chore: improve workflows (#17)

* chore: remove chart release workflow * chore: change to unpinned tag 'main' * chore: improve release workflow * change to appVersion instead of chart version for image build * create tag only once all images are built and increase job permission --------- Reviewed-By: Phil Schneider <[email protected]>
Phil91 · Apr 2, 2024 · 26bc00c · 26bc00c
1 parent f4f69b1
commit 26bc00c
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 103 deletions.
diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml
diff --git a/.github/workflows/migrations-docker.yml b/.github/workflows/migrations-docker.yml
@@ -69,7 +69,7 @@ jobs:
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
-            type=raw,value=dev
+            type=raw,value=main
             type=raw,value=${{ github.sha }}
 
       - name: Build and push Docker image

diff --git a/.github/workflows/processes-worker-docker.yml b/.github/workflows/processes-worker-docker.yml
@@ -68,7 +68,7 @@ jobs:
         with:
           images: ${{ env.REGISTRY}}/${{ env.IMAGE_NAME }}
           tags: |
-            type=raw,value=dev
+            type=raw,value=main
             type=raw,value=${{ github.sha }}
 
       - name: Build and push Docker image

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -74,23 +74,25 @@ jobs:
             dockerfile: docker/Dockerfile-dim-migrations
           - image: ghcr.io/${{ github.repository }}_dim-processes-worker
             dockerfile: docker/Dockerfile-dim-processes-worker
+    outputs:
+      app-version: ${{ steps.app-version.outputs.current }}
     steps:
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
 
-      - name: Get current helm chart version
-        id: chart-version
+      - name: Get current appVersion
+        id: app-version
         run: |
-          current=$(cat ./charts/dim/Chart.yaml | grep "version:" | head -1 | cut -d ":" -d " " -f2)
+          current=$(cat ./charts/dim/Chart.yaml | grep "appVersion:" | head -1 | cut -d ":" -d " " -f2)
           echo "current=$current" >> $GITHUB_OUTPUT
-          echo "Exported $current helm chart version"
+          echo "Exported $current appVersion"
 
       - name: Check for previous version
         id: version-check
         run: |
-          exists=$(git tag -l "v${{ steps.chart-version.outputs.current }}")
+          exists=$(git tag -l "v${{ steps.app-version.outputs.current }}")
           if [[ -n "$exists" ]]; then
             echo "exists=true" >> $GITHUB_OUTPUT
           else
@@ -125,9 +127,9 @@ jobs:
              type=ref,event=branch
              type=ref,event=pr
              type=raw,value=latest
-             type=semver,pattern={{version}},value=${{ steps.chart-version.outputs.current }}
-             type=semver,pattern={{major}},value=${{ steps.chart-version.outputs.current }}
-             type=semver,pattern={{major}}.{{minor}},value=${{ steps.chart-version.outputs.current }}
+             type=semver,pattern={{version}},value=${{ steps.app-version.outputs.current }}
+             type=semver,pattern={{major}},value=${{ steps.app-version.outputs.current }}
+             type=semver,pattern={{major}}.{{minor}},value=${{ steps.app-version.outputs.current }}
         if: steps.version-check.outputs.exists == 'false'
 
       - name: Build and push Docker images
@@ -142,8 +144,13 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
         if: steps.version-check.outputs.exists == 'false'
 
+  create-tag:
+    needs: release-images
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
       - name: Create and push git tag
         run: |
-          git tag v${{ steps.chart-version.outputs.current }}
-          git push origin v${{ steps.chart-version.outputs.current }}
-        if: steps.version-check.outputs.exists == 'false'
+          git tag v${{ needs.release-images.outputs.app-version }}
+          git push origin v${{ needs.release-images.outputs.app-version }}
diff --git a/.github/workflows/service-docker.yml b/.github/workflows/service-docker.yml
@@ -68,7 +68,7 @@ jobs:
         with:
           images: ${{ env.REGISTRY}}/${{ env.IMAGE_NAME }}
           tags: |
-            type=raw,value=dev
+            type=raw,value=main
             type=raw,value=${{ github.sha }}
 
       - name: Build and push Docker image

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -93,7 +93,7 @@ jobs:
         uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
         with:
           # Path to Docker image
-          image-ref: "${{ env.REGISTRY}}/${{ env.IMAGE_NAME_SERVICE}}:dev"
+          image-ref: "${{ env.REGISTRY}}/${{ env.IMAGE_NAME_SERVICE}}:main"
           format: "sarif"
           output: "trivy-results2.sarif"
           vuln-type: "os,library"
@@ -125,7 +125,7 @@ jobs:
         uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
         with:
           # Path to Docker image
-          image-ref: "${{ env.REGISTRY}}/${{ env.IMAGE_NAME_MIGRATIONS}}:dev"
+          image-ref: "${{ env.REGISTRY}}/${{ env.IMAGE_NAME_MIGRATIONS}}:main"
           format: "sarif"
           output: "trivy-results3.sarif"
           vuln-type: "os,library"
@@ -157,7 +157,7 @@ jobs:
         uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
         with:
           # Path to Docker image
-          image-ref: "${{ env.REGISTRY}}/${{ env.IMAGE_NAME_WORKER}}:dev"
+          image-ref: "${{ env.REGISTRY}}/${{ env.IMAGE_NAME_WORKER}}:main"
           format: "sarif"
           output: "trivy-results4.sarif"
           vuln-type: "os,library"