Skip to content
Release

12.1.0.3225_8.0.1 #62

Sign in to view logs

12.1.0.3225_8.0.1

12.1.0.3225_8.0.1 #62

Workflow file for this run

.github/workflows/release.yml at e6c74b3
name: Release
on:
release:
types:
- published
jobs:
release:
runs-on: github-ubuntu-latest-s
name: Start release process
permissions:
contents: write
id-token: write
steps:
- id: secrets
uses: SonarSource/vault-action-wrapper@v3
with:
secrets: |
development/kv/data/sign key | gpg_key;
development/kv/data/sign passphrase | gpg_passphrase;
development/kv/data/docker/sonardockerrw access_token_rwd | docker_access_token;
development/kv/data/docker/sonardockerrw username | docker_username;
development/artifactory/token/{REPO_OWNER_NAME_DASH}-docker-release username | repox_username;
development/artifactory/token/{REPO_OWNER_NAME_DASH}-docker-release access_token | repox_access_token;
development/kv/data/slack webhook | slack_webhook;
- name: Get the version
id: get_version
run: |
full_image_tag=${{ github.event.release.tag_name }}
if [[ ! ${full_image_tag} =~ ^[1-9][0-9]+.[0-9]+.[0-9]+.[0-9]+_[0-9]+.[0-9]+.[0-9]+ ]]; then
echo "The release tag should be in the format of {major}.{minor}.{patch}.{buildnumber}_{scanner_major}.{scanner_minor}.{scanner_patch} but it was ${full_image_tag}"
exit 1
fi
IFS=. read docker_major docker_minor docker_patch build_and_scanner <<<"${full_image_tag}"
IFS=_ read buildnumber scanner_version <<<"${build_and_scanner}"
echo "major_version=${docker_major}" >> $GITHUB_OUTPUT
echo "major_minor=${docker_major}.${docker_minor}" >> $GITHUB_OUTPUT
echo "full_image_tag=${full_image_tag}" >> $GITHUB_OUTPUT
echo "buildnumber=${buildnumber}" >> $GITHUB_OUTPUT
shell: bash
- uses: actions/checkout@v2
with:
ref: ${{ github.event.release.tag_name }}
- uses: actions/checkout@v2
with:
repository: SonarSource/sonar-scanning-examples
path: target_repository
- name: Pull staged image
run: |
docker login repox-sonarsource-docker-builds.jfrog.io --username ${{ fromJSON(steps.secrets.outputs.vault).repox_username }} --password-stdin <<< "${{ fromJSON(steps.secrets.outputs.vault).repox_access_token }}"
docker pull "repox-sonarsource-docker-builds.jfrog.io/sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.buildnumber }}"
- name: Generate CycloneDX SBOM
uses: SonarSource/gh-action_sbom@v3
with:
image: "repox-sonarsource-docker-builds.jfrog.io/sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.buildnumber }}"
filename: "sonar-scanner-cli-docker-${{ steps.get_version.outputs.full_image_tag }}-bom.json"
upload-artifact: true
upload-release-assets: true
env:
GPG_PRIVATE_KEY_PASSPHRASE: ${{ fromJSON(steps.secrets.outputs.vault).gpg_passphrase }}
GPG_PRIVATE_KEY_BASE64: ${{ fromJSON(steps.secrets.outputs.vault).gpg_key }}
- name: Promote the staged build
env:
ARTIFACTORY_URL: https://repox.jfrog.io/repox
run: |
source_repo_key=sonarsource-docker-builds
target_repo_key=sonarsource-docker-releases
docker_image=sonarsource/sonar-scanner-cli
buildnumber=${{ steps.get_version.outputs.buildnumber }}
full_image_tag=${{ github.event.release.tag_name }}
DATA_JSON="{ \"targetRepo\": \"${target_repo_key}\", \"dockerRepository\": \"${docker_image}\", \"tag\": \"${buildnumber}\", \"targetTag\": \"${full_image_tag}\", \"copy\": true }"
HTTP_CODE=$(curl -s -o /dev/null -w %{http_code} -H "Content-Type: application/json" -H "Authorization: Bearer ${{ fromJSON(steps.secrets.outputs.vault).repox_access_token }}" -X POST "$ARTIFACTORY_URL/api/docker/$source_repo_key/v2/promote" --data "$DATA_JSON")
if [ "$HTTP_CODE" != "200" ]; then
echo "Cannot promote ${docker_image}#${full_image_tag}: ($HTTP_CODE)"
exit 1
else
echo "${docker_image}#${full_image_tag} promoted to ${target_repo_key}"
fi
- name: Push image to Docker Hub
run: |
buildnumber=${{ steps.get_version.outputs.buildnumber }}
docker tag "repox-sonarsource-docker-builds.jfrog.io/sonarsource/sonar-scanner-cli:${buildnumber}" "sonarsource/sonar-scanner-cli:latest"
docker tag "repox-sonarsource-docker-builds.jfrog.io/sonarsource/sonar-scanner-cli:${buildnumber}" "sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_version }}"
docker tag "repox-sonarsource-docker-builds.jfrog.io/sonarsource/sonar-scanner-cli:${buildnumber}" "sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor }}"
docker tag "repox-sonarsource-docker-builds.jfrog.io/sonarsource/sonar-scanner-cli:${buildnumber}" "sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.full_image_tag }}"
docker login --username ${{ fromJSON(steps.secrets.outputs.vault).docker_username }} --password-stdin <<< "${{ fromJSON(steps.secrets.outputs.vault).docker_access_token }}"
docker push sonarsource/sonar-scanner-cli:latest
docker push sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_version }}
docker push sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.major_minor }}
docker push sonarsource/sonar-scanner-cli:${{ steps.get_version.outputs.full_image_tag }}
- name: Notify success on Slack
uses: slackapi/slack-github-action@v2.0.0
with:
webhook: ${{ fromJSON(steps.secrets.outputs.vault).slack_webhook }}
webhook-type: incoming-webhook
payload: |
{
"channel": "ops-analysis-experience",
"attachments": [
{
"color": "#00ff00",
"text": "Release `${{ github.event.release.tag_name }}` successful for `${{ github.repository }}` by `${{ github.actor }}`.\n <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Link to workflow run>"
}
]
}
- name: Notify failures on Slack
uses: slackapi/slack-github-action@v2.0.0
if: failure()
with:
webhook: ${{ fromJSON(steps.secrets.outputs.vault).slack_webhook }}
webhook-type: incoming-webhook
payload: |
{
"channel": "ops-analysis-experience",
"attachments": [
{
"color": "#ff0000",
"text": "Release `${{ github.event.release.tag_name }}` failed for `${{ github.repository }}` by `${{ github.actor }}`.\n <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Link to workflow run>"
}
]
}