-
Notifications
You must be signed in to change notification settings - Fork 25
105 lines (103 loc) · 3.89 KB
/
build-server.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Test, Build and Release
on:
workflow_dispatch:
push:
branches:
- master
tags:
- v*.**
pull_request:
types: [opened, synchronize, reopened]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: ruby/setup-ruby@v1
with:
ruby-version: '3.0' # Not needed with a .ruby-version file
bundler-cache: false # runs 'bundle install' and caches installed gems automatically
- name: Rubocop lint
run: |
sudo gem install --no-document rubocop
rubocop
- name: Unit tests
run: |
gem install --no-document -g
scripts/test_all.sh
- name: SBOM generation
run: |
gem install --no-document cyclonedx-ruby
cyclonedx-ruby -p .
- uses: actions/upload-artifact@v2
with:
name: SBOM
path: bom.xml
docker-build:
needs: test
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')
steps:
- uses: actions/checkout@master
- uses: actions/download-artifact@v2
with:
name: SBOM
- name: Build docker image
run: |
git_hash=$(git rev-parse --short "$GITHUB_SHA")
git_branch=${GITHUB_REF#refs/heads/}
# determine version from tag
export VERSION=$(echo "${GITHUB_REF}" | cut -d "/" -f3)
if [[ $VERSION != v* ]]
then
export VERSION="git-${git_branch}-${git_hash}"
echo "Building version-less (${VERSION})"
else
export VERSION=${VERSION:1:${#VERSION}}
echo "Building as ${VERSION}"
fi
echo "##[set-output name=version;]$VERSION"
docker build --build-arg omejdn_version=$VERSION -t ghcr.io/fraunhofer-aisec/omejdn-server:dev .
id: build_docker
- name: Push Docker Image
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
docker push ghcr.io/fraunhofer-aisec/omejdn-server:dev
if: github.ref == 'refs/heads/master'
- name: Push branch docker image
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
git_branch=${GITHUB_REF#refs/heads/}
docker tag ghcr.io/fraunhofer-aisec/omejdn-server:dev ghcr.io/fraunhofer-aisec/omejdn-server:$git_branch
docker push ghcr.io/fraunhofer-aisec/omejdn-server:$git_branch
if: (github.ref != 'refs/heads/master') && startsWith(github.ref, 'refs/heads')
- name: Push release docker image
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
docker tag ghcr.io/fraunhofer-aisec/omejdn-server:dev ghcr.io/fraunhofer-aisec/omejdn-server:${{ steps.build_docker.outputs.version }}
docker tag ghcr.io/fraunhofer-aisec/omejdn-server:dev ghcr.io/fraunhofer-aisec/omejdn-server:latest
docker push ghcr.io/fraunhofer-aisec/omejdn-server:${{ steps.build_docker.outputs.version }}
docker push ghcr.io/fraunhofer-aisec/omejdn-server:latest
if: startsWith(github.ref, 'refs/tags/v')
- name: "Create Release"
if: startsWith(github.ref, 'refs/tags/v')
id: create_release
uses: actions/create-release@latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: ${{ steps.build_docker.outputs.version }}
draft: false
prerelease: false
- name: "Upload Release SBOM"
if: startsWith(github.ref, 'refs/tags/v')
id: upload-release-asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: bom.xml
asset_name: bom-${{ steps.build_docker.outputs.version }}.xml
asset_content_type: application/xml