-
Notifications
You must be signed in to change notification settings - Fork 21
112 lines (101 loc) · 4.45 KB
/
build-cli.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name: Build CLI
on:
workflow_dispatch:
repository_dispatch:
push:
branches:
- '**'
tags-ignore:
- '**'
jobs:
build-cli:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
# Without this option, we don't get the tag information
with:
fetch-depth: 0
- name: Initialise the build system
run: |
chmod u+x $GITHUB_WORKSPACE/build/bin/*.sh
$GITHUB_WORKSPACE/build/bin/initbuild.sh
source $GITHUB_WORKSPACE/build/bin/.functions.sh
# 1. Download Ansible collection from Artifactory
# -------------------------------------------------------------------------------------------
- name: Download Ansible collection from Artifactory
env:
ARTIFACTORY_GENERIC_RELEASE_URL: ${{ secrets.ARTIFACTORY_GENERIC_RELEASE_URL }}
ARTIFACTORY_TOKEN: ${{ secrets.ARTIFACTORY_TOKEN }}
run: |
if [[ -e $GITHUB_WORKSPACE/image/cli/install-ansible/ibm-mas_devops.tar.gz ]]; then
echo "Found a local Ansible collection to be used in $GITHUB_WORKSPACE/image/cli/install-ansible/ibm-mas_devops.tar.gz! Skip download from Artifactory..."
else
echo "Downloading from ***/ibm-mas/ansible-devops/latest/ibm-mas_devops-latest.tar.gz"
wget --header="Authorization:Bearer $ARTIFACTORY_TOKEN" $ARTIFACTORY_GENERIC_RELEASE_URL/ibm-mas/ansible-devops/latest/ibm-mas_devops-latest.tar.gz -O $GITHUB_WORKSPACE/image/cli/install-ansible/ibm-mas_devops.tar.gz
fi
# 2. Tekton
# -------------------------------------------------------------------------------------------
- name: Build the Tekton definitions
run: $GITHUB_WORKSPACE/build/bin/build-tekton.sh
- name: Upload the Tekton definitions
uses: actions/upload-artifact@v4
with:
name: ibm-mas-tekton-${{ env.VERSION }}.yaml
path: ${{ github.workspace }}/tekton/target/ibm-mas-tekton.yaml
retention-days: 30
- name: Upload definition to Artifactory
env:
ARTIFACTORY_GENERIC_RELEASE_URL: ${{ secrets.ARTIFACTORY_GENERIC_RELEASE_URL }}
ARTIFACTORY_TOKEN: ${{ secrets.ARTIFACTORY_TOKEN }}
run: |
$GITHUB_WORKSPACE/build/bin/artifactory-release.sh $GITHUB_WORKSPACE/tekton/target/ibm-mas-tekton.yaml
$GITHUB_WORKSPACE/build/bin/artifactory-release.sh $GITHUB_WORKSPACE/tekton/target/ibm-mas-tekton-fvt.yaml
# 3. CLI installer
# -------------------------------------------------------------------------------------------
- name: Build the cli package
run: |
$GITHUB_WORKSPACE/build/bin/build-cli.sh
- name: Upload the cli
uses: actions/upload-artifact@v4
with:
name: ibm-mas-cli-${{ env.VERSION }}.tgz
path: ${{ github.workspace }}/ibm-mas-cli-${{ env.VERSION }}.tgz
retention-days: 30
# 4. CLI container image
# -------------------------------------------------------------------------------------------
- name: Build the docker image
run: |
$GITHUB_WORKSPACE/build/bin/docker-build.sh -n ibmmas -i cli
docker tag ibmmas/cli quay.io/ibmmas/cli:${{ env.DOCKER_TAG }}
# https://github.com/marketplace/actions/push-to-registry
- name: Push the docker image
id: push_to_quay
run: |
docker images
docker login --username "${{ secrets.QUAYIO_USERNAME }}" --password "${{ secrets.QUAYIO_PASSWORD }}" quay.io
docker push quay.io/ibmmas/cli:${{ env.DOCKER_TAG }}
# Old version ...
# uses: redhat-actions/push-to-registry@v2
# with:
# tags: quay.io/ibmmas/cli:${{ env.DOCKER_TAG }}
# username: ${{ secrets.QUAYIO_USERNAME }}
# password: ${{ secrets.QUAYIO_PASSWORD }}
# 5. OWASP Dependency Check
# -------------------------------------------------------------------------------------------
- name: Perform dependency check
uses: dependency-check/Dependency-Check_Action@main
id: owasp-depcheck
with:
project: 'cli'
path: '.'
format: 'HTML'
args: >
--failOnCVSS 7
--enableRetired
- name: Upload dependency check results
uses: actions/upload-artifact@v4
with:
name: OWASP dependency check report
path: ${{github.workspace}}/reports
retention-days: 30