name: Release on: push env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} REGISTRY: docker.pkg.github.com IMAGE: zitadel NODE_VERSION: '12' GO_VERSION: '^1.14.1' jobs: ## Angular test, will be added later angular-lint: runs-on: ubuntu-18.04 defaults: run: working-directory: ./console steps: - uses: actions/checkout@v2 - name: Install Protoc uses: arduino/setup-protoc@master with: version: '3.x' - run: wget -O protoc-gen-grpc-web https://github.com/grpc/grpc-web/releases/download/1.2.0/protoc-gen-grpc-web-1.2.0-linux-x86_64 - run: sudo mv protoc-gen-grpc-web /usr/local/bin/protoc-gen-grpc-web - run: sudo chmod +x /usr/local/bin/protoc-gen-grpc-web - uses: actions/checkout@v2 - uses: actions/setup-node@v1 with: node-version: ${{ env.NODE_VERSION }} - run: npm ci - run: npm run lint angular-build: runs-on: ubuntu-18.04 defaults: run: working-directory: ./console steps: - uses: actions/checkout@v2 - name: Install Protoc uses: arduino/setup-protoc@master with: version: '3.x' - run: wget -O protoc-gen-grpc-web https://github.com/grpc/grpc-web/releases/download/1.2.0/protoc-gen-grpc-web-1.2.0-linux-x86_64 - run: sudo mv protoc-gen-grpc-web /usr/local/bin/protoc-gen-grpc-web - run: sudo chmod +x /usr/local/bin/protoc-gen-grpc-web - uses: actions/setup-node@v1 with: node-version: ${{ env.NODE_VERSION }} - run: npm ci - run: npm run prodbuild - uses: actions/upload-artifact@v1 with: name: angular path: console/dist/console go-test: runs-on: ubuntu-18.04 steps: - uses: actions/checkout@v2 - uses: actions/setup-go@v2-beta with: go-version: ${{ env.GO_VERSION }} - run: go test -race -v -coverprofile=profile.cov ./... - uses: actions/upload-artifact@v1 with: name: go-coverage path: profile.cov - uses: codecov/codecov-action@v1 with: file: ./profile.cov name: codecov-go ## go lint, will be added later go-build: runs-on: ubuntu-18.04 needs: [angular-build, angular-lint, go-test] ### We need the artifact from the angular build and that's why we wait here name: Build ${{ matrix.goos }}-${{ matrix.goarch }} strategy: matrix: goos: [ 'linux', 'darwin', 'windows' ] goarch: ['amd64'] steps: - uses: actions/checkout@v2 - uses: actions/setup-go@v2-beta with: go-version: ${{ env.GO_VERSION }} - uses: actions/download-artifact@v2 with: name: angular path: console/dist/console - run: go get github.com/rakyll/statik - run: ./build/console/generate-static.sh - run: cat internal/ui/console/statik/statik.go - run: ./build/login/generate-static.sh - run: cat internal/ui/login/statik/statik.go - run: ./build/notification/generate-static.sh - run: cat internal/notification/statik/statik.go - run: ./build/zitadel/generate-static.sh - run: cat internal/statik/statik.go - run: CGO_ENABLED=0 GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} go build -a -installsuffix cgo -ldflags '-extldflags "-static"' -o zitadel-${{ matrix.goos }}-${{ matrix.goarch }} cmd/zitadel/main.go - uses: actions/upload-artifact@v1 with: name: zitadel-${{ matrix.goos }}-${{ matrix.goarch }} path: zitadel-${{ matrix.goos }}-${{ matrix.goarch }} container-prod: runs-on: ubuntu-18.04 needs: go-build steps: - name: Source checkout uses: actions/checkout@v2 - uses: actions/download-artifact@v2 with: name: zitadel-linux-amd64 path: .artifacts - uses: docker/build-push-action@v1 with: dockerfile: build/docker/Dockerfile username: ${{ github.actor }} password: ${{ github.token }} registry: ${{ env.REGISTRY }} repository: ${{ github.repository }}/${{ env.IMAGE }} tag_with_ref: true tag_with_sha: true container-vulnerability-scan: runs-on: ubuntu-18.04 needs: container-prod steps: - name: Source checkout uses: actions/checkout@v2 - name: Generate Short SHA Container Tag id: vars run: echo "::set-output name=sha_short::SHA-$(git rev-parse --short HEAD)" - name: Check outputs run: echo ${{ steps.vars.outputs.sha_short }} - name: Docker Login run: docker login $REGISTRY -u $GITHUB_ACTOR -p $GITHUB_TOKEN - uses: anchore/scan-action@master with: image-reference: "${{ env.REGISTRY }}/${{ github.repository }}/${{ env.IMAGE }}:${{ steps.vars.outputs.sha_short }}" dockerfile-path: "./build/docker/Dockerfile" fail-build: false acs-report-enable: true - name: Upload Anchore Scan Report uses: github/codeql-action/upload-sarif@v1 with: sarif_file: results.sarif release: runs-on: ubuntu-18.04 needs: [container-prod] env: DOCKER_USERNAME: ${{ github.actor }} DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }} steps: - name: Source checkout uses: actions/checkout@v2 - name: Generate Short SHA Container Tag id: vars run: echo "::set-output name=sha_short::SHA-$(git rev-parse --short HEAD)" - uses: actions/download-artifact@v2 with: path: .artifacts - name: Display structure of downloaded files run: ls -R working-directory: .artifacts - name: Docker Login run: docker login $REGISTRY -u $GITHUB_ACTOR -p $GITHUB_TOKEN - name: Docker Pull short-sha run: docker pull $REGISTRY/$GITHUB_REPOSITORY/$IMAGE:${{ steps.vars.outputs.sha_short }} - name: Semantic Release uses: cycjimmy/semantic-release-action@v2 with: dry_run: false semantic_version: 17.0.4 extra_plugins: | @semantic-release/exec@5.0.0 - name: Docker Tag Version run: docker tag $REGISTRY/$GITHUB_REPOSITORY/$IMAGE:${{ steps.vars.outputs.sha_short }} $REGISTRY/$GITHUB_REPOSITORY/$IMAGE:$CAOS_NEXT_VERSION if: env.CAOS_NEXT_VERSION != '' - name: Docker Tag Latest run: docker tag $REGISTRY/$GITHUB_REPOSITORY/$IMAGE:${{ steps.vars.outputs.sha_short }} $REGISTRY/$GITHUB_REPOSITORY/$IMAGE:latest if: env.CAOS_NEXT_VERSION != '' - name: Docker Push Version run: docker push $REGISTRY/$GITHUB_REPOSITORY/$IMAGE:$CAOS_NEXT_VERSION if: env.CAOS_NEXT_VERSION != '' - name: Docker Push Latest run: docker push $REGISTRY/$GITHUB_REPOSITORY/$IMAGE:latest if: env.CAOS_NEXT_VERSION != '' - name: Deploy DEV environment env: TARGET_ENVIRONMENT: "dev" GIT_OPSREPO_DEPLOYTOKEN: ${{secrets.GIT_OPSREPO_DEPLOYTOKEN}} run: | source ./.github/scripts/githelper.sh setup_git checkout_project change_image_version upload_files if: env.CAOS_NEXT_VERSION != ''