add new build and deploy script

.github/workflows/build-and-deploy.yml

@@ -0,0 +1,106 @@
+name: Build and deploy with evidence
+
+on:
+  [workflow_dispatch]
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  Docker-build-with-evidence:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install jfrog cli
+        uses: jfrog/setup-jfrog-cli@v4
+        env:
+          JF_URL: ${{ vars.ARTIFACTORY_URL }}
+          JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }}
+
+      - uses: actions/checkout@v4
+
+      - name: Log in to Artifactory Docker Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.ARTIFACTORY_URL }}
+          username: ${{ secrets.JF_USER }}
+          password: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+          install: true
+
+      - name: Build Docker image
+        run: |
+          URL=$(echo ${{ vars.ARTIFACTORY_URL }} | sed 's|^https://||')
+          REPO_URL=${URL}'/example-project-docker-dev-virtual'
+          docker build --build-arg REPO_URL=${REPO_URL} -f Dockerfile . \
+          --tag ${REPO_URL}/example-project-app:${{ github.run_number }} \
+          --output=type=image --platform linux/amd64 --metadata-file=build-metadata --push
+          jfrog rt build-docker-create example-project-docker-dev --image-file build-metadata --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }}
+
+      - name: Evidence on docker
+        run: |
+          echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json
+          jf evd create --package-name example-project-app --package-version 65 --package-repo-name example-project-docker-dev-local \
+            --key "${{ secrets.PRIVATE_KEY }}" \
+            --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 
+          echo '🔎 Evidence attached: `signature` 🔏 ' 
+
+      - name: Upload readme file
+        run: |
+          jf rt upload ./README.md example-project-generic-dev/readme/${{ github.run_number }}/ --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }}
+          jf evd create --subject-repo-path example-project-generic-dev/readme/${{ github.run_number }}/README.md \
+            --key "${{ secrets.PRIVATE_KEY }}" \
+            --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1
+
+      - name: Publish build info
+        run: jfrog rt build-publish ${{ vars.BUILD_NAME }} ${{ github.run_number }}
+
+      - name: Sign build evidence
+        run: |
+          echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json
+          jf evd create --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} \
+            --predicate ./sign.json --predicate-type https://jfrog.com/evidence/build-signature/v1 \
+            --key "${{ secrets.PRIVATE_KEY }}"
+          echo '🔎 Evidence attached: `build-signature` 🔏 ' >> $GITHUB_STEP_SUMMARY
+
+      - name: Create release bundle
+        run: |
+          echo '{ "files": [ {"build": "'"${{ vars.BUILD_NAME }}/${{ github.run_number }}"'" } ] }' > bundle-spec.json
+          jf release-bundle-create ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} --signing-key PGP-RSA-2048 --spec bundle-spec.json --sync=true
+          NAME_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&repositoryKey=example-project-release-bundles-v2&activeKanbanTab=promotion'
+          VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=example-project-release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion'
+          echo '📦 Release bundle ['${{ vars.BUNDLE_NAME }}']('${NAME_LINK}'):['${{ github.run_number }}']('${VER_LINK}') created' >> $GITHUB_STEP_SUMMARY
+
+
+  Promote-to-qa-and-test:
+    needs: Docker-build-with-evidence    
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Install jfrog cli
+        uses: jfrog/setup-jfrog-cli@v4
+        env:
+          JF_URL: ${{ vars.ARTIFACTORY_URL }}
+          JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }}
+
+      - name: Promote to QA
+        run: |
+          jf release-bundle-promote ${{ vars.BUNDLE_NAME }} ${{ vars.VERSION }} QA --signing-key PGP-RSA-2048 --project ${{ vars.PROJECT }}
+          echo "🚀 Succesfully promote to `QA` environemnt" >> $GITHUB_STEP_SUMMARY
+
+      - name: Evidence on release-bundle
+        run: |
+          echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > rbv2_evidence.json
+          JF_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion'
+          echo 'Test on Release bundle ['${{ vars.BUNDLE_NAME }}':'${{ github.run_number }}']('${JF_LINK}') success' >> $GITHUB_STEP_SUMMARY
+          jf evd create --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \
+            --predicate ./rbv2_evidence.json --predicate-type https://jfrog.com/evidence/rbv2-signature/v1 \
+            --key "${{ secrets.PRIVATE_KEY }}"
+          echo '🔎 Evidence attached: integration-test 🧪 ' >> $GITHUB_STEP_SUMMARY

.github/workflows/build.yml

@@ -1,7 +1,8 @@
 name: Build with evidence
 
 on:
-  [push, workflow_dispatch]
+  workflow_dispatch
+  # [push, workflow_dispatch]
 
 permissions:
   id-token: write