Skip to content

goreleaser-scheduled #1384

goreleaser-scheduled

goreleaser-scheduled #1384

name: goreleaser-scheduled
on:
schedule:
- cron: "0 2 * * *"
workflow_dispatch:
jobs:
pre_release_job:
runs-on: ubuntu-latest
outputs:
changes: ${{ steps.lasttag.outputs.newchanges }}
sha8: ${{ steps.shorthash.outputs.sha8 }}
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Check if there are new commits since last nightly
id: lasttag
run: echo "::set-output name=newchanges::$(bash ./.github/scripts/is-changed-since-last-nightly.sh)"
- name: Set short hash
id: shorthash
run: echo "::set-output name=sha8::$(echo ${GITHUB_SHA} | cut -c1-8)"
goreleaser:
needs: pre_release_job
if: ${{ needs.pre_release_job.outputs.changes == 'yes' }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2
if: always()
with:
github-token: ${{ secrets.KICS_BOT_PAT }}
webhook-uri: ${{ secrets.MSTEAMS_WEBHOOK_URL }}
card-layout-start: cozy
card-layout-exit: complete
show-on-start: true
show-on-exit: true
custom-facts: |
- name: Nightly Release Commit
value: ${{ needs.pre_release_job.outputs.sha8 }}
custom-actions: |
- name: View CI Logs
value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }}"
- name: View HEAD Commit
value: https://github.com/Checkmarx/kics/commit/${{ github.sha }}
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.23.x
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
with:
version: v0.160.0
args: release --rm-dist --snapshot --skip-validate --config="./release/.goreleaser-nightly.yml"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
DESCRIPTIONS_URL: ${{ secrets.DESCRIPTIONS_URL }}
- name: delete release
uses: dev-drprasad/delete-tag-and-release@82600feb9527126eca69833f07bafe53279bd9b4 # v1.1
with:
delete_release: true # default: false
tag_name: nightly # tag name to delete
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create Release
id: create_release
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: nightly
release_name: nightly-${{ needs.pre_release_job.outputs.sha8 }}
draft: false
prerelease: true
- name: Display assets
run: |
ls -l /home/runner/work/kics/kics/dist
- name: Upload Release Asset Linux
id: upload-release-asset-linux
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_linux_x64.tar.gz
asset_name: kics_nightly-release_linux_amd64.tar.gz
asset_content_type: application/gzip
- name: Upload Release Asset Darwin
id: upload-release-asset-darwin
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_darwin_x64.tar.gz
asset_name: kics_nightly-release_darwin_amd64.tar.gz
asset_content_type: application/gzip
- name: Upload Release Asset Windows
id: upload-release-asset-windows
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_windows_x64.zip
asset_name: kics_nightly-release_windows_amd64.zip
asset_content_type: application/zip
- name: Upload Release Asset Checksum
id: upload-release-asset-checksums
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_checksums.txt
asset_name: kics_nightly-release_checksums.txt
asset_content_type: text/plain
push_to_registry:
name: Push Docker image to Docker Hub
needs: pre_release_job
if: ${{ needs.pre_release_job.outputs.changes == 'yes' }}
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2
if: always()
with:
github-token: ${{ secrets.KICS_BOT_PAT }}
webhook-uri: ${{ secrets.MSTEAMS_WEBHOOK_URL }}
card-layout-start: cozy
card-layout-exit: complete
show-on-start: true
show-on-exit: true
custom-facts: |
- name: Nightly Release Commit
value: ${{ needs.pre_release_job.outputs.sha8 }}
custom-actions: |
- name: View CI Logs
value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }}"
- name: View HEAD Commit
value: https://github.com/Checkmarx/kics/commit/${{ github.sha }}
- name: Set up QEMU
uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v2
with:
image: tonistiigi/binfmt:latest
platforms: linux/amd64,linux/arm64
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Login to DockerHub
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Get current date
run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
- name: Docker meta
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: "checkmarx/kics"
labels: |
org.opencontainers.image.title=KICS
org.opencontainers.image.version=nightly-${{ needs.pre_release_job.outputs.sha8 }}
org.opencontainers.image.vendor=Checkmarx
org.opencontainers.image.authors=KICS
org.opencontainers.image.description=Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
org.opencontainers.image.documentation=https://docs.kics.io
org.opencontainers.image.url=https://github.com/Checkmarx/kics
org.opencontainers.image.source=https://github.com/Checkmarx/kics
org.opencontainers.image.licenses=Apache-2.0
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.created=${{ env.CREATED_AT }}
- name: Push alpine to Docker Hub
id: build_alpine
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: checkmarx/kics:nightly,checkmarx/kics:nightly-alpine
build-args: |
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }}
COMMIT=${{ github.sha }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push debian to Docker Hub
id: build_debian
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
context: .
file: ./docker/Dockerfile.debian
push: true
platforms: linux/amd64,linux/arm64
tags: checkmarx/kics:nightly-debian
build-args: |
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }}
COMMIT=${{ github.sha }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push ubi8 to Docker Hub
id: build_ubi8
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
context: .
file: ./docker/Dockerfile.ubi8
push: true
tags: checkmarx/kics:nightly-ubi8
platforms: linux/amd64
build-args: |
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }}
COMMIT=${{ github.sha }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
labels: ${{ steps.meta.outputs.labels }}
- name: Create Pull Request
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6
with:
title: "docs(kicsbot): update images digest"
token: ${{ secrets.KICS_BOT_PAT }}
commit-message: "docs(kicsbot): update images digest"
delete-branch: true
branch: feature/kicsbot-update-queries-docs
body: |
**Automated Changes**
Updating docker images digests
Triggered by SHA: _${{ github.sha }}_
labels: documentation