Skip to content

Hardening/doc

Hardening/doc #222

Workflow file for this run

name: Pre-Release
on:
pull_request:
types:
- opened
- synchronize
- reopened
- labeled
- unlabeled
env:
REGISTRY: quay.io
REPOSITORY: fiware
jobs:
generate-version:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.out.outputs.version }}
steps:
- uses: actions/checkout@v2
- id: bump
uses: zwaldowski/match-label-action@v5
with:
allowed: major,minor,patch
- uses: zwaldowski/semver-release-action@v2
with:
dry_run: true
bump: ${{ steps.bump.outputs.match }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Get PR Number
id: pr_number
run: echo "::set-output name=nr::$(echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }')"
- name: Set version output
id: out
run: echo "::set-output name=version::$(echo ${VERSION}-PRE-${{ steps.pr_number.outputs.nr }})"
cm-forward-proxy:
needs: [ "generate-version" ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Build build-stage
run:
docker build -f proxy/Dockerfile-build . -t build
- name: Build Image
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: cm-forward-proxy
tags: ${{ github.sha }} ${{ needs.generate-version.outputs.version }}
dockerfiles: |
./proxy/cm-forward-filter/Dockerfile-envoy
context: ./proxy/cm-forward-filter
- name: Push To quay.io
id: push-to-quay
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
ossm-extension:
needs: [ "generate-version" ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set extension version
run: |
sed -i 's/${cm-forward-filter.version}/${{ needs.generate-version.outputs.version }}/g' ./proxy/ossm-extension/manifest.yaml
cat ./proxy/ossm-extension/manifest.yaml
- name: Build Image
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: cm-forward-filter-extension
tags: ${{ github.sha }} ${{ needs.generate-version.outputs.version }}
dockerfiles: |
./proxy/ossm-extension/Dockerfile
context: .
- name: Push To quay.io
id: push-to-quay
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
cm-forward-filter:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Build wasm
run: |
docker build -f proxy/Dockerfile-build . -t build
docker run -u root -v $(pwd)/proxy/cm-forward-filter:/cm-forward-filter --workdir /cm-forward-filter build tinygo build -o cm-forward-filter.wasm -target=wasi ./main.go
- uses: actions/upload-artifact@v4
with:
name: cm-forward-filter
path: proxy/cm-forward-filter/cm-forward-filter.wasm
vault-ethereum:
needs: [ "generate-version" ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Build Image
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: vault-ethereum
tags: ${{ github.sha }} ${{ needs.generate-version.outputs.version }}
dockerfiles: |
./it/vault/Dockerfile
context: ./it/vault
- name: Push To quay.io
id: push-to-quay
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
# image build&push
canis-major:
needs: [ "generate-version" ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-java@v1
with:
java-version: '17'
java-package: jdk
- name: Log into quay.io
run: docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" ${{ env.REGISTRY }}
- name: Build&Push image
run: |
mvn versions:set -DnewVersion=${{ needs.generate-version.outputs.version }}
mvn clean install deploy -Pdocker -DskipTests -Dimage.tag=${{ needs.generate-version.outputs.version }} -Dimage.registry="${{ env.REGISTRY }}" -Dimage.repository="${{ env.REPOSITORY }}"
git-release:
needs: ["generate-version","canis-major", "vault-ethereum", "cm-forward-proxy", "ossm-extension", "cm-forward-filter"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: "marvinpinto/action-automatic-releases@latest"
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
automatic_release_tag: ${{ needs.generate-version.outputs.version }}
prerelease: true
title: ${{ needs.generate-version.outputs.version }}
files: |
LICENSE