Merge pull request #956 from tscuite/main

fix: action
HXSecurity · Sep 9, 2022 · 9566c9d · 9566c9d
2 parents b57d894 + 6915621
commit 9566c9d
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 83 deletions.
diff --git a/.github/workflows/deploy-dev.yaml b/.github/workflows/deploy-dev.yaml
@@ -1,13 +1,9 @@
-# This is a basic workflow to help you get started with Actions
-
 name: Deploy DongTai Server To Dev
 
 on:
   push:
     branches: [ "main"  ]
 
-
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   Deploy-to-dev:
     if: ${{ github.event_name == 'push' && github.repository_owner == 'HXSecurity' }}
@@ -16,8 +12,6 @@ jobs:
       max-parallel: 4
       matrix:
         python-version: [3.7]
-
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -65,20 +59,6 @@ jobs:
           tags: | 
             registry.cn-hongkong.aliyuncs.com/secnium/dongtai-server-test:latest
             registry.cn-hongkong.aliyuncs.com/secnium/dongtai-server-test:1.0.${{github.run_number}}
-      # - name: Build
-      #   run: |
-      #     docker build -t registry.cn-beijing.aliyuncs.com/secnium/dongtai-server-test:latest .
-      #     docker tag registry.cn-beijing.aliyuncs.com/secnium/dongtai-server-test:latest registry.cn-beijing.aliyuncs.com/secnium/dongtai-server-test:1.0.${{github.run_number}}
-
-      # - name: push
-      #   uses: nick-invision/retry@v2
-      #   with:
-      #     timeout_seconds: 300
-      #     max_attempts: 10
-      #     #retry_on: timeout
-      #     command: |
-      #       docker push registry.cn-beijing.aliyuncs.com/secnium/dongtai-server-test:latest
-      #       docker push registry.cn-beijing.aliyuncs.com/secnium/dongtai-server-test:1.0.${{github.run_number}}
 
       - uses: actions/checkout@master
       - name: deploy to cluster

diff --git a/.github/workflows/release_dongtai.yml b/.github/workflows/release_dongtai.yml
@@ -6,6 +6,7 @@ on:
 
 jobs:
   build:
+    if: ${{ github.repository_owner == 'HXSecurity' }}
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -51,11 +52,8 @@ jobs:
       - name: Setup Ossutil
         uses: manyuanrong/setup-ossutil@v2.0
         with:
-          # 填写Bucket所在地域的域名信息，可参考访问域名和数据中心。
           endpoint: ${{ secrets.ALIYUN_OSS_ENDPOINT }}
-          # AccessKeyID
           access-key-id: ${{ secrets.ALIYUN_OSS_KEY_ID }}
-          # AccessKeySceret
           access-key-secret: ${{ secrets.ALIYUN_OSS_KEY_SECRET }}
       - run: |
           echo "${{ github.event.repository.name }},version,${{ steps.release.outputs.version }}" >> version.txt && \
@@ -68,30 +66,18 @@ jobs:
           [ ! -f ./dongtai-agent.jar ] && echo "$FILE does not exist."
           ossutil cp oss://dongtai/agent/python/ ./  --include "*.tar.gz" -r
           ossutil cp oss://dongtai/agent/php/ ./  --include "*.tar.gz" -r
-          #ossutil cp oss://huoqi-public/iast/release-version/DongTai-agent-python/${{ steps.release.outputs.VERSION }}/version.txt DongTai-agent-python.version.txt || true
-          #ossutil cp oss://huoqi-public/iast/release-version/DongTai-agent-java/${{ steps.release.outputs.VERSION }}/version.txt DongTai-agent-java.version.txt || true
-          #ossutil cp oss://huoqi-public/iast/release-version/DongTai-agent-php/${{ steps.release.outputs.VERSION }}/version.txt DongTai-agent-php.version.txt || true
-          #DONGTAI_JAVA_AGENT_REPONAME=`cat DongTai-agent-java.version.txt | awk '{split($0,a,",");print a[1]}' | sed -n "1p"`
-          #DONGTAI_JAVA_AGENT_VERSION=`cat DongTai-agent-java.version.txt | awk '{split($0,a,",");print a[3]}' | sed -n "1p"`
-          #DONGTAI_JAVA_AGENT_HASH=`cat DongTai-agent-java.version.txt | awk '{split($0,a,",");print a[3]}' | sed -n "2p"`
-          #DONGTAI_PYTHON_AGENT_REPONAME=`cat DongTai-agent-python.version.txt | awk '{split($0,a,",");print a[1]}' | sed -n "1p"`
-          #DONGTAI_PYTHON_AGENT_VERSION=`cat DongTai-agent-python.version.txt | awk '{split($0,a,",");print a[3]}' | sed -n "1p"`
-          #DONGTAI_PYTHON_AGENT_HASH=`cat DongTai-agent-python.version.txt | awk '{split($0,a,",");print a[3]}' | sed -n "2p"`
           echo "REPLACE INTO project_version_control (version, component_name, component_version_hash) VALUES('${{ steps.release.outputs.version }}', '${{ github.event.repository.name }}', '${GITHUB_SHA}');" >> ./deploy/docker/version.sql
-          #echo "REPLACE INTO project_version_control (version, component_name, component_version_hash) VALUES('$DONGTAI_JAVA_AGENT_VERSION', '$DONGTAI_JAVA_AGENT_REPONAME', '$DONGTAI_JAVA_AGENT_HASH');" >> ./deploy/docker/version.sql
-          #echo "REPLACE INTO project_version_control (version, component_name, component_version_hash) VALUES('$DONGTAI_PYTHON_AGENT_VERSION', '$DONGTAI_PYTHON_AGENT_REPONAME', '$DONGTAI_PYTHON_AGENT_HASH');" >> ./deploy/docker/version.sql
-
+        
       - name: Build and push
         uses: docker/build-push-action@v2
         with:
           file: Dockerfile
           context: .
           push: true
           tags: | 
-            registry.cn-beijing.aliyuncs.com/huoxian_pub/dongtai-server:latest
-            registry.cn-beijing.aliyuncs.com/huoxian_pub/dongtai-server:${{ steps.release.outputs.version }}
             dongtai/dongtai-server:latest
             dongtai/dongtai-server:${{ steps.release.outputs.version }}
+
       #- uses: actions/checkout@master
       #- name: deploy to cluster
       #  uses: wahyd4/kubectl-helm-action@master
@@ -107,3 +93,42 @@ jobs:
         with:
           url: ${{ secrets.DONGTAI_WEBHOOK_URL }}
           body: '{"msg_type": "interactive","card": {"config": {"wide_screen_mode": true,"enable_forward": true},"elements": [{"tag": "div","text": {"content": "状态：项目${{github.repository}}构建成功\n分支：${{github.ref}}\n流程：${{github.workflow}}\n构建编号：${{github.run_number}}\n触发事件：${{github.event_name}}\n提交人：${{github.actor}}\nSHA-1：${{github.sha}}\n","tag": "lark_md"}}]}}'
+
+
+  helm:
+    name: Build
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+
+      - uses: azure/setup-helm@v1
+        with:
+          version: 'latest'
+        id: install
+
+      - name: Get the release version
+        id: get_version
+        run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/}
+
+      - name: Setup ossutil
+        uses: manyuanrong/setup-ossutil@v2.0
+        with:
+          endpoint: ${{ secrets.CHART_OSS_ENDPOINT }}
+          access-key-id: ${{ secrets.CHART_OSS_ACCESS_KEY_ID }}
+          access-key-secret: ${{ secrets.CHART_OSS_ACCESS_KEY_SECRET }}
+
+      - name: Download existed repo files
+        run: |
+          ossutil cp -rf  oss://dongtai-helm-charts/iast/ ~/helm/repo/  --include dongtai-iast-*.tgz --exclude "index.yaml"
+
+      - name: Create helm package
+        run: |
+          helm package deploy/kubernetes/helm  -d ~/helm/repo --app-version ${{ steps.get_version.outputs.VERSION }} --version ${{ steps.get_version.outputs.VERSION }}
+          helm repo index ~/helm/repo/ --url ${{ secrets.DONGTAI_IAST_CHART_REPO_URL }}
+
+      - name: Push helm chart to repo
+        run: |
+          ossutil cp -rf ~/helm/repo/dongtai-iast-${{ steps.get_version.outputs.VERSION }}.tgz  oss://dongtai-helm-charts/iast/
+          ossutil cp -rf ~/helm/repo/index.yaml  oss://dongtai-helm-charts/iast/
diff --git a/.github/workflows/release_helm_chart.yml b/.github/workflows/release_helm_chart.yml