Mirrors/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft synced 2024-11-10 06:14:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

add docker to mac instance

Browse source 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
This commit is contained in:
Alex Goodman 2021-03-11 14:01:00 -05:00
parent 0c2a51554a
commit c7b26c55ac
No known key found for this signature in database
GPG key ID: 5CB45AE22BAB7EA7
1 changed files with 111 additions and 99 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

210
.github/workflows/release.yaml vendored
View file

@ -1,88 +1,96 @@
name: "Release"
on:
push:
# take no actions on push to any branch...
branches-ignore:
- "**"
# ... only act on release tags
tags:
- "v*"
# # take no actions on push to any branch...
# branches-ignore:
# - "**"
# # ... only act on release tags
# tags:
# - "v*"
env:
GO_VERSION: "1.14.x"
jobs:
wait-for-checks:
runs-on: ubuntu-latest # This OS choice is arbitrary. None of the steps in this job are specific to either Linux or macOS.
steps:
- uses: actions/checkout@v2
# we don't want to release commits that have been pushed and tagged, but not necessarily merged onto main
- name: Ensure tagged commit is on main
run: |
echo "Tag: ${GITHUB_REF##*/}"
git fetch origin main
git merge-base --is-ancestor ${GITHUB_REF##*/} origin/main && echo "${GITHUB_REF##*/} is a commit on main!"
- name: Check static analysis results
uses: fountainhead/action-wait-for-check@v1.0.0
id: static-analysis
with:
token: ${{ secrets.GITHUB_TOKEN }}
# This check name is defined as the circle-ci workflow name (in .circleci/config.yaml)
checkName: "Static-Analysis (1.x, ubuntu-latest)"
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Check unit + integration results (latest go version)
uses: fountainhead/action-wait-for-check@v1.0.0
id: unit-integration
with:
token: ${{ secrets.GITHUB_TOKEN }}
# This check name is defined as the circle-ci workflow name (in .circleci/config.yaml)
checkName: "Tests (1.x, ubuntu-latest)"
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Check acceptance test results (linux)
uses: fountainhead/action-wait-for-check@v1.0.0
id: acceptance-linux
with:
token: ${{ secrets.GITHUB_TOKEN }}
# This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml)
checkName: "Acceptance-Linux"
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Check acceptance test results (mac)
uses: fountainhead/action-wait-for-check@v1.0.0
id: acceptance-mac
with:
token: ${{ secrets.GITHUB_TOKEN }}
# This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml)
checkName: "Acceptance-Mac"
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Check inline comparison test results
uses: fountainhead/action-wait-for-check@v1.0.0
id: inline-compare
with:
token: ${{ secrets.GITHUB_TOKEN }}
# This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml)
checkName: "Inline-Compare"
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Quality gate
if: steps.static-analysis.outputs.conclusion != 'success' || steps.unit-integration.outputs.conclusion != 'success' || steps.inline-compare.outputs.conclusion != 'success' || steps.acceptance-linux.outputs.conclusion != 'success' || steps.acceptance-mac.outputs.conclusion != 'success'
run: |
echo "Static Analysis Status: ${{ steps.static-analysis.conclusion }}"
echo "Unit & Integration Test Status: ${{ steps.unit-integration.outputs.conclusion }}"
echo "Acceptance Test (Linux) Status: ${{ steps.acceptance-linux.outputs.conclusion }}"
echo "Acceptance Test (Mac) Status: ${{ steps.acceptance-mac.outputs.conclusion }}"
echo "Inline Compare Status: ${{ steps.inline-compare.outputs.conclusion }}"
false
# wait-for-checks:
# runs-on: ubuntu-latest # This OS choice is arbitrary. None of the steps in this job are specific to either Linux or macOS.
# steps:
# - uses: actions/checkout@v2
#
# # we don't want to release commits that have been pushed and tagged, but not necessarily merged onto main
# - name: Ensure tagged commit is on main
# run: |
# echo "Tag: ${GITHUB_REF##*/}"
# git fetch origin main
# git merge-base --is-ancestor ${GITHUB_REF##*/} origin/main && echo "${GITHUB_REF##*/} is a commit on main!"
#
# - name: Check static analysis results
# uses: fountainhead/action-wait-for-check@v1.0.0
# id: static-analysis
# with:
# token: ${{ secrets.GITHUB_TOKEN }}
# # This check name is defined as the circle-ci workflow name (in .circleci/config.yaml)
# checkName: "Static-Analysis (1.x, ubuntu-latest)"
# ref: ${{ github.event.pull_request.head.sha || github.sha }}
#
# - name: Check unit + integration results (latest go version)
# uses: fountainhead/action-wait-for-check@v1.0.0
# id: unit-integration
# with:
# token: ${{ secrets.GITHUB_TOKEN }}
# # This check name is defined as the circle-ci workflow name (in .circleci/config.yaml)
# checkName: "Tests (1.x, ubuntu-latest)"
# ref: ${{ github.event.pull_request.head.sha || github.sha }}
#
# - name: Check acceptance test results (linux)
# uses: fountainhead/action-wait-for-check@v1.0.0
# id: acceptance-linux
# with:
# token: ${{ secrets.GITHUB_TOKEN }}
# # This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml)
# checkName: "Acceptance-Linux"
# ref: ${{ github.event.pull_request.head.sha || github.sha }}
#
# - name: Check acceptance test results (mac)
# uses: fountainhead/action-wait-for-check@v1.0.0
# id: acceptance-mac
# with:
# token: ${{ secrets.GITHUB_TOKEN }}
# # This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml)
# checkName: "Acceptance-Mac"
# ref: ${{ github.event.pull_request.head.sha || github.sha }}
#
# - name: Check inline comparison test results
# uses: fountainhead/action-wait-for-check@v1.0.0
# id: inline-compare
# with:
# token: ${{ secrets.GITHUB_TOKEN }}
# # This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml)
# checkName: "Inline-Compare"
# ref: ${{ github.event.pull_request.head.sha || github.sha }}
#
# - name: Quality gate
# if: steps.static-analysis.outputs.conclusion != 'success' || steps.unit-integration.outputs.conclusion != 'success' || steps.inline-compare.outputs.conclusion != 'success' || steps.acceptance-linux.outputs.conclusion != 'success' || steps.acceptance-mac.outputs.conclusion != 'success'
# run: |
# echo "Static Analysis Status: ${{ steps.static-analysis.conclusion }}"
# echo "Unit & Integration Test Status: ${{ steps.unit-integration.outputs.conclusion }}"
# echo "Acceptance Test (Linux) Status: ${{ steps.acceptance-linux.outputs.conclusion }}"
# echo "Acceptance Test (Mac) Status: ${{ steps.acceptance-mac.outputs.conclusion }}"
# echo "Inline Compare Status: ${{ steps.inline-compare.outputs.conclusion }}"
# false
release:
needs: [wait-for-checks]
# needs: [wait-for-checks]
runs-on: macos-latest # Due to our code signing process, it's vital that we run our release steps on macOS.
steps:
- uses: docker-practice/actions-setup-docker@master
- run: |
set -x
docker version
docker run --rm hello-world
- uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
@ -104,6 +112,10 @@ jobs:
${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}-
${{ runner.os }}-go-${{ env.GO_VERSION }}-
- name: Bootstrap project dependencies
if: steps.bootstrap-cache.outputs.cache-hit != 'true'
run: make bootstrap
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v2
@ -118,30 +130,30 @@ jobs:
echo "name: ${{ steps.import_gpg.outputs.name }}"
echo "email: ${{ steps.import_gpg.outputs.email }}"
- name: Build & publish release artifacts
run: make release
env:
GITHUB_TOKEN: ${{ secrets.ANCHORE_GIT_READ_TOKEN }}
GPG_PRIVATE_KEY: ${{ secrets.SIGNING_GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.SIGNING_GPG_PASSPHRASE }}
SIGNING_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
AWS_ACCESS_KEY_ID: ${{ secrets.TOOLBOX_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLBOX_AWS_SECRET_ACCESS_KEY }}
APPLE_DEVELOPER_ID_CERT: ${{ secrets.APPLE_DEVELOPER_ID_CERT }} # Used during macOS code signing.
APPLE_DEVELOPER_ID_CERT_PASS: ${{ secrets.APPLE_DEVELOPER_ID_CERT_PASS }} # Used during macOS code signing.
AC_USERNAME: ${{ secrets.ENG_CI_APPLE_ID }} # Used during macOS notarization.
AC_PASSWORD: ${{ secrets.ENG_CI_APPLE_ID_PASS }} # Used during macOS notarization.
# - name: Build & publish release artifacts
# run: make release
# env:
# GITHUB_TOKEN: ${{ secrets.ANCHORE_GIT_READ_TOKEN }}
# GPG_PRIVATE_KEY: ${{ secrets.SIGNING_GPG_PRIVATE_KEY }}
# PASSPHRASE: ${{ secrets.SIGNING_GPG_PASSPHRASE }}
# SIGNING_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
# AWS_ACCESS_KEY_ID: ${{ secrets.TOOLBOX_AWS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLBOX_AWS_SECRET_ACCESS_KEY }}
# APPLE_DEVELOPER_ID_CERT: ${{ secrets.APPLE_DEVELOPER_ID_CERT }} # Used during macOS code signing.
# APPLE_DEVELOPER_ID_CERT_PASS: ${{ secrets.APPLE_DEVELOPER_ID_CERT_PASS }} # Used during macOS code signing.
# AC_USERNAME: ${{ secrets.ENG_CI_APPLE_ID }} # Used during macOS notarization.
# AC_PASSWORD: ${{ secrets.ENG_CI_APPLE_ID_PASS }} # Used during macOS notarization.
- uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
fields: repo,workflow,action,eventName
text: "A new Syft release is ready to be manually published: https://github.com/anchore/syft/releases"
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
if: ${{ success() }}
- uses: actions/upload-artifact@v2
with:
name: artifacts
path: dist/**/*
# - uses: 8398a7/action-slack@v3
# with:
# status: ${{ job.status }}
# fields: repo,workflow,action,eventName
# text: "A new Syft release is ready to be manually published: https://github.com/anchore/syft/releases"
# env:
# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
# if: ${{ success() }}
#
# - uses: actions/upload-artifact@v2
# with:
# name: artifacts
# path: dist/**/*