Skip to content

Commit

Permalink
ci: add new release process (#320)
Browse files Browse the repository at this point in the history 
ci: add new release process (#1)
  • Loading branch information
@iancardosozup
iancardosozup authored Sep 30, 2021
1 parent a0d24c4 commit 14d33f6
Show file tree
Hide file tree
Showing 14 changed files with 843 additions and 110 deletions.
180 changes: 180 additions & 0 deletions .github/workflows/alpha.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,180 @@
# Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: Alpha

on:
push:
branches:
- main

jobs:
Alpha:
runs-on: ubuntu-latest
env:
COSIGN_KEY_LOCATION: /tmp/cosign.key
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0

- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.17

- name: Docker Login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Cosign Installer
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.2.0'

- name: Install cosign private key
run: 'echo "$COSIGN_KEY" > $COSIGN_KEY_LOCATION'
shell: bash
env:
COSIGN_KEY: ${{secrets.COSIGN_KEY}}

- name: Build and push api
uses: docker/build-push-action@v2
with:
push: true
context: ./api
file: ./api/deployments/dockerfiles/Dockerfile
tags: horuszup/horusec-api:alpha

- name: Sign image
run: |
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-api:alpha
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
- name: Build and push auth
uses: docker/build-push-action@v2
with:
push: true
context: ./auth
file: ./auth/deployments/dockerfiles/Dockerfile
tags: horuszup/horusec-auth:alpha

- name: Sign image
run: |
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-auth:alpha
- name: Build and push analytic
uses: docker/build-push-action@v2
with:
push: true
context: ./analytic
file: ./analytic/deployments/dockerfiles/Dockerfile
tags: horuszup/horusec-analytic:alpha

- name: Sign image
run: |
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-analytic:alpha
- name: Build and push core
uses: docker/build-push-action@v2
with:
push: true
context: ./core
file: ./core/deployments/dockerfiles/Dockerfile
tags: horuszup/horusec-core:alpha

- name: Sign image
run: |
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-core:alpha
- name: Build and push manager
uses: docker/build-push-action@v2
with:
push: true
context: ./manager
file: ./manager/deployments/dockerfiles/Dockerfile
tags: horuszup/horusec-manager:alpha

- name: Sign image
run: |
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-manager:alpha
- name: Build and push messages
uses: docker/build-push-action@v2
with:
push: true
context: ./messages
file: ./messages/deployments/dockerfiles/Dockerfile
tags: horuszup/horusec-messages:alpha

- name: Sign image
run: |
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-messages:alpha
- name: Build and push migrations
uses: docker/build-push-action@v2
with:
push: true
context: ./migrations
file: ./migrations/deployments/dockerfiles/Dockerfile
tags: horuszup/horusec-migrations:alpha

- name: Sign image
run: |
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-migrations:alpha
- name: Build and push vulnerability
uses: docker/build-push-action@v2
with:
push: true
context: ./vulnerability
file: ./vulnerability/deployments/dockerfiles/Dockerfile
tags: horuszup/horusec-vulnerability:alpha

- name: Sign image
run: |
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-vulnerability:alpha
- name: Build and push webhook
uses: docker/build-push-action@v2
with:
push: true
context: ./webhook
file: ./webhook/deployments/dockerfiles/Dockerfile
tags: horuszup/horusec-webhook:alpha

- name: Sign image
run: |
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-webhook:alpha
- name: Update alpha release
uses: meeDamian/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
tag: alpha
name: alpha
draft: false
prerelease: true
commitish: ${{ github.sha }}
gzip: false
allow_override: true
body: |
## Docker images
- `docker pull horuszup/horusec-analytic:alpha`
- `docker pull horuszup/horusec-api:alpha`
- `docker pull horuszup/horusec-auth:alpha`
- `docker pull horuszup/horusec-core:alpha`
- `docker pull horuszup/horusec-manager:alpha`
- `docker pull horuszup/horusec-messages:alpha`
- `docker pull horuszup/horusec-migrations:alpha`
- `docker pull horuszup/horusec-vulnerability:alpha`
- `docker pull horuszup/horusec-webhook:alpha`
146 changes: 146 additions & 0 deletions .github/workflows/new-release.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,146 @@
# Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: New-Release

on:
workflow_dispatch:
inputs:
releaseType:
description: 'Release type: M (Major); m (Minor); p (Path)'
required: true

permissions:
contents: write

jobs:
release:
env:
COSIGN_KEY_LOCATION: "/tmp/cosign.key"
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0

- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.17
- name: Set up nodejs
uses: actions/setup-node@v2
with:
node-version: 12
- name: "Login to DockerHub"
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true

- name: Version increment
id: updated-version
run: |
curl https://raw.githubusercontent.com/ZupIT/horusec-devkit/main/scripts/semver.sh -o /tmp/semver.sh
chmod +x /tmp/semver.sh
/tmp/semver.sh -${{ github.event.inputs.releaseType }} ${{ github.event.repository.full_name }}
- uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.2.0'
- name: install cosign private key
run: 'echo "$COSIGN_KEY" > $COSIGN_KEY_LOCATION'
shell: bash
env:
COSIGN_KEY: ${{secrets.COSIGN_KEY}}
- name: Update versions on package.json
run: |
npm install -g json
json -I -f ./manager/package.json -e 'this.version="${{ steps.updated-version.outputs.strippedVersion }}"'
- name: Update versions on rest of the project
run: |
find . -type f -not -path "./.git/*" -not -path "./Makefile" -not -path "./manager/cypress/*" -not -path "./manager/cypress/*" -not -name "*.sum" -not -name "*.mod"|
xargs sed -i "s/${{ steps.updated-version.outputs.actualVersion }}/${{ steps.updated-version.outputs.version }}/g"
- name: Commit changes
uses: EndBug/[email protected]
with:
push: false
signoff: true
author_name: Horusec
author_email: [email protected]
committer_name: Horusec
committer_email: [email protected]
- name: Create tag
run: |
git tag ${{ steps.updated-version.outputs.version }}
sleep 5
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
distribution: goreleaser
version: latest
args: release --rm-dist
env:
COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.version }}

- name: "Docker meta"
uses: docker/metadata-action@v3
id: meta
env:
RELEASE_VERSION: ${{ steps.updated-version.outputs.version }}
with:
images: |
horuszup/horusec-manager
tags: |
type=semver,prefix=v,pattern={{version}},value=${{ env.RELEASE_VERSION }}
type=semver,prefix=v,pattern={{major}}.{{minor}},value=${{ env.RELEASE_VERSION }}
type=semver,prefix=v,pattern={{major}},value=${{ env.RELEASE_VERSION }}
- name: "Build and push manager"
uses: docker/build-push-action@v2
with:
push: true
context: ./manager
file: ./manager/deployments/dockerfiles/Dockerfile
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Sign image
run: |
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-manager:latest
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}

- name: Push tag
run: |
git push origin ${{ steps.updated-version.outputs.version }}
- name: Get release branch name
if: github.event.inputs.releaseType != 'p'
run: |
version=${{ steps.updated-version.outputs.version }}
echo "RELEASE_BRANCH=$(echo release/${version%.*})" >> $GITHUB_ENV
- name: Create release branch
if: github.event.inputs.releaseType != 'p'
run: |
git push origin main
git branch ${{ env.RELEASE_BRANCH }}
git push origin ${{ env.RELEASE_BRANCH }}
3 changes: 2 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,5 @@ e2e/**analysis
horusec-cli/cmd/horusec/start/examples/
vendor
**/e2e/cypress/src/screenshots/**
**/e2e/cypress/src/videos/**
**/e2e/cypress/src/videos/**
dist/
Loading

0 comments on commit 14d33f6

Please sign in to comment.