name: Release on: push env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} REGISTRY: docker.pkg.github.com IMAGE: zitadel NODE_VERSION: '12' GO_VERSION: '^1.14.1' jobs: angular-test: # will be added later on runs-on: ubuntu-18.04 defaults: run: working-directory: ./console steps: - uses: actions/checkout@v2 - uses: actions/setup-node@v1 with: node-version: ${{ env.NODE_VERSION }} - run: npm ci #- run: npm test - run: echo "replace me with real test" angular-lint: # will be added later on runs-on: ubuntu-18.04 defaults: run: working-directory: ./console steps: - uses: actions/checkout@v2 - uses: actions/setup-node@v1 with: node-version: ${{ env.NODE_VERSION }} - run: npm ci - run: npm run lint angular-build: runs-on: ubuntu-18.04 defaults: run: working-directory: ./console steps: - uses: actions/checkout@v2 - uses: actions/setup-node@v1 with: node-version: ${{ env.NODE_VERSION }} - run: npm ci - run: npm run prodbuild - uses: actions/upload-artifact@v1 with: name: angular path: console/dist/console go-test: runs-on: ubuntu-18.04 steps: - uses: actions/checkout@v2 - uses: actions/setup-go@v2-beta with: go-version: ${{ env.GO_VERSION }} - run: go test -race -v -coverprofile=profile.cov ./... - uses: actions/upload-artifact@v1 with: name: go-coverage path: profile.cov - uses: codecov/codecov-action@v1 with: file: ./profile.cov name: codecov-go go-lint: runs-on: ubuntu-18.04 steps: - uses: actions/checkout@v2 - uses: actions/setup-go@v2-beta with: go-version: ${{ env.GO_VERSION }} - uses: actions/checkout@v2 - run: echo "replace me with real lint" go-build: runs-on: ubuntu-18.04 needs: [angular-build, angular-test, angular-lint, go-test] ### We need the artifact from the angular build and that's why we wait here name: Build ${{ matrix.goos }}-${{ matrix.goarch }} strategy: matrix: goos: [ 'linux', 'darwin', 'windows' ] goarch: ['amd64'] steps: - uses: actions/checkout@v2 - uses: actions/setup-go@v2-beta with: go-version: ${{ env.GO_VERSION }} - uses: actions/download-artifact@v2 with: name: angular path: console/dist/app - run: go get github.com/rakyll/statik - run: ./build/console/generate-static.sh - run: cat pkg/console/statik/statik.go - run: CGO_ENABLED=0 GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} go build -a -installsuffix cgo -ldflags '-extldflags "-static"' -o zitadel-${{ matrix.goos }}-${{ matrix.goarch }} cmd/zitadel/main.go - uses: actions/upload-artifact@v1 with: name: zitadel-${{ matrix.goos }}-${{ matrix.goarch }} path: zitadel-${{ matrix.goos }}-${{ matrix.goarch }} container-prod: runs-on: ubuntu-18.04 needs: go-build steps: - name: Source checkout uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: name: zitadel-linux-amd64 path: .artifacts - uses: docker/build-push-action@v1 with: dockerfile: build/docker/prod username: ${{ github.actor }} password: ${{ github.token }} registry: ${{ env.REGISTRY }} repository: ${{ github.repository }}/${{ env.IMAGE }} tag_with_ref: true tag_with_sha: true container-vulnerability-scan: runs-on: ubuntu-18.04 needs: container-prod steps: - name: Source checkout uses: actions/checkout@v2 - name: Generate Short SHA Container Tag id: vars run: echo "::set-output name=sha_short::SHA-$(git rev-parse --short HEAD)" - name: Check outputs run: echo ${{ steps.vars.outputs.sha_short }} - name: Docker Login run: docker login $REGISTRY -u $GITHUB_ACTOR -p $GITHUB_TOKEN - uses: anchore/scan-action@master with: image-reference: "${{ env.REGISTRY }}/${{ github.repository }}/${{ env.IMAGE }}:${{ steps.vars.outputs.sha_short }}" dockerfile-path: "./build/docker/prod" fail-build: false - name: anchore inline scan JSON results run: for j in `ls ./anchore-reports/*.json`; do echo "---- ${j} ----"; cat ${j}; echo; done - uses: actions/upload-artifact@v1 with: name: anchore-reports path: ./anchore-reports/ container-test: runs-on: ubuntu-18.04 needs: container-prod steps: - name: Source checkout uses: actions/checkout@v2 - name: Generate Short SHA Container Tag id: vars run: echo "::set-output name=sha_short::SHA-$(git rev-parse --short HEAD)" - name: Check outputs run: echo ${{ steps.vars.outputs.sha_short }} - name: Docker Login run: docker login $REGISTRY -u $GITHUB_ACTOR -p $GITHUB_TOKEN - name: Docker Run Test run: echo "replace me with real test" release: runs-on: ubuntu-18.04 needs: [container-prod, container-test] env: DOCKER_USERNAME: ${{ github.actor }} DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }} steps: - name: Source checkout uses: actions/checkout@v2 - name: Generate Short SHA Container Tag id: vars run: echo "::set-output name=sha_short::SHA-$(git rev-parse --short HEAD)" - uses: actions/download-artifact@v2 with: path: .artifacts - name: Display structure of downloaded files run: ls -R working-directory: .artifacts - name: Docker Login run: docker login $REGISTRY -u $GITHUB_ACTOR -p $GITHUB_TOKEN - name: Docker Pull short-sha run: docker pull $REGISTRY/$GITHUB_REPOSITORY/$IMAGE:${{ steps.vars.outputs.sha_short }} - name: Semantic Release uses: cycjimmy/semantic-release-action@v2 with: dry_run: false semantic_version: 17.0.4 extra_plugins: | @semantic-release/exec@5.0.0 - name: Docker Tag Version run: docker tag $REGISTRY/$GITHUB_REPOSITORY/$IMAGE:${{ steps.vars.outputs.sha_short }} $REGISTRY/$GITHUB_REPOSITORY/$IMAGE:$CAOS_NEXT_VERSION if: env.CAOS_NEXT_VERSION != '' - name: Docker Tag Latest run: docker tag $REGISTRY/$GITHUB_REPOSITORY/$IMAGE:${{ steps.vars.outputs.sha_short }} $REGISTRY/$GITHUB_REPOSITORY/$IMAGE:latest if: env.CAOS_NEXT_VERSION != '' - name: Docker Push Version run: docker push $REGISTRY/$GITHUB_REPOSITORY/$IMAGE:$CAOS_NEXT_VERSION if: env.CAOS_NEXT_VERSION != '' - name: Docker Push Latest run: docker push $REGISTRY/$GITHUB_REPOSITORY/$IMAGE:latest if: env.CAOS_NEXT_VERSION != ''