From c50b1c3a1543f506288da32ceb8355bcb5b8c30f Mon Sep 17 00:00:00 2001 From: neshkoli Date: Wed, 27 Nov 2024 15:07:13 +0200 Subject: [PATCH] add new build and deploy script --- .github/workflows/build-and-deploy.yml | 106 +++++++++++++++++++++++++ .github/workflows/build.yml | 3 +- 2 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/build-and-deploy.yml diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml new file mode 100644 index 0000000..35b70b7 --- /dev/null +++ b/.github/workflows/build-and-deploy.yml @@ -0,0 +1,106 @@ +name: Build and deploy with evidence + +on: + [workflow_dispatch] + +permissions: + id-token: write + contents: read + +jobs: + Docker-build-with-evidence: + runs-on: ubuntu-latest + steps: + - name: Install jfrog cli + uses: jfrog/setup-jfrog-cli@v4 + env: + JF_URL: ${{ vars.ARTIFACTORY_URL }} + JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} + + - uses: actions/checkout@v4 + + - name: Log in to Artifactory Docker Registry + uses: docker/login-action@v3 + with: + registry: ${{ vars.ARTIFACTORY_URL }} + username: ${{ secrets.JF_USER }} + password: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + platforms: linux/amd64,linux/arm64 + install: true + + - name: Build Docker image + run: | + URL=$(echo ${{ vars.ARTIFACTORY_URL }} | sed 's|^https://||') + REPO_URL=${URL}'/example-project-docker-dev-virtual' + docker build --build-arg REPO_URL=${REPO_URL} -f Dockerfile . \ + --tag ${REPO_URL}/example-project-app:${{ github.run_number }} \ + --output=type=image --platform linux/amd64 --metadata-file=build-metadata --push + jfrog rt build-docker-create example-project-docker-dev --image-file build-metadata --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} + + - name: Evidence on docker + run: | + echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json + jf evd create --package-name example-project-app --package-version 65 --package-repo-name example-project-docker-dev-local \ + --key "${{ secrets.PRIVATE_KEY }}" \ + --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 + echo '๐Ÿ”Ž Evidence attached: `signature` ๐Ÿ” ' + + - name: Upload readme file + run: | + jf rt upload ./README.md example-project-generic-dev/readme/${{ github.run_number }}/ --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} + jf evd create --subject-repo-path example-project-generic-dev/readme/${{ github.run_number }}/README.md \ + --key "${{ secrets.PRIVATE_KEY }}" \ + --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 + + - name: Publish build info + run: jfrog rt build-publish ${{ vars.BUILD_NAME }} ${{ github.run_number }} + + - name: Sign build evidence + run: | + echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json + jf evd create --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} \ + --predicate ./sign.json --predicate-type https://jfrog.com/evidence/build-signature/v1 \ + --key "${{ secrets.PRIVATE_KEY }}" + echo '๐Ÿ”Ž Evidence attached: `build-signature` ๐Ÿ” ' >> $GITHUB_STEP_SUMMARY + + - name: Create release bundle + run: | + echo '{ "files": [ {"build": "'"${{ vars.BUILD_NAME }}/${{ github.run_number }}"'" } ] }' > bundle-spec.json + jf release-bundle-create ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} --signing-key PGP-RSA-2048 --spec bundle-spec.json --sync=true + NAME_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&repositoryKey=example-project-release-bundles-v2&activeKanbanTab=promotion' + VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=example-project-release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion' + echo '๐Ÿ“ฆ Release bundle ['${{ vars.BUNDLE_NAME }}']('${NAME_LINK}'):['${{ github.run_number }}']('${VER_LINK}') created' >> $GITHUB_STEP_SUMMARY + + + Promote-to-qa-and-test: + needs: Docker-build-with-evidence + runs-on: ubuntu-latest + steps: + + - name: Install jfrog cli + uses: jfrog/setup-jfrog-cli@v4 + env: + JF_URL: ${{ vars.ARTIFACTORY_URL }} + JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} + + - name: Promote to QA + run: | + jf release-bundle-promote ${{ vars.BUNDLE_NAME }} ${{ vars.VERSION }} QA --signing-key PGP-RSA-2048 --project ${{ vars.PROJECT }} + echo "๐Ÿš€ Succesfully promote to `QA` environemnt" >> $GITHUB_STEP_SUMMARY + + - name: Evidence on release-bundle + run: | + echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > rbv2_evidence.json + JF_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion' + echo 'Test on Release bundle ['${{ vars.BUNDLE_NAME }}':'${{ github.run_number }}']('${JF_LINK}') success' >> $GITHUB_STEP_SUMMARY + jf evd create --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \ + --predicate ./rbv2_evidence.json --predicate-type https://jfrog.com/evidence/rbv2-signature/v1 \ + --key "${{ secrets.PRIVATE_KEY }}" + echo '๐Ÿ”Ž Evidence attached: integration-test ๐Ÿงช ' >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9cf35ed..71e9624 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,7 +1,8 @@ name: Build with evidence on: - [push, workflow_dispatch] + workflow_dispatch + # [push, workflow_dispatch] permissions: id-token: write