-
Notifications
You must be signed in to change notification settings - Fork 16
146 lines (126 loc) · 5.81 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: "Release"
on:
workflow_dispatch:
inputs:
version:
description: tag the latest commit on main with the given version (prefixed with v)
required: true
jobs:
quality-gate:
environment: release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b #v4.1.5
- name: Check if tag already exists
# note: this will fail if the tag already exists
run: |
[[ "${{ github.event.inputs.version }}" == v* ]] || (echo "version '${{ github.event.inputs.version }}' does not have a 'v' prefix" && exit 1)
git tag ${{ github.event.inputs.version }}
- name: Check static analysis results
uses: fountainhead/action-wait-for-check@5a908a24814494009c4bb27c242ea38c93c593be #v1.2.0
id: static-analysis
with:
token: ${{ secrets.GITHUB_TOKEN }}
# This check name is defined as the github action job name (in .github/workflows/validations.yaml)
checkName: "Static analysis"
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Check unit test results (go)
uses: fountainhead/action-wait-for-check@5a908a24814494009c4bb27c242ea38c93c593be #v1.2.0
id: unit-go
with:
token: ${{ secrets.GITHUB_TOKEN }}
# This check name is defined as the github action job name (in .github/workflows/validations.yaml)
checkName: "Unit tests (Go)"
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Check unit test results (python)
uses: fountainhead/action-wait-for-check@5a908a24814494009c4bb27c242ea38c93c593be #v1.2.0
id: unit-python
with:
token: ${{ secrets.GITHUB_TOKEN }}
# This check name is defined as the github action job name (in .github/workflows/validations.yaml)
checkName: "Unit tests (Python)"
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Check cli test results (go-linux)
uses: fountainhead/action-wait-for-check@5a908a24814494009c4bb27c242ea38c93c593be #v1.2.0
id: cli-go-linux
with:
token: ${{ secrets.GITHUB_TOKEN }}
# This check name is defined as the github action job name (in .github/workflows/validations.yaml)
checkName: "CLI tests (Go-Linux)"
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Check cli test results (python)
uses: fountainhead/action-wait-for-check@5a908a24814494009c4bb27c242ea38c93c593be #v1.2.0
id: cli-python
with:
token: ${{ secrets.GITHUB_TOKEN }}
# This check name is defined as the github action job name (in .github/workflows/validations.yaml)
checkName: "CLI tests (Python)"
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Quality gate
if: steps.static-analysis.outputs.conclusion != 'success' || steps.unit-go.outputs.conclusion != 'success' || steps.cli-go-linux.outputs.conclusion != 'success' || steps.unit-python.outputs.conclusion != 'success' || steps.cli-python.outputs.conclusion != 'success'
run: |
echo "Static Analysis Status: ${{ steps.static-analysis.conclusion }}"
echo "Go Unit Test Status: ${{ steps.unit-go.outputs.conclusion }}"
echo "Python Unit Test Status: ${{ steps.unit-python.outputs.conclusion }}"
echo "Go CLI Test (Linux) Status: ${{ steps.cli-go-linux.outputs.conclusion }}"
echo "Python CLI Test Status: ${{ steps.cli-python.outputs.conclusion }}"
false
read-schema-versions:
runs-on: ubuntu-20.04
outputs:
schema-versions: ${{ steps.read-schema-versions.outputs.schema-versions }}
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b #v4.1.5
- name: Read supported schema versions
id: read-schema-versions
run: |
content=`cat manager/src/grype_db_manager/data/schema-info.json | jq -c '[.available[] | select(.supported == true) | .schema]'`
echo "schema-versions=$content" >> $GITHUB_OUTPUT
quality-gate-acceptance-test:
needs: read-schema-versions
runs-on: ubuntu-20.04
strategy:
matrix:
schema-version: ${{fromJson(needs.read-schema-versions.outputs.schema-versions)}}
steps:
- name: Check acceptance test results
uses: fountainhead/action-wait-for-check@5a908a24814494009c4bb27c242ea38c93c593be #v1.2.0
id: acceptance
with:
token: ${{ secrets.GITHUB_TOKEN }}
# This check name is defined as the github action job name (in .github/workflows/validations.yaml)
checkName: "Acceptance tests (${{ matrix.schema-version }})"
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Quality gate
if: steps.acceptance.outputs.conclusion != 'success'
run: |
echo "Acceptance Test Status: ${{ steps.acceptance.outputs.conclusion }}"
false
release:
needs:
- quality-gate
- quality-gate-acceptance-test
permissions:
contents: write
packages: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b #v4.1.5
with:
fetch-depth: 0
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
with:
# use the same cache we used for building snapshots
build-cache-key-prefix: "snapshot"
python: false
- name: Tag release
run: |
git tag ${{ github.event.inputs.version }}
git push origin --tags
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Build release artifacts
run: make ci-release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}