Skip to content
CI Builds

Merge pull request #176 from digitalghost-dev/1.5.2 #60

Sign in to view logs

Merge pull request #176 from digitalghost-dev/1.5.2

Merge pull request #176 from digitalghost-dev/1.5.2 #60

Workflow file for this run

.github/workflows/ci.yml at 985d4f7
name: CI Builds
on:
workflow_dispatch:
inputs:
logLevel:
description: 'Log level'
required: true
default: 'warning'
type: choice
options:
- info
push:
paths-ignore:
- 'README.md'
- '.github/**'
- '.dockerignore'
- 'docs/**'
- 'card_data/**'
- '.gitignore'
- 'demo**'
- 'go.mod'
- 'go.sum'
- '.goreleaser.yaml'
- 'mkdocs.yml'
- 'nfpm.yaml'
- 'pokemon.svg'
branches:
- main
env:
VERSION_NUMBER: 'v1.5.2'
DOCKERHUB_REGISTRY_NAME: 'digitalghostdev/poke-cli'
AWS_REGION: 'us-west-2'
permissions:
actions: read
contents: read
id-token: write
security-events: write
jobs:
gosec:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run Gosec Security Scanner
uses: securego/gosec@master
with:
args: '-no-fail -fmt sarif -out results.sarif ./...'
- name: Upload SARIF Report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
build-linux-packages:
runs-on: ubuntu-22.04
needs: [ gosec ]
if: needs.gosec.result == 'success'
strategy:
matrix:
arch: [ amd64, arm64 ]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.24.5'
- name: Build Go Binary
env:
GOOS: linux
GOARCH: ${{ matrix.arch }}
CGO_ENABLED: 0
run: |
go build -ldflags="-s -w -X main.version=${{ env.VERSION_NUMBER }}" -o poke-cli
- name: Install nFPM
run: |
go install github.com/goreleaser/nfpm/v2/cmd/[email protected]
echo "$HOME/go/bin" >> $GITHUB_PATH
- name: Create nFPM Config for Architecture
run: |
# Create architecture-specific config by modifying the base config
sed "s/arch: \"arm64\"/arch: \"${{ matrix.arch }}\"/" nfpm.yaml > nfpm-${{ matrix.arch }}.yaml
- name: Build packages
run: |
# Create output directory
mkdir -p dist
# Build DEB package
nfpm package \
--config nfpm-${{ matrix.arch }}.yaml \
--packager deb \
--target dist/poke-cli_${{ env.VERSION_NUMBER }}_linux_${{ matrix.arch }}.deb
# Build RPM package
nfpm package \
--config nfpm-${{ matrix.arch }}.yaml \
--packager rpm \
--target dist/poke-cli_${{ env.VERSION_NUMBER }}_linux_${{ matrix.arch }}.rpm
# Build APK package
nfpm package \
--config nfpm-${{ matrix.arch }}.yaml \
--packager apk \
--target dist/poke-cli_${{ env.VERSION_NUMBER }}_linux_${{ matrix.arch }}.apk
- name: Upload packages as artifacts
uses: actions/upload-artifact@v4
with:
name: linux-packages-${{ matrix.arch }}
path: dist/*
upload-deb-packages:
runs-on: ubuntu-22.04
needs: [ build-linux-packages ]
if: needs.build-linux-packages.result == 'success'
strategy:
matrix:
arch: [ amd64, arm64 ]
fail-fast: false # Don't cancel other uploads if one fails
steps:
- name: Download package artifact
uses: actions/download-artifact@v4
with:
name: linux-packages-${{ matrix.arch }}
path: packages/
- name: Install Cloudsmith CLI
uses: cloudsmith-io/[email protected]
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
- name: Upload DEB to Cloudsmith
working-directory: packages
run: |
cloudsmith push deb \
digitalghost-dev/poke-cli/debian/trixie \
poke-cli_${{ env.VERSION_NUMBER }}_linux_${{ matrix.arch }}.deb
upload-rpm-packages:
runs-on: ubuntu-22.04
needs: [ build-linux-packages ]
if: needs.build-linux-packages.result == 'success'
strategy:
matrix:
arch: [ amd64, arm64 ]
fail-fast: false
steps:
- name: Download package artifact
uses: actions/download-artifact@v4
with:
name: linux-packages-${{ matrix.arch }}
path: packages/
- name: Install Cloudsmith CLI
uses: cloudsmith-io/[email protected]
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
- name: Upload RPM to Cloudsmith
working-directory: packages
run: |
cloudsmith push rpm \
digitalghost-dev/poke-cli/fedora/42 \
poke-cli_${{ env.VERSION_NUMBER }}_linux_${{ matrix.arch }}.rpm
upload-apk-packages:
runs-on: ubuntu-22.04
needs: [ build-linux-packages ]
if: needs.build-linux-packages.result == 'success'
strategy:
matrix:
arch: [ amd64, arm64 ]
fail-fast: false
steps:
- name: Download package artifact
uses: actions/download-artifact@v4
with:
name: linux-packages-${{ matrix.arch }}
path: packages/
- name: Install Cloudsmith CLI
uses: cloudsmith-io/[email protected]
with:
api-key: ${{ secrets.CLOUDSMITH_API_KEY }}
- name: Upload APK to Cloudsmith
working-directory: packages
run: |
cloudsmith push alpine \
digitalghost-dev/poke-cli/alpine/v3.22 \
poke-cli_${{ env.VERSION_NUMBER }}_linux_${{ matrix.arch }}.apk
upload-summary:
runs-on: ubuntu-22.04
needs: [ upload-deb-packages, upload-rpm-packages, upload-apk-packages ]
if: always()
steps:
- name: Check all Uploads
run: |
echo "DEB uploads: ${{ needs.upload-deb-packages.result }}"
echo "RPM uploads: ${{ needs.upload-rpm-packages.result }}"
echo "APK uploads: ${{ needs.upload-apk-packages.result }}"
if [ "${{ needs.upload-deb-packages.result }}" != "success" ] || \
[ "${{ needs.upload-rpm-packages.result }}" != "success" ] || \
[ "${{ needs.upload-apk-packages.result }}" != "success" ]; then
echo "⚠️ Some uploads failed! ⚠️"
exit 1
fi
echo "✅ All packages uploaded successfully! ✅"
lint-cli-dockerfile:
runs-on: ubuntu-22.04
needs: [ gosec ]
if: needs.gosec.result == 'success'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Lint Dockerfile
uses: 'hadolint/[email protected]'
with:
dockerfile: Dockerfile
failure-threshold: 'error'
build-docs-docker-image:
runs-on: ubuntu-22.04
needs: [ lint-cli-dockerfile ]
if: needs.lint-cli-dockerfile.result == 'success'
steps:
- name: Checkout
uses: actions/checkout@v4
with:
sparse-checkout: |
docs
- name: Set up Docker Buildx
uses: 'docker/[email protected]'
- name: Prepare Docker Build Context
run: |
mkdir docker-context
rsync -av --exclude=docker-context . docker-context/
- name: Build and Export
uses: 'docker/[email protected]'
with:
context: ./docker-context
file: ./docker-context/docs/Dockerfile
tags: docs:latest
outputs: type=docker,dest=/tmp/docs.tar
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: docs
path: /tmp/docs.tar
upload-docs-to-ecr:
runs-on: ubuntu-22.04
needs: [build-docs-docker-image]
if: needs.build-docs-docker-image.result == 'success'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Download Artifact
uses: actions/download-artifact@v4
with:
name: docs
path: /tmp
- name: Load Image
run: docker load -i /tmp/docs.tar
- name: Tag and Push
run: |
docker tag docs:latest ${{ secrets.AWS_DOCS_ECR_NAME }}:latest
docker push ${{ secrets.AWS_DOCS_ECR_NAME }}:latest
build-cli-docker-image:
runs-on: ubuntu-22.04
needs: [gosec]
if: needs.gosec.result == 'success'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: 'docker/[email protected]'
- name: Prepare Docker Build Context
run: |
mkdir docker-context
rsync -av --exclude=docker-context . docker-context/
- name: Build and Export
uses: 'docker/[email protected]'
with:
context: ./docker-context
tags: poke-cli:${{ env.VERSION_NUMBER }}
outputs: type=docker,dest=/tmp/poke-cli.tar
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: poke-cli
path: /tmp/poke-cli.tar
# Uploading to Elastic Container Registry as a backup method.
upload-cli-to-ecr:
runs-on: ubuntu-22.04
needs: [build-cli-docker-image]
if: needs.build-cli-docker-image.result == 'success'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build, tag, and push image to Amazon ECR
run : |
docker build -t poke-cli:${{ env.VERSION_NUMBER }} .
docker tag poke-cli:${{ env.VERSION_NUMBER }} ${{ secrets.AWS_ECR_NAME }}:${{ env.VERSION_NUMBER }}
docker push ${{ secrets.AWS_ECR_NAME }}:${{ env.VERSION_NUMBER }}
syft:
runs-on: ubuntu-22.04
needs: [build-cli-docker-image]
if: needs.build-cli-docker-image.result == 'success'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: 'docker/[email protected]'
- name: Download Artifact
uses: actions/download-artifact@v4
with:
name: poke-cli
path: /tmp
- name: Load Image
run: |
docker load --input /tmp/poke-cli.tar
docker image ls -a
- name: Create and Upload SBOM
uses: anchore/sbom-action@v0
with:
image: poke-cli:${{ env.VERSION_NUMBER }}
format: spdx-json
artifact-name: poke-cli-sbom-${{ env.VERSION_NUMBER }}.spdx.json
output-file: /tmp/poke-cli-sbom-${{ env.VERSION_NUMBER }}.spdx.json
upload-artifact: true
grype:
runs-on: ubuntu-22.04
needs: [syft]
if: needs.syft.result == 'success'
steps:
- name: Download SBOM
uses: actions/download-artifact@v4
with:
name: poke-cli-sbom-${{ env.VERSION_NUMBER }}.spdx.json
path: /tmp
- name: Scan SBOM
uses: anchore/scan-action@v5
id: scan
with:
sbom: /tmp/poke-cli-sbom-${{ env.VERSION_NUMBER }}.spdx.json
fail-build: false
output-format: sarif
severity-cutoff: critical
- name: Upload SARIF Report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
architecture-build:
runs-on: ubuntu-22.04
needs: [gosec]
if: needs.gosec.result == 'success'
strategy:
fail-fast: false
matrix:
platform: [linux/amd64, linux/arm64]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Docker Meta
id: meta
uses: 'docker/[email protected]'
with:
images: ${{ env.DOCKERHUB_REGISTRY_NAME }}
- name: Set up QEMU
uses: 'docker/setup-qemu-action@v3'
- name: Set up Docker Buildx
uses: 'docker/[email protected]'
- name: Login to Docker Hub
uses: 'docker/login-action@v3'
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and Push by Digest
id: build
uses: 'docker/[email protected]'
with:
context: .
platforms: ${{ matrix.platform }}
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,name=${{ env.DOCKERHUB_REGISTRY_NAME }},push-by-digest=true,name-canonical=true,push=true
- name: Export Digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload Digest for AMD64
if: matrix.platform == 'linux/amd64'
uses: actions/upload-artifact@v4
with:
name: digests-amd64
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
- name: Upload Digest for ARM64
if: matrix.platform == 'linux/arm64'
uses: actions/upload-artifact@v4
with:
name: digests-arm64
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
create-manifest-and-push:
runs-on: ubuntu-22.04
needs: [architecture-build]
steps:
- name: Download Digests
uses: actions/download-artifact@v4
with:
pattern: digests-*
path: /tmp/digests
merge-multiple: true
- name: Set up Docker Buildx
uses: 'docker/[email protected]'
- name: Docker meta
id: meta
uses: 'docker/[email protected]'
with:
images: ${{ env.DOCKERHUB_REGISTRY_NAME }}
tags: ${{ env.VERSION_NUMBER }}
- name: Login to Docker Hub
uses: 'docker/login-action@v3'
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Create Manifest List and Push
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.DOCKERHUB_REGISTRY_NAME }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.DOCKERHUB_REGISTRY_NAME }}:${{ steps.meta.outputs.version }}