-
Notifications
You must be signed in to change notification settings - Fork 9
124 lines (104 loc) · 4.27 KB
/
cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: cd
on:
push:
tags:
- '*'
jobs:
release:
name: Release
strategy:
matrix:
# Quotes are required: https://github.com/actions/setup-go/issues/326#issuecomment-1415719692
go-version: ['1.22']
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go-version }}
check-latest: true
cache: true
- name: Run linter
run: make lint
- name: Extract tag version from ref, and project version from file
id: version
run: |
echo ::set-output name=VERSION_FILE::"refs/tags/$(cat VERSION)"
- name: Fail if version mismatch
id: check_version
if: ${{ github.ref != steps.version.outputs.VERSION_FILE }}
run: |
echo "VERSION file ${{steps.version.outputs.VERSION_FILE}} does not match tagged version ${{ github.ref }}"
exit 1
- name: Install ngrok
run: |
mkdir -p $GITHUB_WORKSPACE/bin
wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip && unzip ngrok-stable-linux-amd64.zip -d $GITHUB_WORKSPACE/bin/
$GITHUB_WORKSPACE/bin/ngrok authtoken ${{ secrets.NGROK_TOKEN }}
- name: Setup integration resources
run: export NGROK_DIR=$GITHUB_WORKSPACE/bin/ && make integration-up
- name: Run integration & unit tests
run: make integration-test
- name: Compile all targets
run: make all
- name: Setup e2e resources
run: make e2e-up
- name: Run e2e tests
run: make e2e-test
- name: Snyk Setup
uses: snyk/actions/setup@master
- name: Run Snyk to check for vulnerabilities in main Docker image
run: snyk container test snowplow/snowbridge:${{ github.ref_name }} --severity-threshold=high
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Run Snyk to check for vulnerabilities in aws-only Docker image
run: snyk container test snowplow/snowbridge:${{ github.ref_name }}-aws-only --severity-threshold=high
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Run Snyk to monitor for vulnerabilities in main Docker image
uses: snyk/actions/docker@master
if: ${{ !contains(github.ref, 'rc') }}
with:
image: "snowplow/snowbridge:${{ github.ref_name }}"
args: "--app-vulns --org=data-processing-new --project-name=snowbridge-main"
command: monitor
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Run Snyk to monitor for vulnerabilities in aws-only Docker image
uses: snyk/actions/docker@master
if: ${{ !contains(github.ref, 'rc') }}
with:
image: "snowplow/snowbridge:${{ github.ref_name }}-aws-only"
args: "--app-vulns --org=data-processing-new --project-name=snowbridge-aws-only"
command: monitor
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Create GitHub release and attach artifacts
uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
draft: true
prerelease: ${{ contains(github.ref , '-') }}
name: Release ${{ github.ref_name }}
tag_name: ${{ github.ref_name }}
files: |
build/compiled/snowbridge_${{ github.ref_name }}-aws-only_darwin_amd64.zip
build/compiled/snowbridge_${{ github.ref_name }}-aws-only_darwin_arm64.zip
build/compiled/snowbridge_${{ github.ref_name }}-aws-only_linux_amd64.zip
build/compiled/snowbridge_${{ github.ref_name }}-aws-only_linux_arm64.zip
build/compiled/snowbridge_${{ github.ref_name }}-aws-only_windows_amd64.zip
build/compiled/snowbridge_${{ github.ref_name }}_darwin_amd64.zip
build/compiled/snowbridge_${{ github.ref_name }}_darwin_arm64.zip
build/compiled/snowbridge_${{ github.ref_name }}_linux_amd64.zip
build/compiled/snowbridge_${{ github.ref_name }}_linux_arm64.zip
build/compiled/snowbridge_${{ github.ref_name }}_windows_amd64.zip
- name: Publish to DockerHub
run: make container-release
shell: bash