Skip to content

Release

Release #82

Workflow file for this run

# Terraform Provider release workflow.
name: Release
env:
JFROG_SERVER: eng-generic-scratch-local
JFROG_CLI_BUILD_NAME: ${{ github.repository }}
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
# This GitHub action creates a release when a tag that matches the pattern
# "v*" (e.g. v0.1.0) is created.
on:
push:
tags:
- 'v*'
branches:
- main
workflow_dispatch:
# Releases need permissions to read and write the repository contents.
# GitHub considers creating releases and uploading assets as writing contents.
permissions:
contents: write
jobs:
unit_test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Run unit tests
run: |
cd api/client
go test -race -coverprofile=coverage.txt -v
ls -alt
- name: Run coverage
run: |
go get github.com/boumenot/gocover-cobertura
ls -alt
$GOPATH/bin/gocover-cobertura < api/client/coverage.txt > coverage.xml
sonarqube:
# Sonar scan is not required for dependabot PRs
if: false
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: SonarQube Scan on PR
if: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request' }}
uses: sonarsource/sonarqube-scan-action@master
with:
projectBaseDir: .
args: >
-Dsonar.projectKey=${{ github.event.repository.name }}
-Dsonar.pullrequest.key=${{ github.event.number }}
-Dsonar.pullrequest.branch=${{ github.head_ref }}
-Dsonar.pullrequest.base=${{ github.base_ref }}
# -Dsonar.exclusions=tests/**,*/*_client.py
# -Dsonar.python.coverage.reportPaths=coverage.xml
# -Dsonar.python.version=3.11
env:
SONAR_TOKEN: ${{ env.SONAR_TOKEN }}
SONAR_HOST_URL: https://sonar.dev.beyondtrust.com
- name: SonarQube Scan on branch
if: ${{ github.actor != 'dependabot[bot]' && github.event_name != 'pull_request' }}
uses: sonarsource/sonarqube-scan-action@master
with:
projectBaseDir: .
args: >
-Dsonar.projectKey=${{ github.event.repository.name }}
# -Dsonar.exclusions=tests/**,*/*_client.py,**/utils.py,**/exceptions.py
# -Dsonar.python.coverage.reportPaths=coverage.xml
# -Dsonar.python.version=3.11
env:
SONAR_TOKEN: ${{ env.SONAR_TOKEN }}
SONAR_HOST_URL: https://sonar.dev.beyondtrust.com
- name: SonarQube Quality Gate check
if: ${{ github.actor != 'dependabot[bot]' && inputs.quality_gate_check }}
uses: sonarsource/sonarqube-quality-gate-action@master
timeout-minutes: 5
env:
SONAR_TOKEN: ${{ env.SONAR_TOKEN }}
goreleaser:
if: false
runs-on: ubuntu-latest
needs: sonarqube
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
# Allow goreleaser to access older tag information.
fetch-depth: 0
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: 'go.mod'
cache: true
- name: Jfrog setup
uses: jfrog/setup-jfrog-cli@v3
env:
JF_ENV_1: ${{ secrets.ARTIFACTORY_DEPLOYER }}
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
id: import_gpg
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
# Release the tag into Github. If draft in .goreleaser.yml is on true, not going to auto-publish the build
# It would work only is the is a tag pushed.
- name: Run GoReleaser release
uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
if: startsWith(github.ref, 'refs/tags/')
with:
args: release --clean
env:
# GitHub sets the GITHUB_TOKEN secret automatically.
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
# Builds binaries artifacts.
- name: Run GoReleaser build
uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
if: ${{ !startsWith(github.ref, 'refs/tags/') }}
with:
args: release --snapshot --clean
env:
# GitHub sets the GITHUB_TOKEN secret automatically.
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
- name: Preparing artifacts
run: |
cd dist
mkdir terraform-provider-passwordsafe
mv *.zip terraform-provider-passwordsafe
- name: Send artifacts to Jfrog
run: |
cd dist
jfrog rt u "terraform-provider-passwordsafe/*" ${{ env.JFROG_SERVER}}
- name: Publish Build Information
run: |
jfrog rt build-add-git
jfrog rt build-collect-env
jfrog rt build-publish ${{ env.JFROG_CLI_BUILD_NAME }} ${{ env.JFROG_CLI_BUILD_NUMBER }}
- name: Scan Build
run: jfrog rt build-scan ${{ env.JFROG_CLI_BUILD_NAME }} ${{ env.JFROG_CLI_BUILD_NUMBER }}