feat: trigger GHA workflow via CircleCI [HEAD-350] (#4815)

* feat: trigger GHA workflow via CircleCI * chore: add docs for CLI Docker Images automation * fix: rename build-and-publish to trigger-building-images * fix: move GHA trigger logic into separate release script * fix: add missing parameter for trigger-snyk-images script
snyk · Sep 5, 2023 · c1ca57f · c1ca57f
1 parent d950c5f
commit c1ca57f
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 0 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -652,6 +652,16 @@ workflows:
               only:
                 - master
 
+      - trigger-building-snyk-images:
+          name: Trigger building snyk-images
+          context: team-hammerhead-common-deploy-tokens
+          requires:
+            - upload npm
+          filters:
+            branches:
+              only:
+                - master
+
 ####################################################################################################
 # JOBS
 ####################################################################################################
@@ -1026,3 +1036,12 @@ jobs:
           name: Publish to npm
           command: ./release-scripts/upload-artifacts.sh npm
       - failed-release-notification
+
+  trigger-building-snyk-images:
+    executor: docker-amd64
+    steps:
+      - prepare-workspace
+      - run:
+          name: Trigger build-and-publish workflow at snyk-images
+          command: ./release-scripts/upload-artifacts.sh trigger-snyk-images
+      - failed-release-notification
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -284,6 +284,10 @@ If your release pipeline fails at any step, notify Hammerhead.
 
 You may see some "Docker Hub" checks on your merge commit fail. This is normal and safe to ignore.
 
+## Snyk CLI Docker Images
+
+After the `release-npm` job successfully completes, an automated process generates the Docker images for Snyk CLI. These images are then published to DockerHub under the repository [`snyk/snyk`](https://hub.docker.com/r/snyk/snyk).
+
 ---
 
 Questions? Ask Hammerhead 🔨
diff --git a/release-scripts/upload-artifacts.sh b/release-scripts/upload-artifacts.sh
@@ -56,6 +56,12 @@ show_help() {
   echo ""
   echo "  This will perform a dry run of uploading artifacts to GitHub, npm, and S3 for version v1.0.0"
   echo ""
+  echo -e "\033[1;33mTrigger Build and Publish Snyk Images:\033[0m"  # Set color to yellow
+  echo ""
+  echo "  upload-artifacts.sh trigger-snyk-images"
+  echo ""
+  echo "  This will trigger the build-and-publish workflow in the snyk-images repository."
+  echo ""
 }
 
 upload_github() {
@@ -95,6 +101,25 @@ upload_npm() {
   fi
 }
 
+trigger_build_snyk_images() {
+  echo "Triggering build-and-publish workflow at snyk-images..."
+  RESPONSE=$(curl -L \
+    -X POST \
+    -H "Accept: application/vnd.github+json" \
+    -H "Authorization: Bearer $HAMMERHEAD_GITHUB_PAT" \
+    -H "X-GitHub-Api-Version: 2022-11-28" \
+    https://api.github.com/repos/snyk/snyk-images/dispatches \
+    -d '{"event_type":"build_and_push_images"}' \
+    -w "%{http_code}" \
+    -o /dev/null)
+  if [ "$RESPONSE" -eq 204 ]; then
+    echo "Successfully triggered build-and-publish workflow at snyk-images."
+  else
+    echo "Failed to trigger build-and-publish workflow at snyk-images. HTTP response code: $RESPONSE."
+    exit 1
+  fi
+}
+
 upload_s3() {
   version_target=$1
   if [ "${DRY_RUN}" == true ]; then
@@ -172,6 +197,10 @@ for arg in "${@}"; do
   # Upload files to npm
   elif [ "${arg}" == "npm" ]; then
     upload_npm
+
+  # Trigger building Snyk images in snyk-images repository
+  elif [ "${arg}" == "trigger-snyk-images" ]; then
+    trigger_build_snyk_images
 
   # Upload files to S3 bucket
   else