Update 20231207 (#251) #29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: '[CI/CD] CD Pipeline' | |
| on: # rebuild any PRs and main branch changes | |
| push: | |
| branches: | |
| - main | |
| # Run for changes in config's JSON files. Never for markdown files | |
| paths: | |
| - 'config/components/**.json' | |
| - '!**.md' | |
| permissions: | |
| contents: read | |
| jobs: | |
| s3-upload: | |
| runs-on: ubuntu-latest | |
| name: 'Upload modified files to s3' | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 2 # to be able to obtain files changed in the latest commit | |
| - name: Install and configure s3cmd | |
| run: | | |
| export DEBIAN_FRONTEND=noninteractive | |
| sudo apt-get update && sudo apt-get install -y s3cmd | |
| - id: s3-upload | |
| name: 'Upload updated files' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.MAIN_CATALOG_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.MAIN_CATALOG_SECRET_ACCESS_KEY }} | |
| AWS_S3_BUCKET: ${{ secrets.MAIN_CATALOG_BUCKET }} | |
| AWS_DEFAULT_REGION: us-east-1 | |
| run: | | |
| readarray -t files_changed < <(git show --pretty="" --name-only) | |
| for f in "${files_changed[@]}"; do | |
| base_filename="$(basename -- "$f")" | |
| file_extension="${base_filename##*.}" | |
| if [[ -f "$f" ]] && [[ "$file_extension" = "json" ]]; then | |
| s3_dest="s3://${AWS_S3_BUCKET}/securityConfig/${base_filename}" | |
| # Override present file with latest version available | |
| s3cmd put --force "${{ github.workspace }}/${f}" "$s3_dest" | |
| fi | |
| done | |
| # If the CD Pipeline does not succeed we should notify the interested agents | |
| slack-notif: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - s3-upload | |
| if: always() | |
| name: Notify unsuccessful CD run | |
| steps: | |
| - name: Notify in Slack channel | |
| if: ${{ needs.s3-upload.result != 'success' }} | |
| uses: slackapi/[email protected] | |
| with: | |
| channel-id: ${{ secrets.CD_SLACK_CHANNEL_ID }} | |
| payload: | | |
| { | |
| "attachments": [ | |
| { | |
| "color": "#CC0000", | |
| "fallback": "Unsuccessful bitnami/vulndb CD pipeline", | |
| "blocks": [ | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "*Unsuccessful `bitnami/vulndb` CD pipeline*" | |
| } | |
| }, | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "The CD pipeline for <${{ github.event.head_commit.url }}|bitnami/vulndb@${{ github.event.head_commit.id }}> did not succeed. Check the related <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|action run> for more information." | |
| } | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.CD_SLACK_BOT_TOKEN }} |