Restore S3 workflow

splitio · Nov 25, 2024 · 355999c · 355999c
1 parent 03b79ed
commit 355999c
Show file tree

Hide file tree

Showing 4 changed files with 95 additions and 18 deletions.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -36,25 +36,31 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
+      - name: Login to Dockerhub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_RO_TOKEN }}
+
       - name: Login to Artifactory
         if: ${{ github.event_name == 'push' }}
         uses: docker/login-action@v3
         with:
-          registry: splitio-docker.jfrog.io
-          username: ${{ secrets.ARTIFACTORY_DOCKER_USER }}
+          registry: ${{ vars.ARTIFACTORY_DOCKER_REGISTRY }}
+          username: ${{ vars.ARTIFACTORY_DOCKER_USER }}
           password: ${{ secrets.ARTIFACTORY_DOCKER_PASS }}
 
       - name: Get version
         run: echo "VERSION=$(awk '/^const Version/{gsub(/"/, "", $4); print $4}' splitio/version.go)" >> $GITHUB_ENV
 
       - name: Docker Build and Push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: docker/Dockerfile.${{ matrix.app }}
           push: ${{ github.event_name == 'push' }}
           platforms: linux/amd64,linux/arm64
-          tags: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}:${{ env.VERSION }},splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || '' }}:latest
+          tags: ${{ vars.ARTIFACTORY_DOCKER_REGISTRY }}/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}:${{ env.VERSION }},${{ vars.ARTIFACTORY_DOCKER_REGISTRY }}/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || '' }}:latest
           build-args: |
             FIPS_MODE=${{ matrix.fips_mode }}
 
@@ -77,21 +83,28 @@ jobs:
       - name: Get version
         run: echo "VERSION=$(awk '/^const Version/{gsub(/"/, "", $4); print $4}' splitio/version.go)" >> $GITHUB_ENV
 
+      - name: Login to Dockerhub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_RO_TOKEN }}
+
       - name: Docker Build and Push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: docker/Dockerfile.${{ matrix.app }}
           push: false
-          tags: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}:${{ env.VERSION }}
+          tags: ${{ vars.ARTIFACTORY_DOCKER_REGISTRY }}/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}:${{ env.VERSION }}
           build-args: |
             FIPS_MODE=${{ matrix.fips_mode }}
 
       - name: Scan container using Lacework
-        uses: lacework/[email protected].1
+        uses: lacework/[email protected].3
         with:
-          LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }}
+          LW_ACCOUNT_NAME: ${{ vars.LW_ACCOUNT_NAME }}
           LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }}
-          IMAGE_NAME: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}
+          IMAGE_NAME: ${{ vars.ARTIFACTORY_DOCKER_REGISTRY }}/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}
           IMAGE_TAG: ${{ env.VERSION }}
           SAVE_RESULTS_IN_LACEWORK: true
+          RESULTS_IN_GITHUB_SUMMARY: true
diff --git a/.github/workflows/s3.yml b/.github/workflows/s3.yml
@@ -0,0 +1,46 @@
+name: cd
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  build-publish:
+    name: Build and publish to S3
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '^1.13.1'
+
+      - name: Create build folder
+        run: mkdir -p build
+
+      - name: Execute build
+        run: make release_assets
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::825951051969:role/gha-downloads-role
+          aws-region: us-east-1
+
+      - name: Deploy to S3
+        run: aws s3 sync $SOURCE_DIR s3://$BUCKET
+        env:
+          BUCKET: downloads.split.io
+          SOURCE_DIR: ./build
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -1,6 +1,9 @@
 name: test
 
 on:
+  push:
+    branches:
+      - master
   pull_request:
     branches-ignore:
       - none
@@ -12,6 +15,9 @@ jobs:
     services:
       redis:
         image: redis
+        credentials:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_RO_TOKEN }}
         ports:
           - 6379:6379
     steps:
@@ -31,14 +37,9 @@ jobs:
       - name: Run test
         run: make test_coverage
 
-      - name: Create build folder
-        run: mkdir -p build
-
-      - name: Build assets
-        run: make release_assets
-
       - name: SonarQube Scan (Pull Request)
-        uses: SonarSource/sonarcloud-github-action@v2
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: SonarSource/sonarcloud-github-action@v3
         env:
           SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
         with:
@@ -49,3 +50,14 @@ jobs:
             -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
             -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }}
             -Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }}
+
+      - name: SonarQube Scan (Push)
+        if: ${{ github.event_name == 'push' }}
+        uses: SonarSource/sonarcloud-github-action@v3
+        env:
+          SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+        with:
+          projectBaseDir: .
+          args: >
+            -Dsonar.host.url=${{ secrets.SONARQUBE_HOST }}
+            -Dsonar.projectVersion=${{ env.VERSION }}
diff --git a/.github/workflows/unstable.yml b/.github/workflows/unstable.yml
@@ -29,18 +29,24 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
+      - name: Login to Dockerhub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_RO_TOKEN }}
+
       - name: Login to Artifactory
         uses: docker/login-action@v3
         with:
           registry: splitio-docker-dev.jfrog.io
-          username: ${{ secrets.ARTIFACTORY_DOCKER_USER }}
+          username: ${{ vars.ARTIFACTORY_DOCKER_USER }}
           password: ${{ secrets.ARTIFACTORY_DOCKER_PASS }}
 
       - name: Get short hash
         run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
 
       - name: Docker Build and Push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: docker/Dockerfile.${{ matrix.app }}