bump actions/upload-artifact v3 -> v4 #11381
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build CLI | |
| on: | |
| workflow_dispatch: | |
| repository_dispatch: | |
| push: | |
| branches: | |
| - '**' | |
| tags-ignore: | |
| - '**' | |
| jobs: | |
| build-cli: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| # Without this option, we don't get the tag information | |
| with: | |
| fetch-depth: 0 | |
| - name: Initialise the build system | |
| run: | | |
| chmod u+x $GITHUB_WORKSPACE/build/bin/*.sh | |
| $GITHUB_WORKSPACE/build/bin/initbuild.sh | |
| source $GITHUB_WORKSPACE/build/bin/.functions.sh | |
| # 1. Download Ansible collection from Artifactory | |
| # ------------------------------------------------------------------------------------------- | |
| - name: Download Ansible collection from Artifactory | |
| env: | |
| ARTIFACTORY_GENERIC_RELEASE_URL: ${{ secrets.ARTIFACTORY_GENERIC_RELEASE_URL }} | |
| ARTIFACTORY_TOKEN: ${{ secrets.ARTIFACTORY_TOKEN }} | |
| run: | | |
| if [[ -e $GITHUB_WORKSPACE/image/cli/install-ansible/ibm-mas_devops.tar.gz ]]; then | |
| echo "Found a local Ansible collection to be used in $GITHUB_WORKSPACE/image/cli/install-ansible/ibm-mas_devops.tar.gz! Skip download from Artifactory..." | |
| else | |
| echo "Downloading from ***/ibm-mas/ansible-devops/latest/ibm-mas_devops-latest.tar.gz" | |
| wget --header="Authorization:Bearer $ARTIFACTORY_TOKEN" $ARTIFACTORY_GENERIC_RELEASE_URL/ibm-mas/ansible-devops/latest/ibm-mas_devops-latest.tar.gz -O $GITHUB_WORKSPACE/image/cli/install-ansible/ibm-mas_devops.tar.gz | |
| fi | |
| # 2. Tekton | |
| # ------------------------------------------------------------------------------------------- | |
| - name: Build the Tekton definitions | |
| run: $GITHUB_WORKSPACE/build/bin/build-tekton.sh | |
| - name: Upload the Tekton definitions | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ibm-mas-tekton-${{ env.VERSION }}.yaml | |
| path: ${{ github.workspace }}/tekton/target/ibm-mas-tekton.yaml | |
| retention-days: 30 | |
| - name: Upload definition to Artifactory | |
| env: | |
| ARTIFACTORY_GENERIC_RELEASE_URL: ${{ secrets.ARTIFACTORY_GENERIC_RELEASE_URL }} | |
| ARTIFACTORY_TOKEN: ${{ secrets.ARTIFACTORY_TOKEN }} | |
| run: | | |
| $GITHUB_WORKSPACE/build/bin/artifactory-release.sh $GITHUB_WORKSPACE/tekton/target/ibm-mas-tekton.yaml | |
| $GITHUB_WORKSPACE/build/bin/artifactory-release.sh $GITHUB_WORKSPACE/tekton/target/ibm-mas-tekton-fvt.yaml | |
| # 3. CLI installer | |
| # ------------------------------------------------------------------------------------------- | |
| - name: Build the cli package | |
| run: | | |
| $GITHUB_WORKSPACE/build/bin/build-cli.sh | |
| - name: Upload the cli | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ibm-mas-cli-${{ env.VERSION }}.tgz | |
| path: ${{ github.workspace }}/ibm-mas-cli-${{ env.VERSION }}.tgz | |
| retention-days: 30 | |
| # 4. CLI container image | |
| # ------------------------------------------------------------------------------------------- | |
| - name: Build the docker image | |
| run: | | |
| $GITHUB_WORKSPACE/build/bin/docker-build.sh -n ibmmas -i cli | |
| docker tag ibmmas/cli quay.io/ibmmas/cli:${{ env.DOCKER_TAG }} | |
| # https://github.com/marketplace/actions/push-to-registry | |
| - name: Push the docker image | |
| id: push_to_quay | |
| run: | | |
| docker images | |
| docker login --username "${{ secrets.QUAYIO_USERNAME }}" --password "${{ secrets.QUAYIO_PASSWORD }}" quay.io | |
| docker push quay.io/ibmmas/cli:${{ env.DOCKER_TAG }} | |
| # Old version ... | |
| # uses: redhat-actions/push-to-registry@v2 | |
| # with: | |
| # tags: quay.io/ibmmas/cli:${{ env.DOCKER_TAG }} | |
| # username: ${{ secrets.QUAYIO_USERNAME }} | |
| # password: ${{ secrets.QUAYIO_PASSWORD }} | |
| # 5. OWASP Dependency Check | |
| # ------------------------------------------------------------------------------------------- | |
| - name: Perform dependency check | |
| uses: dependency-check/Dependency-Check_Action@main | |
| id: owasp-depcheck | |
| with: | |
| project: 'cli' | |
| path: '.' | |
| format: 'HTML' | |
| args: > | |
| --failOnCVSS 7 | |
| --enableRetired | |
| - name: Upload dependency check results | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: OWASP dependency check report | |
| path: ${{github.workspace}}/reports | |
| retention-days: 30 |