Skip to content

Commit

Permalink
release: chore - add new release workflow using magefiles (#453)
Browse files Browse the repository at this point in the history 
This commit  updates the platform actual version in all dependent  files, add a new release process  with two new files and one refactor and the usage of magefile project https://magefile.org/.

In the magefile part added some privates commands in deployments/mage and imported some from horusec-devkit mageutils pkg

New files are release-beta.yml and release-rc.yml and refactor was made to release.yml

Signed-off-by: Ian Cardoso <[email protected]>
  • Loading branch information
@iancardosozup
iancardosozup authored Dec 8, 2021
1 parent 3bac6f0 commit 3ba8243
Show file tree
Hide file tree
Showing 9 changed files with 1,233 additions and 426 deletions.
174 changes: 174 additions & 0 deletions .github/workflows/release-beta.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,174 @@
# Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: release-beta

on:
workflow_dispatch:
inputs:
releaseType:
description: 'Release type: M (Major); m (Minor); p (Path)'
required: true

permissions: read-all
jobs:
beta:
permissions:
contents: write
packages: write
env:
COSIGN_KEY_LOCATION: /tmp/cosign.key
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
runs-on: ubuntu-latest

steps:
- name: Set up nodejs
uses: actions/setup-node@v2
with:
node-version: 12
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0

- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.17

- name: Docker Login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Cosign Installer
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.2.0'

- name: Install Mage
run: |
cd deployments/mage/ && go run mage.go -compile ../../mage
- name: Git config
run: |
./mage -v defaultGitConfig
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true

- name: Install cosign private key
run: |
./mage -v writeCosignKeyToFile
env:
COSIGN_KEY: ${{secrets.COSIGN_KEY}}

- name: Version increment
id: updated-version
run: |
./mage -v upVersions ${{ github.event.inputs.releaseType }}
env:
HORUSEC_REPOSITORY_ORG: ${{ github.repository_owner }}
HORUSEC_REPOSITORY_NAME: ${{ github.event.repository.name }}

- name: Checkout release candidate branch
run: |
./mage -v checkoutReleaseBranch ${{ steps.updated-version.outputs.nextReleaseBranchName }}
- name: Create local tag
run: |
./mage -v createLocalTag ${{ steps.updated-version.outputs.nextBetaVersion }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
distribution: goreleaser
version: latest
args: release --rm-dist --skip-publish
env:
COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.nextBetaVersion }}

- name: Push go projects to dockerhub
run: |
./mage -v dockerPushPlatformGoProjects ${{ steps.updated-version.outputs.nextBetaVersion }}
- name: Sign go projects in dockerhub
env:
COSIGN_KEY: ${{secrets.COSIGN_KEY}}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
run: |
./mage -v dockerSignPlatformGoProjects ${{ steps.updated-version.outputs.nextBetaVersion }}
- name: "Docker meta"
uses: docker/metadata-action@v3
id: meta
env:
RELEASE_VERSION: ${{ steps.updated-version.outputs.nextBetaVersion }}
with:
images: |
horuszup/horusec-manager
tags: |
type=semver,prefix=v,pattern={{version}},value=${{ env.RELEASE_VERSION }}
type=semver,prefix=v,pattern={{major}}.{{minor}},value=${{ env.RELEASE_VERSION }}
type=semver,prefix=v,pattern={{major}},value=${{ env.RELEASE_VERSION }}
- name: "Build and push manager"
uses: docker/build-push-action@v2
with:
push: true
context: ./manager
file: ./manager/deployments/dockerfiles/Dockerfile
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

- name: Sign image
run: |
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-manager:${{ steps.updated-version.outputs.nextBetaVersion }}
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}

- name: Push updates
run: |
./mage -v gitPushAll
- name: Update release
uses: meeDamian/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ steps.updated-version.outputs.nextBetaVersion }}
name: ${{ steps.updated-version.outputs.nextBetaVersion }}
draft: true
prerelease: false
commitish: ${{ github.sha }}
gzip: false
allow_override: false
body: |
## Docker images
- `docker pull horuszup/horusec-analytic:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-api:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-auth:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-core:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-manager:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-messages:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-migrations:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-vulnerability:${{ steps.updated-version.outputs.nextBetaVersion }}`
- `docker pull horuszup/horusec-webhook:${{ steps.updated-version.outputs.nextBetaVersion }}`
130 changes: 81 additions & 49 deletions .github/workflows/new-release.yml → .github/workflows/release-rc.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

name: New-Release
name: release-rc

on:
workflow_dispatch:
Expand All @@ -23,33 +23,48 @@ on:

permissions: read-all
jobs:
release:
rc:
permissions:
contents: write
packages: write
env:
COSIGN_KEY_LOCATION: "/tmp/cosign.key"
COSIGN_KEY_LOCATION: /tmp/cosign.key
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
runs-on: ubuntu-latest

steps:
- name: Set up nodejs
uses: actions/setup-node@v2
with:
node-version: 12
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
token: ${{ secrets.HORUSEC_PUSH_TOKEN }}

- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.17
- name: Set up nodejs
uses: actions/setup-node@v2
with:
node-version: 12
- name: "Login to DockerHub"

- name: Docker Login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Cosign Installer
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.2.0'

- name: Install Mage
run: |
cd deployments/mage/ && go run mage.go -compile ../../mage
- name: Git config
run: |
./mage -v defaultGitConfig
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v4
with:
Expand All @@ -58,58 +73,56 @@ jobs:
git_user_signingkey: true
git_commit_gpgsign: true

- name: Version increment
id: updated-version
- name: Install cosign private key
run: |
curl https://raw.githubusercontent.com/ZupIT/horusec-devkit/main/scripts/semver.sh -o /tmp/semver.sh
chmod +x /tmp/semver.sh
/tmp/semver.sh -${{ github.event.inputs.releaseType }} ${{ github.event.repository.full_name }}
- uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.2.0'
- name: install cosign private key
run: 'echo "$COSIGN_KEY" > $COSIGN_KEY_LOCATION'
shell: bash
./mage -v writeCosignKeyToFile
env:
COSIGN_KEY: ${{secrets.COSIGN_KEY}}
- name: Update versions on package.json

- name: Version increment
id: updated-version
run: |
npm install -g json
json -I -f ./manager/package.json -e 'this.version="${{ steps.updated-version.outputs.strippedVersion }}"'
- name: Update versions on rest of the project
./mage -v upVersions ${{ github.event.inputs.releaseType }}
env:
HORUSEC_REPOSITORY_ORG: ${{ github.repository_owner }}
HORUSEC_REPOSITORY_NAME: ${{ github.event.repository.name }}

- name: Checkout release candidate branch
run: |
find . -type f -not -path "./.git/*" -not -path "./Makefile" -not -path "./manager/cypress/*" -not -path "./manager/cypress/*" -not -name "*.sum" -not -name "*.mod"|
xargs sed -i "s/${{ steps.updated-version.outputs.actualVersion }}/${{ steps.updated-version.outputs.version }}/g"
- name: Commit changes
uses: EndBug/[email protected]
with:
push: false
signoff: true
author_name: Horusec
author_email: [email protected]
committer_name: Horusec
committer_email: [email protected]
- name: Create tag
./mage -v checkoutReleaseBranch ${{ steps.updated-version.outputs.nextReleaseBranchName }}
- name: Create local tag
run: |
git tag ${{ steps.updated-version.outputs.version }}
sleep 5
./mage -v createLocalTag ${{ steps.updated-version.outputs.nextRcVersion }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
distribution: goreleaser
version: latest
args: release --rm-dist
args: release --rm-dist --skip-publish
env:
COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.version }}
GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.nextRcVersion }}

- name: Push go projects to dockerhub
run: |
./mage -v dockerPushPlatformGoProjects ${{ steps.updated-version.outputs.nextRcVersion }}
- name: Sign go projects in dockerhub
env:
COSIGN_KEY: ${{secrets.COSIGN_KEY}}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
run: |
./mage -v dockerSignPlatformGoProjects ${{ steps.updated-version.outputs.nextRcVersion }}
- name: "Docker meta"
uses: docker/metadata-action@v3
id: meta
env:
RELEASE_VERSION: ${{ steps.updated-version.outputs.version }}
RELEASE_VERSION: ${{ steps.updated-version.outputs.nextRcVersion }}
with:
images: |
horuszup/horusec-manager
Expand All @@ -126,17 +139,36 @@ jobs:
file: ./manager/deployments/dockerfiles/Dockerfile
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

- name: Sign image
run: |
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-manager:latest
cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-manager:${{ steps.updated-version.outputs.nextRcVersion }}
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}

- name: Push tag
run: |
git push origin ${{ steps.updated-version.outputs.version }}
- name: Create release branch
if: github.event.inputs.releaseType != 'p'
- name: Push updates
run: |
git branch ${{ steps.updated-version.outputs.releaseBranchName }}
git push origin ${{ steps.updated-version.outputs.releaseBranchName }}
./mage -v gitPushAll
- name: Update release
uses: meeDamian/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ steps.updated-version.outputs.nextRcVersion }}
name: ${{ steps.updated-version.outputs.nextRcVersion }}
draft: true
prerelease: false
commitish: ${{ github.sha }}
gzip: false
allow_override: false
body: |
## Docker images
- `docker pull horuszup/horusec-analytic:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-api:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-auth:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-core:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-manager:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-messages:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-migrations:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-vulnerability:${{ steps.updated-version.outputs.nextRcVersion }}`
- `docker pull horuszup/horusec-webhook:${{ steps.updated-version.outputs.nextRcVersion }}`
Loading

0 comments on commit 3ba8243

Please sign in to comment.