CID-2409: Fix snyk vulnerabilities #59

Workflow file for this run

.github/workflows/release-docker-image.yml at d94d266

	name: Release Docker Image

	on:
	pull_request:
	types: [closed]
	workflow_dispatch:

	jobs:
	release_draft:
	permissions:
	contents: write
	pull-requests: write
	runs-on: ubuntu-latest
	steps:
	- uses: release-drafter/release-drafter@v5
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	build:
	runs-on: ubuntu-latest

	if: github.event.pull_request.merged

	steps:
	- name: Tag next version
	id: tag-action
	uses: K-Phoen/semver-release-action@master
	with:
	release_branch: main
	release_strategy: tag
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Publish Release Draft
	uses: actions/github-script@v6.4.1
	if: (steps.tag-action.outputs.tag != '')
	with:
	github-token: ${{secrets.GITHUB_TOKEN}}
	script: \|
	const tag = "${{ steps.tag-action.outputs.tag }}";
	const { data: releases } = await github.rest.repos.listReleases({
	owner: context.repo.owner,
	repo: context.repo.repo
	});

	const draftRelease = releases.find(release => release.tag_name === tag && release.draft === true);

	if (!draftRelease) {
	console.log(`No draft release found for tag ${tag}`);
	return;
	}

	await github.rest.repos.updateRelease({
	owner: context.repo.owner,
	repo: context.repo.repo,
	release_id: draftRelease.id,
	draft: false
	});

	console.log(`Published draft release for tag ${tag}`);

	- name: Inject secret store credentials
	uses: leanix/secrets-action@master
	if: (steps.tag-action.outputs.tag != '')
	with:
	secret-store-credentials: ${{ secrets.INJECTED_SECRET_STORE_CREDENTIALS }}

	- name: Checkout
	uses: actions/checkout@v3
	if: (steps.tag-action.outputs.tag != '')

	- name: Setup Java
	uses: actions/setup-java@v3
	if: (steps.tag-action.outputs.tag != '')
	with:
	distribution: 'temurin'
	java-version: '17'

	- name: Build with Gradle
	uses: gradle/gradle-build-action@v2
	if: (steps.tag-action.outputs.tag != '')
	continue-on-error: false
	with:
	arguments: build

	- name: Login to Azure registry
	uses: azure/docker-login@v1
	if: (steps.tag-action.outputs.tag != '')
	with:
	login-server: ${{ env.ACR_PUBLIC_LOGIN }}
	username: ${{ env.ACR_PUBLIC_USERNAME }}
	password: ${{ env.ACR_PUBLIC_PASSWORD }}

	- name: Setup ssh
	uses: webfactory/ssh-agent@v0.4.1
	if: (steps.tag-action.outputs.tag != '')
	with:
	ssh-private-key: ${{ env.CI_GITHUB_SSH_PRIVATE_KEY }}
	ssh-auth-sock: ${{ env.SSH_AUTH_SOCK }}

	- name: Build and push image to Azure public registry
	if: (steps.tag-action.outputs.tag != '')
	uses: docker/build-push-action@v2
	with:
	context: ./
	file: Dockerfile
	tags: ${{ env.ACR_PUBLIC_LOGIN }}/vsm-gitlab-broker:${{ steps.tag-action.outputs.tag }}, ${{ env.ACR_PUBLIC_LOGIN }}/vsm-gitlab-broker:latest
	push: true
	ssh: default=${{ env.SSH_AUTH_SOCK }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CID-2409: Fix snyk vulnerabilities #59

Workflow file

CID-2409: Fix snyk vulnerabilities #59

Jobs

Run details

Workflow file for this run