mirror of
https://github.com/anchore/syft
synced 2024-11-10 06:14:16 +00:00
8f7305ef78
Bumps [fountainhead/action-wait-for-check](https://github.com/fountainhead/action-wait-for-check) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/fountainhead/action-wait-for-check/releases)
- [Commits](297be350cf...5a908a2481)
---
updated-dependencies:
- dependency-name: fountainhead/action-wait-for-check
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
159 lines
7 KiB
YAML
159 lines
7 KiB
YAML
name: "Release"
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: tag the latest commit on main with the given version (prefixed with v)
|
|
required: true
|
|
|
|
jobs:
|
|
quality-gate:
|
|
environment: release
|
|
runs-on: ubuntu-20.04
|
|
steps:
|
|
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
|
|
|
|
- name: Check if tag already exists
|
|
# note: this will fail if the tag already exists
|
|
run: |
|
|
[[ "${{ github.event.inputs.version }}" == v* ]] || (echo "version '${{ github.event.inputs.version }}' does not have a 'v' prefix" && exit 1)
|
|
git tag ${{ github.event.inputs.version }}
|
|
|
|
- name: Check static analysis results
|
|
uses: fountainhead/action-wait-for-check@5a908a24814494009c4bb27c242ea38c93c593be # v1.2.0
|
|
id: static-analysis
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
# This check name is defined as the github action job name (in .github/workflows/testing.yaml)
|
|
checkName: "Static analysis"
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
- name: Check unit test results
|
|
uses: fountainhead/action-wait-for-check@5a908a24814494009c4bb27c242ea38c93c593be # v1.2.0
|
|
id: unit
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
# This check name is defined as the github action job name (in .github/workflows/testing.yaml)
|
|
checkName: "Unit tests"
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
- name: Check integration test results
|
|
uses: fountainhead/action-wait-for-check@5a908a24814494009c4bb27c242ea38c93c593be # v1.2.0
|
|
id: integration
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
# This check name is defined as the github action job name (in .github/workflows/testing.yaml)
|
|
checkName: "Integration tests"
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
- name: Check acceptance test results (linux)
|
|
uses: fountainhead/action-wait-for-check@5a908a24814494009c4bb27c242ea38c93c593be # v1.2.0
|
|
id: acceptance-linux
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
# This check name is defined as the github action job name (in .github/workflows/testing.yaml)
|
|
checkName: "Acceptance tests (Linux)"
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
- name: Check acceptance test results (mac)
|
|
uses: fountainhead/action-wait-for-check@5a908a24814494009c4bb27c242ea38c93c593be # v1.2.0
|
|
id: acceptance-mac
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
# This check name is defined as the github action job name (in .github/workflows/testing.yaml)
|
|
checkName: "Acceptance tests (Mac)"
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
- name: Check cli test results (linux)
|
|
uses: fountainhead/action-wait-for-check@5a908a24814494009c4bb27c242ea38c93c593be # v1.2.0
|
|
id: cli-linux
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
# This check name is defined as the github action job name (in .github/workflows/testing.yaml)
|
|
checkName: "CLI tests (Linux)"
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
- name: Quality gate
|
|
if: steps.static-analysis.outputs.conclusion != 'success' || steps.unit.outputs.conclusion != 'success' || steps.integration.outputs.conclusion != 'success' || steps.cli-linux.outputs.conclusion != 'success' || steps.acceptance-linux.outputs.conclusion != 'success' || steps.acceptance-mac.outputs.conclusion != 'success'
|
|
run: |
|
|
echo "Static Analysis Status: ${{ steps.static-analysis.conclusion }}"
|
|
echo "Unit Test Status: ${{ steps.unit.outputs.conclusion }}"
|
|
echo "Integration Test Status: ${{ steps.integration.outputs.conclusion }}"
|
|
echo "Acceptance Test (Linux) Status: ${{ steps.acceptance-linux.outputs.conclusion }}"
|
|
echo "Acceptance Test (Mac) Status: ${{ steps.acceptance-mac.outputs.conclusion }}"
|
|
echo "CLI Test (Linux) Status: ${{ steps.cli-linux.outputs.conclusion }}"
|
|
false
|
|
|
|
release:
|
|
needs: [quality-gate]
|
|
runs-on: ubuntu-20.04
|
|
permissions:
|
|
contents: write
|
|
packages: write
|
|
# required for goreleaser signs section with cosign
|
|
id-token: write
|
|
steps:
|
|
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Bootstrap environment
|
|
uses: ./.github/actions/bootstrap
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 #v3.1.0
|
|
with:
|
|
username: ${{ secrets.ANCHOREOSSWRITE_DH_USERNAME }}
|
|
password: ${{ secrets.ANCHOREOSSWRITE_DH_PAT }}
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 #v3.1.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Tag release
|
|
run: |
|
|
git config --global user.name "anchoreci"
|
|
git config --global user.email "anchoreci@users.noreply.github.com"
|
|
git tag -a ${{ github.event.inputs.version }} -m "Release ${{ github.event.inputs.version }}"
|
|
git push origin --tags
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build & publish release artifacts
|
|
run: make ci-release
|
|
env:
|
|
# for mac signing and notarization...
|
|
QUILL_SIGN_P12: ${{ secrets.ANCHORE_APPLE_DEVELOPER_ID_CERT_CHAIN }}
|
|
QUILL_SIGN_PASSWORD: ${{ secrets.ANCHORE_APPLE_DEVELOPER_ID_CERT_PASS }}
|
|
QUILL_NOTARY_ISSUER: ${{ secrets.APPLE_NOTARY_ISSUER }}
|
|
QUILL_NOTARY_KEY_ID: ${{ secrets.APPLE_NOTARY_KEY_ID }}
|
|
QUILL_NOTARY_KEY: ${{ secrets.APPLE_NOTARY_KEY }}
|
|
# for creating the release (requires write access to packages and content)
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
# for updating brew formula in anchore/homebrew-syft
|
|
GITHUB_BREW_TOKEN: ${{ secrets.ANCHORECI_GITHUB_READONLY_TOKEN }}
|
|
# for updating the VERSION file in S3...
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.TOOLBOX_AWS_ACCESS_KEY_ID }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLBOX_AWS_SECRET_ACCESS_KEY }}
|
|
|
|
- uses: anchore/sbom-action@9fece9e20048ca9590af301449208b2b8861333b #v0.15.9
|
|
continue-on-error: true
|
|
with:
|
|
artifact-name: sbom.spdx.json
|
|
|
|
- uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 #v3.16.2
|
|
continue-on-error: true
|
|
with:
|
|
status: ${{ job.status }}
|
|
fields: repo,workflow,action,eventName
|
|
text: "A new Syft release has been published: https://github.com/anchore/syft/releases/tag/${{ github.event.inputs.version }}"
|
|
env:
|
|
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
|
|
if: ${{ success() }}
|