From ecc20e106e67871ceee5a08c17d16707ace87ce9 Mon Sep 17 00:00:00 2001 From: Dmitry Smirnov Date: Fri, 15 Nov 2024 17:57:17 +0200 Subject: [PATCH] pre-release --- .github/workflows/release.yml | 131 +++++++++++++++------------------- 1 file changed, 56 insertions(+), 75 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 369fc928..52730c10 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -41,12 +41,9 @@ jobs: - name: Generate changelog id: changelog run: | - git log $(git describe --tags --abbrev=0)..HEAD -- . \ - --pretty=format:"- %s" > changelog.txt + git log $(git describe --tags --abbrev=0)..HEAD -- . --pretty=format:"- %s" > changelog.txt CHANGELOG=$(cat changelog.txt | jq -sRr @uri) - echo "changelog<> $GITHUB_ENV - echo "$CHANGELOG" >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV + echo "CHANGELOG=$CHANGELOG" >> $GITHUB_ENV - name: Log in to Docker Hub uses: docker/login-action@v3 @@ -54,37 +51,23 @@ jobs: username: ${{ vars.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - # Temporarily comment out the build and push step to save time during testing - # - name: Multi-arch build and push to Docker Hub - # id: build-push - # uses: docker/build-push-action@v6 - # with: - # context: . - # file: ./Dockerfile - # platforms: linux/amd64,linux/arm64 - # push: true - # tags: | - # usabilitydynamics/udx-worker:${{ steps.gitversion.outputs.semVer }} - # usabilitydynamics/udx-worker:latest + - name: Multi-arch build and push to Docker Hub + id: build-push + uses: docker/build-push-action@v6 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64 + push: true + tags: | + usabilitydynamics/udx-worker:${{ steps.gitversion.outputs.semVer }} + usabilitydynamics/udx-worker:latest - name: Install Trivy run: | curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | \ sudo sh -s -- -b /usr/local/bin - - name: Pull Docker Image for SBOM Generation - id: pull-image - run: | - docker pull usabilitydynamics/udx-worker:${{ steps.gitversion.outputs.semVer }} - docker images # List images to verify the image is present locally - - - name: Get Image Digest - id: get-digest - run: | - IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' usabilitydynamics/udx-worker:${{ steps.gitversion.outputs.semVer }}) - echo "IMAGE_DIGEST=${IMAGE_DIGEST}" >> $GITHUB_ENV - echo "::set-output name=image_digest::${IMAGE_DIGEST}" - - name: Generate SBOM with Retry Logic id: generate-sbom run: | @@ -147,7 +130,7 @@ jobs: run: | cosign sign -y \ --key env://COSIGN_PRIVATE_KEY \ - "$IMAGE_DIGEST" + usabilitydynamics/udx-worker@${{ steps.build-push.outputs.digest }} - name: Sign SBOM with Cosign env: @@ -157,51 +140,49 @@ jobs: --key env://COSIGN_PRIVATE_KEY \ --predicate sbom.json \ --type https://spdx.dev/spdx-specification-2-2-pdf \ - "$IMAGE_DIGEST" - + usabilitydynamics/udx-worker@${{ steps.build-push.outputs.digest }} - name: Log out from Docker Hub run: docker logout - # Temporarily comment out GitHub release job to avoid duplicate releases - # github-release: - # runs-on: ubuntu-latest - # needs: docker-release - # permissions: - # contents: write - # steps: - # - name: Checkout code - # uses: actions/checkout@v4 - # with: - # fetch-depth: 0 - - # - name: Configure git for pushing - # run: | - # git config --global user.email "worker@udx.io" - # git config --global user.name "UDX Worker" - - # - name: Create GitHub Tag - # env: - # GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} - # run: | - # git tag ${{ needs.docker-release.outputs.semVer }} - # git push origin ${{ needs.docker-release.outputs.semVer }} - - # - name: Download SBOM Artifact - # uses: actions/download-artifact@v4 - # with: - # name: sbom - - # - name: Create GitHub release - # uses: softprops/action-gh-release@v2 - # with: - # tag_name: ${{ needs.docker-release.outputs.semVer }} - # body: | - # Release version ${{ needs.docker-release.outputs.semVer }}. - # [View on Docker Hub](https://hub.docker.com/r/usabilitydynamics/udx-worker/tags?page=1&ordering=last_updated). - # ${{ needs.docker-release.outputs.changelog }} - # draft: false - # prerelease: false - # files: sbom.json - # env: - # GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + github-release: + runs-on: ubuntu-latest + needs: docker-release + permissions: + contents: write + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Configure git for pushing + run: | + git config --global user.email "worker@udx.io" + git config --global user.name "UDX Worker" + + - name: Create GitHub Tag + env: + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + run: | + git tag ${{ needs.docker-release.outputs.semVer }} + git push origin ${{ needs.docker-release.outputs.semVer }} + + - name: Download SBOM Artifact + uses: actions/download-artifact@v4 + with: + name: sbom + + - name: Create GitHub release + uses: softprops/action-gh-release@v2 + with: + tag_name: ${{ needs.docker-release.outputs.semVer }} + body: | + Release version ${{ needs.docker-release.outputs.semVer }}. + [View on Docker Hub](https://hub.docker.com/r/usabilitydynamics/udx-worker/tags?page=1&ordering=last_updated). + ${{ needs.docker-release.outputs.changelog }} + draft: false + prerelease: false + files: sbom.json + env: + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}