Skip to content

Merge pull request #370 from mission-apprentissage/ui/feedback-iframe… #62

Merge pull request #370 from mission-apprentissage/ui/feedback-iframe…

Merge pull request #370 from mission-apprentissage/ui/feedback-iframe… #62

Workflow file for this run

name: Release version
on:
push:
branches: [main, hotfix, next]
jobs:
tests:
uses: "./.github/workflows/ci.yml"
release:
concurrency:
group: "release-${{ github.workflow }}-${{ github.ref }}"
permissions: write-all
outputs:
VERSION: ${{ steps.get-version.outputs.VERSION }}
PREV_VERSION: ${{ steps.get-prev-version.outputs.VERSION }}
runs-on: ubuntu-latest
steps:
- name: Checkout project
uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: true
- uses: actions/setup-node@v3
with:
node-version: 20
- uses: actions/cache@v3
with:
path: |
**/node_modules
.yarn/install-state.gz
.yarn/cache
key: yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: yarn-
- name: Install dependencies
run: yarn install
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
platforms: linux/amd64
install: true
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v2
- name: Retrieve previous version
id: get-prev-version
run: echo "VERSION=$(git describe --tags --abbrev=0 | cut -c2-)" >> "$GITHUB_OUTPUT"
- name: bump and release
run: yarn release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
GITHUB_REF_NAME: ${{ env.GITHUB_REF_NAME }}
- name: Retrieve new version
id: get-version
run: echo "VERSION=$(git describe --tags --abbrev=0 | cut -c2-)" >> "$GITHUB_OUTPUT"
docker-scout:
if: needs.release.outputs.VERSION != needs.release.outputs.PREV_VERSION && needs.release.outputs.PREV_VERSION != ''
concurrency:
group: "scout-${{ github.workflow }}-${{ github.ref }}"
needs: ["release"]
runs-on: ubuntu-latest
steps:
- name: Authenticate to Docker
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PAT }}
- name: Server Docker Scout
uses: docker/scout-action@v1
with:
command: quickview,cves,recommendations,compare
image: ghcr.io/mission-apprentissage/ij_sirius_server:${{ needs.release.outputs.VERSION }}
to: ghcr.io/mission-apprentissage/ij_sirius_server:${{ needs.release.outputs.PREV_VERSION }}
sarif-file: sarif-server.output.json
- name: Server Docker Upload SARIF result
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: sarif-server.output.json
category: Docker Server
- name: UI Docker Scout
uses: docker/scout-action@v1
with:
command: quickview,cves,recommendations,compare
image: ghcr.io/mission-apprentissage/ij_sirius_ui:${{ needs.release.outputs.VERSION }}-production
to: ghcr.io/mission-apprentissage/ij_sirius_ui:${{ needs.release.outputs.PREV_VERSION }}-production
sarif-file: sarif-ui.output.json
- name: UI Docker Upload SARIF result
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: sarif-ui.output.json
category: Docker UI
deploy:
concurrency:
group: "deploy-${{ github.workflow }}-${{ github.ref }}"
needs: ["release"]
name: Deploy ${{ needs.release.outputs.VERSION }} on recette
uses: "./.github/workflows/_deploy.yml"
with:
environment: recette
app_version: ${{ needs.release.outputs.VERSION }}
secrets:
DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
DEPLOY_PASS: ${{ secrets.DEPLOY_PASS }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
VAULT_PWD: ${{ secrets.VAULT_PWD }}