fix: bump trivy-adapter version to v0.31.4 and trivy version to v0.54… #2777
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Build Package Workflow" | |
env: | |
DOCKER_COMPOSE_VERSION: 1.23.0 | |
on: | |
push: | |
branches: | |
- main | |
- release-* | |
jobs: | |
BUILD_PACKAGE: | |
env: | |
BUILD_PACKAGE: true | |
runs-on: | |
- ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: 'google-github-actions/auth@v2' | |
with: | |
credentials_json: '${{ secrets.GCP_CREDENTIALS }}' | |
- uses: google-github-actions/setup-gcloud@v2 | |
with: | |
version: '430.0.0' | |
- run: gcloud info | |
- name: Set up Go 1.22 | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.22.6 | |
id: go | |
- name: Setup Docker | |
uses: docker-practice/actions-setup-docker@master | |
with: | |
docker_version: 20.10 | |
docker_channel: stable | |
- uses: actions/checkout@v3 | |
- uses: jitterbit/get-changed-files@v1 | |
id: changed-files | |
with: | |
format: space-delimited | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- uses: actions/checkout@v3 | |
with: | |
path: src/github.com/goharbor/harbor | |
- name: Build Base Image | |
if: | | |
contains(steps.changed-files.outputs.modified, 'Dockerfile.base') || | |
contains(steps.changed-files.outputs.modified, 'VERSION') || | |
contains(steps.changed-files.outputs.modified, '.buildbaselog') || | |
github.ref == 'refs/heads/main' | |
run: | | |
set -x | |
echo "BUILD_BASE=true" >> $GITHUB_ENV | |
- name: Build Package | |
run: | | |
set -x | |
env | |
df -h | |
harbor_target_bucket="" | |
target_branch="$(echo ${GITHUB_REF#refs/heads/})" | |
harbor_offline_build_bundle="" | |
harbor_online_build_bundle="" | |
harbor_logs_bucket="harbor-ci-logs" | |
harbor_builds_bucket="harbor-builds" | |
harbor_releases_bucket="harbor-releases" | |
harbor_ci_pipeline_store_bucket="harbor-ci-pipeline-store/latest" | |
# the target release version is the version of next release(RC or GA). It needs to be updated on creating new release branch. | |
target_release_version=$(cat ./VERSION) | |
Harbor_Package_Version=$target_release_version-'build.'$GITHUB_RUN_NUMBER | |
if [[ $target_branch == "main" ]]; then | |
Harbor_Assets_Version=$Harbor_Package_Version | |
harbor_target_bucket=$harbor_builds_bucket | |
else | |
Harbor_Assets_Version=$target_release_version | |
harbor_target_bucket=$harbor_releases_bucket/$target_branch | |
fi | |
if [[ $target_branch == "release-"* ]]; then | |
Harbor_Build_Base_Tag=$target_release_version | |
else | |
Harbor_Build_Base_Tag=dev | |
fi | |
build_base_params=" BUILD_BASE=false" | |
cd src/github.com/goharbor/harbor | |
if [ -z "$BUILD_BASE" ] || [ "$BUILD_BASE" != "true" ]; then | |
echo "Do not need to build base images!" | |
else | |
build_base_params=" BUILD_BASE=true PUSHBASEIMAGE=true REGISTRYUSER=\"${{ secrets.DOCKER_HUB_USERNAME }}\" REGISTRYPASSWORD=\"${{ secrets.DOCKER_HUB_PASSWORD }}\"" | |
fi | |
sudo make package_offline GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=${Harbor_Build_Base_Tag} VERSIONTAG=${Harbor_Assets_Version} PKGVERSIONTAG=${Harbor_Package_Version} TRIVYFLAG=true HTTPPROXY= ${build_base_params} | |
sudo make package_online GOBUILDTAGS="include_oss include_gcs" BASEIMAGETAG=${Harbor_Build_Base_Tag} VERSIONTAG=${Harbor_Assets_Version} PKGVERSIONTAG=${Harbor_Package_Version} TRIVYFLAG=true HTTPPROXY= ${build_base_params} | |
harbor_offline_build_bundle=$(basename harbor-offline-installer-*.tgz) | |
harbor_online_build_bundle=$(basename harbor-online-installer-*.tgz) | |
echo "Package name is: $harbor_offline_build_bundle" | |
echo "Package name is: $harbor_online_build_bundle" | |
echo -en "${{ secrets.HARBOR_SIGN_KEY }}" | gpg --import | |
gpg -v -ab -u ${{ secrets.HARBOR_SIGN_KEY_ID }} $harbor_offline_build_bundle | |
gpg -v -ab -u ${{ secrets.HARBOR_SIGN_KEY_ID }} $harbor_online_build_bundle | |
source tests/ci/build_util.sh | |
cp ${harbor_offline_build_bundle} harbor-offline-installer-latest.tgz | |
cp ${harbor_offline_build_bundle}.asc harbor-offline-installer-latest.tgz.asc | |
cp ${harbor_online_build_bundle} harbor-online-installer-latest.tgz | |
cp ${harbor_online_build_bundle}.asc harbor-online-installer-latest.tgz.asc | |
uploader ${harbor_offline_build_bundle} $harbor_target_bucket | |
uploader ${harbor_offline_build_bundle}.asc $harbor_target_bucket | |
uploader ${harbor_online_build_bundle} $harbor_target_bucket | |
uploader ${harbor_online_build_bundle}.asc $harbor_target_bucket | |
uploader harbor-offline-installer-latest.tgz $harbor_target_bucket | |
uploader harbor-offline-installer-latest.tgz.asc $harbor_target_bucket | |
uploader harbor-online-installer-latest.tgz $harbor_target_bucket | |
uploader harbor-online-installer-latest.tgz.asc $harbor_target_bucket | |
echo "BUILD_BUNDLE=$harbor_offline_build_bundle" >> $GITHUB_ENV | |
publishImage $target_branch $Harbor_Assets_Version "${{ secrets.DOCKER_HUB_USERNAME }}" "${{ secrets.DOCKER_HUB_PASSWORD }}" | |
- name: Slack Notification | |
uses: sonots/slack-notice-action@v3 | |
with: | |
status: ${{ job.status }} | |
title: Build Package - ${{ env.BUILD_BUNDLE }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
if: always() |