yarn-${{ hashFiles('**/yarn.lock') }} | |
| restore-keys: yarn- | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| platforms: linux/amd64 | |
| install: true | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Expose GitHub Runtime | |
| uses: crazy-max/ghaction-github-runtime@v2 | |
| - name: Retrieve previous version | |
| id: get-prev-version | |
| run: echo "VERSION=$(git describe --tags --abbrev=0 | cut -c2-)" >> "$GITHUB_OUTPUT" | |
| - name: bump and release | |
| run: yarn release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| GITHUB_REF_NAME: ${{ env.GITHUB_REF_NAME }} | |
| - name: Retrieve new version | |
| id: get-version | |
| run: echo "VERSION=$(git describe --tags --abbrev=0 | cut -c2-)" >> "$GITHUB_OUTPUT" | |
| docker-scout: | |
| if: needs.release.outputs.VERSION != needs.release.outputs.PREV_VERSION | |
| concurrency: | |
| group: "scout-${{ github.workflow }}-${{ github.ref }}" | |
| needs: ["release"] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Authenticate to Docker | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_PAT }} | |
| - name: Server Docker Scout | |
| uses: docker/scout-action@v1 | |
| with: | |
| command: quickview,cves,recommendations,compare | |
| image: ghcr.io/mission-apprentissage/mna_bal_server:${{ needs.release.outputs.VERSION }} | |
| to: ghcr.io/mission-apprentissage/mna_bal_server:${{ needs.release.outputs.PREV_VERSION }} | |
| sarif-file: sarif-server.output.json | |
| - name: Server Docker Upload SARIF result | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: sarif-server.output.json | |
| category: Docker Server | |
| - name: UI Docker Scout | |
| uses: docker/scout-action@v1 | |
| with: | |
| command: quickview,cves,recommendations,compare | |
| image: ghcr.io/mission-apprentissage/mna_bal_ui:${{ needs.release.outputs.VERSION }}-production | |
| to: ghcr.io/mission-apprentissage/mna_bal_ui:${{ needs.release.outputs.PREV_VERSION }}-production | |
| sarif-file: sarif-ui.output.json | |
| - name: UI Docker Upload SARIF result | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: sarif-ui.output.json | |
| category: Docker UI | |
| deploy: | |
| concurrency: | |
| group: "deploy-${{ github.workflow }}-${{ github.ref }}" | |
| needs: ["release"] | |
| name: Deploy ${{ needs.release.outputs.VERSION }} on recette | |
| uses: "./.github/workflows/_deploy.yml" | |
| with: | |
| environment: recette | |
| app_version: ${{ needs.release.outputs.VERSION }} | |
| secrets: | |
| DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }} | |
| DEPLOY_PASS: ${{ secrets.DEPLOY_PASS }} | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| VAULT_PWD: ${{ secrets.VAULT_PWD }} |