fix: workflows github

lpsm-dev · Feb 21, 2023 · ee9fe3e · ee9fe3e
1 parent 693b70b
commit ee9fe3e
Show file tree

Hide file tree

Showing 4 changed files with 143 additions and 138 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -14,19 +14,19 @@ jobs:
     runs-on: ubuntu-20.04
 
     steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@v3.3.0
-        with:
-          fetch-depth: 0
+    - name: Checkout
+      uses: actions/checkout@v3.3.0
+      with:
+        fetch-depth: 0
 
-      - name: Secret Dection
-        uses: zricethezav/gitleaks-action@master
-        with:
-          config-path: ${{ github.workspace }}/.github/config/.gitleaks.toml
-        continue-on-error: false
+    - name: Secret Dection
+      uses: zricethezav/gitleaks-action@master
+      with:
+        config-path: ${{ github.workspace }}/.github/config/.gitleaks.toml
+      continue-on-error: false
 
-      - name: Hadolint
-        uses: hadolint/hadolint-action@v3.1.0
-        with:
-          dockerfile: Dockerfile
-          config: ${{ github.workspace }}/.github/config/.hadolint.yml
+    - name: Hadolint
+      uses: hadolint/hadolint-action@v3.1.0
+      with:
+        dockerfile: Dockerfile
+        config: ${{ github.workspace }}/.github/config/.hadolint.yml
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -22,63 +22,63 @@ jobs:
     runs-on: ubuntu-20.04
 
     steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Set up QEMU
-        id: qemu
-        uses: docker/setup-qemu-action@v2
-        with:
-          image: tonistiigi/binfmt:latest
-          platforms: all
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-        with:
-          install: true
-          buildkitd-flags: --debug
-
-      - name: Inspect builder
-        run: |
-          echo "Name:      ${{ steps.buildx.outputs.name }}"
-          echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
-          echo "Status:    ${{ steps.buildx.outputs.status }}"
-          echo "Flags:     ${{ steps.buildx.outputs.flags }}"
-          echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          tags: |
-            type=edge,enable=true,branch=main
-            type=ref,enable=true,event=branch
-            type=ref,enable=true,event=tag
-            type=semver,pattern={{version}},value=${{ github.event.inputs.git-tag }}
-
-      - name: Build and push
-        uses: docker/build-push-action@v4
-        with:
-          push: ${{ github.event_name != 'pull_request' }}
-          file: Dockerfile
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64
-          cache-from: |
-            type=registry,ref=${{ steps.meta.outputs.tags }}
-            type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:main
-          cache-to: type=inline
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Set up QEMU
+      id: qemu
+      uses: docker/setup-qemu-action@v2
+      with:
+        image: tonistiigi/binfmt:latest
+        platforms: all
+
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v2
+      with:
+        install: true
+        buildkitd-flags: --debug
+
+    - name: Inspect builder
+      run: |
+        echo "Name:      ${{ steps.buildx.outputs.name }}"
+        echo "Endpoint:  ${{ steps.buildx.outputs.endpoint }}"
+        echo "Status:    ${{ steps.buildx.outputs.status }}"
+        echo "Flags:     ${{ steps.buildx.outputs.flags }}"
+        echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@v4
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=edge,enable=true,branch=main
+          type=ref,enable=true,event=branch
+          type=ref,enable=true,event=tag
+          type=semver,pattern={{version}},value=${{ github.event.inputs.git-tag }}
+
+    - name: Build and push
+      uses: docker/build-push-action@v4
+      with:
+        push: ${{ github.event_name != 'pull_request' }}
+        file: Dockerfile
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        platforms: linux/amd64
+        cache-from: |
+          type=registry,ref=${{ steps.meta.outputs.tags }}
+          type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:main
+        cache-to: type=inline
 
   scan:
     name: Scan
@@ -87,34 +87,34 @@ jobs:
     needs: build
 
     steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Dive
-        uses: yuichielectric/dive-action@0.0.4
-        with:
-          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:main
-          config-file: ${{ github.workspace }}/.dive-ci.yml
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Run Trivy vulnerability scanner
-        id: trivy
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:main
-          format: table
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: os,library
-          severity: CRITICAL,HIGH
-
-      - name: Run Snyk to check Docker image for vulnerabilities
-        continue-on-error: true
-        uses: snyk/actions/docker@master
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:main
-          args: --file=Dockerfile
+    - name: Checkout Repository
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Dive
+      uses: yuichielectric/dive-action@0.0.4
+      with:
+        image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:main
+        config-file: ${{ github.workspace }}/.dive-ci.yml
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Run Trivy vulnerability scanner
+      id: trivy
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:main
+        format: table
+        exit-code: '1'
+        ignore-unfixed: true
+        vuln-type: os,library
+        severity: CRITICAL,HIGH
+
+    - name: Run Snyk to check Docker image for vulnerabilities
+      continue-on-error: true
+      uses: snyk/actions/docker@master
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      with:
+        image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:main
+        args: --file=Dockerfile
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
diff --git a/.github/workflows/smr.yml b/.github/workflows/smr.yml
@@ -0,0 +1,41 @@
+name: SemanticRelease
+
+on:
+  workflow_dispatch:
+    inputs:
+      git-ref:
+        description: Git Branch Reference
+        default: main
+        required: true
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-20.04
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+        persist-credentials: false
+      if: github.event.inputs.git-ref == 'main'
+
+    - name: Setup node
+      uses: actions/setup-node@v3
+      with:
+        node-version: 'lts/*'
+      if: github.event.inputs.git-ref == 'main'
+
+    - name: Copy rules
+      run: |
+        cp .github/config/.releaserc.json .
+    - name: Install dependencies
+      run: npm install
+      if: github.event.inputs.git-ref == 'main'
+
+    - name: Release
+      run: npx semantic-release
+      env:
+        CI: true
+        GH_TOKEN: ${{ secrets.GH_TOKEN }}
+      if: github.event.inputs.git-ref == 'main'