goreleaser-scheduled #1383
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: goreleaser-scheduled | |
on: | |
schedule: | |
- cron: "0 2 * * *" | |
workflow_dispatch: | |
jobs: | |
pre_release_job: | |
runs-on: ubuntu-latest | |
outputs: | |
changes: ${{ steps.lasttag.outputs.newchanges }} | |
sha8: ${{ steps.shorthash.outputs.sha8 }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Check if there are new commits since last nightly | |
id: lasttag | |
run: echo "::set-output name=newchanges::$(bash ./.github/scripts/is-changed-since-last-nightly.sh)" | |
- name: Set short hash | |
id: shorthash | |
run: echo "::set-output name=sha8::$(echo ${GITHUB_SHA} | cut -c1-8)" | |
goreleaser: | |
needs: pre_release_job | |
if: ${{ needs.pre_release_job.outputs.changes == 'yes' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2 | |
if: always() | |
with: | |
github-token: ${{ secrets.KICS_BOT_PAT }} | |
webhook-uri: ${{ secrets.MSTEAMS_WEBHOOK_URL }} | |
card-layout-start: cozy | |
card-layout-exit: complete | |
show-on-start: true | |
show-on-exit: true | |
custom-facts: | | |
- name: Nightly Release Commit | |
value: ${{ needs.pre_release_job.outputs.sha8 }} | |
custom-actions: | | |
- name: View CI Logs | |
value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }}" | |
- name: View HEAD Commit | |
value: https://github.com/Checkmarx/kics/commit/${{ github.sha }} | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.23.x | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 | |
with: | |
version: v0.160.0 | |
args: release --rm-dist --snapshot --skip-validate --config="./release/.goreleaser-nightly.yml" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
DESCRIPTIONS_URL: ${{ secrets.DESCRIPTIONS_URL }} | |
- name: delete release | |
uses: dev-drprasad/delete-tag-and-release@82600feb9527126eca69833f07bafe53279bd9b4 # v1.1 | |
with: | |
delete_release: true # default: false | |
tag_name: nightly # tag name to delete | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create Release | |
id: create_release | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: nightly | |
release_name: nightly-${{ needs.pre_release_job.outputs.sha8 }} | |
draft: false | |
prerelease: true | |
- name: Display assets | |
run: | | |
ls -l /home/runner/work/kics/kics/dist | |
- name: Upload Release Asset Linux | |
id: upload-release-asset-linux | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps | |
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_linux_x64.tar.gz | |
asset_name: kics_nightly-release_linux_amd64.tar.gz | |
asset_content_type: application/gzip | |
- name: Upload Release Asset Darwin | |
id: upload-release-asset-darwin | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps | |
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_darwin_x64.tar.gz | |
asset_name: kics_nightly-release_darwin_amd64.tar.gz | |
asset_content_type: application/gzip | |
- name: Upload Release Asset Windows | |
id: upload-release-asset-windows | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps | |
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_windows_x64.zip | |
asset_name: kics_nightly-release_windows_amd64.zip | |
asset_content_type: application/zip | |
- name: Upload Release Asset Checksum | |
id: upload-release-asset-checksums | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps | |
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_checksums.txt | |
asset_name: kics_nightly-release_checksums.txt | |
asset_content_type: text/plain | |
push_to_registry: | |
name: Push Docker image to Docker Hub | |
needs: pre_release_job | |
if: ${{ needs.pre_release_job.outputs.changes == 'yes' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2 | |
if: always() | |
with: | |
github-token: ${{ secrets.KICS_BOT_PAT }} | |
webhook-uri: ${{ secrets.MSTEAMS_WEBHOOK_URL }} | |
card-layout-start: cozy | |
card-layout-exit: complete | |
show-on-start: true | |
show-on-exit: true | |
custom-facts: | | |
- name: Nightly Release Commit | |
value: ${{ needs.pre_release_job.outputs.sha8 }} | |
custom-actions: | | |
- name: View CI Logs | |
value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }}" | |
- name: View HEAD Commit | |
value: https://github.com/Checkmarx/kics/commit/${{ github.sha }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v2 | |
with: | |
image: tonistiigi/binfmt:latest | |
platforms: linux/amd64,linux/arm64 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
- name: Login to DockerHub | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Get current date | |
run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
with: | |
images: "checkmarx/kics" | |
labels: | | |
org.opencontainers.image.title=KICS | |
org.opencontainers.image.version=nightly-${{ needs.pre_release_job.outputs.sha8 }} | |
org.opencontainers.image.vendor=Checkmarx | |
org.opencontainers.image.authors=KICS | |
org.opencontainers.image.description=Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. | |
org.opencontainers.image.documentation=https://docs.kics.io | |
org.opencontainers.image.url=https://github.com/Checkmarx/kics | |
org.opencontainers.image.source=https://github.com/Checkmarx/kics | |
org.opencontainers.image.licenses=Apache-2.0 | |
org.opencontainers.image.revision=${{ github.sha }} | |
org.opencontainers.image.created=${{ env.CREATED_AT }} | |
- name: Push alpine to Docker Hub | |
id: build_alpine | |
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 | |
with: | |
context: . | |
push: true | |
platforms: linux/amd64,linux/arm64 | |
tags: checkmarx/kics:nightly,checkmarx/kics:nightly-alpine | |
build-args: | | |
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }} | |
COMMIT=${{ github.sha }} | |
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Build and push debian to Docker Hub | |
id: build_debian | |
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 | |
with: | |
context: . | |
file: ./docker/Dockerfile.debian | |
push: true | |
platforms: linux/amd64,linux/arm64 | |
tags: checkmarx/kics:nightly-debian | |
build-args: | | |
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }} | |
COMMIT=${{ github.sha }} | |
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Build and push ubi8 to Docker Hub | |
id: build_ubi8 | |
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 | |
with: | |
context: . | |
file: ./docker/Dockerfile.ubi8 | |
push: true | |
tags: checkmarx/kics:nightly-ubi8 | |
platforms: linux/amd64 | |
build-args: | | |
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }} | |
COMMIT=${{ github.sha }} | |
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Create Pull Request | |
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6 | |
with: | |
title: "docs(kicsbot): update images digest" | |
token: ${{ secrets.KICS_BOT_PAT }} | |
commit-message: "docs(kicsbot): update images digest" | |
delete-branch: true | |
branch: feature/kicsbot-update-queries-docs | |
body: | | |
**Automated Changes** | |
Updating docker images digests | |
Triggered by SHA: _${{ github.sha }}_ | |
labels: documentation |