diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5d4f57d4e..1ebdbb636 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,88 +1,96 @@ name: "Release" on: push: - # take no actions on push to any branch... - branches-ignore: - - "**" - # ... only act on release tags - tags: - - "v*" +# # take no actions on push to any branch... +# branches-ignore: +# - "**" +# # ... only act on release tags +# tags: +# - "v*" env: GO_VERSION: "1.14.x" jobs: - wait-for-checks: - runs-on: ubuntu-latest # This OS choice is arbitrary. None of the steps in this job are specific to either Linux or macOS. - steps: - - uses: actions/checkout@v2 - - # we don't want to release commits that have been pushed and tagged, but not necessarily merged onto main - - name: Ensure tagged commit is on main - run: | - echo "Tag: ${GITHUB_REF##*/}" - git fetch origin main - git merge-base --is-ancestor ${GITHUB_REF##*/} origin/main && echo "${GITHUB_REF##*/} is a commit on main!" - - - name: Check static analysis results - uses: fountainhead/action-wait-for-check@v1.0.0 - id: static-analysis - with: - token: ${{ secrets.GITHUB_TOKEN }} - # This check name is defined as the circle-ci workflow name (in .circleci/config.yaml) - checkName: "Static-Analysis (1.x, ubuntu-latest)" - ref: ${{ github.event.pull_request.head.sha || github.sha }} - - - name: Check unit + integration results (latest go version) - uses: fountainhead/action-wait-for-check@v1.0.0 - id: unit-integration - with: - token: ${{ secrets.GITHUB_TOKEN }} - # This check name is defined as the circle-ci workflow name (in .circleci/config.yaml) - checkName: "Tests (1.x, ubuntu-latest)" - ref: ${{ github.event.pull_request.head.sha || github.sha }} - - - name: Check acceptance test results (linux) - uses: fountainhead/action-wait-for-check@v1.0.0 - id: acceptance-linux - with: - token: ${{ secrets.GITHUB_TOKEN }} - # This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml) - checkName: "Acceptance-Linux" - ref: ${{ github.event.pull_request.head.sha || github.sha }} - - - name: Check acceptance test results (mac) - uses: fountainhead/action-wait-for-check@v1.0.0 - id: acceptance-mac - with: - token: ${{ secrets.GITHUB_TOKEN }} - # This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml) - checkName: "Acceptance-Mac" - ref: ${{ github.event.pull_request.head.sha || github.sha }} - - - name: Check inline comparison test results - uses: fountainhead/action-wait-for-check@v1.0.0 - id: inline-compare - with: - token: ${{ secrets.GITHUB_TOKEN }} - # This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml) - checkName: "Inline-Compare" - ref: ${{ github.event.pull_request.head.sha || github.sha }} - - - name: Quality gate - if: steps.static-analysis.outputs.conclusion != 'success' || steps.unit-integration.outputs.conclusion != 'success' || steps.inline-compare.outputs.conclusion != 'success' || steps.acceptance-linux.outputs.conclusion != 'success' || steps.acceptance-mac.outputs.conclusion != 'success' - run: | - echo "Static Analysis Status: ${{ steps.static-analysis.conclusion }}" - echo "Unit & Integration Test Status: ${{ steps.unit-integration.outputs.conclusion }}" - echo "Acceptance Test (Linux) Status: ${{ steps.acceptance-linux.outputs.conclusion }}" - echo "Acceptance Test (Mac) Status: ${{ steps.acceptance-mac.outputs.conclusion }}" - echo "Inline Compare Status: ${{ steps.inline-compare.outputs.conclusion }}" - false +# wait-for-checks: +# runs-on: ubuntu-latest # This OS choice is arbitrary. None of the steps in this job are specific to either Linux or macOS. +# steps: +# - uses: actions/checkout@v2 +# +# # we don't want to release commits that have been pushed and tagged, but not necessarily merged onto main +# - name: Ensure tagged commit is on main +# run: | +# echo "Tag: ${GITHUB_REF##*/}" +# git fetch origin main +# git merge-base --is-ancestor ${GITHUB_REF##*/} origin/main && echo "${GITHUB_REF##*/} is a commit on main!" +# +# - name: Check static analysis results +# uses: fountainhead/action-wait-for-check@v1.0.0 +# id: static-analysis +# with: +# token: ${{ secrets.GITHUB_TOKEN }} +# # This check name is defined as the circle-ci workflow name (in .circleci/config.yaml) +# checkName: "Static-Analysis (1.x, ubuntu-latest)" +# ref: ${{ github.event.pull_request.head.sha || github.sha }} +# +# - name: Check unit + integration results (latest go version) +# uses: fountainhead/action-wait-for-check@v1.0.0 +# id: unit-integration +# with: +# token: ${{ secrets.GITHUB_TOKEN }} +# # This check name is defined as the circle-ci workflow name (in .circleci/config.yaml) +# checkName: "Tests (1.x, ubuntu-latest)" +# ref: ${{ github.event.pull_request.head.sha || github.sha }} +# +# - name: Check acceptance test results (linux) +# uses: fountainhead/action-wait-for-check@v1.0.0 +# id: acceptance-linux +# with: +# token: ${{ secrets.GITHUB_TOKEN }} +# # This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml) +# checkName: "Acceptance-Linux" +# ref: ${{ github.event.pull_request.head.sha || github.sha }} +# +# - name: Check acceptance test results (mac) +# uses: fountainhead/action-wait-for-check@v1.0.0 +# id: acceptance-mac +# with: +# token: ${{ secrets.GITHUB_TOKEN }} +# # This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml) +# checkName: "Acceptance-Mac" +# ref: ${{ github.event.pull_request.head.sha || github.sha }} +# +# - name: Check inline comparison test results +# uses: fountainhead/action-wait-for-check@v1.0.0 +# id: inline-compare +# with: +# token: ${{ secrets.GITHUB_TOKEN }} +# # This check name is defined as the github action job name (in .github/workflows/acceptance-test.yaml) +# checkName: "Inline-Compare" +# ref: ${{ github.event.pull_request.head.sha || github.sha }} +# +# - name: Quality gate +# if: steps.static-analysis.outputs.conclusion != 'success' || steps.unit-integration.outputs.conclusion != 'success' || steps.inline-compare.outputs.conclusion != 'success' || steps.acceptance-linux.outputs.conclusion != 'success' || steps.acceptance-mac.outputs.conclusion != 'success' +# run: | +# echo "Static Analysis Status: ${{ steps.static-analysis.conclusion }}" +# echo "Unit & Integration Test Status: ${{ steps.unit-integration.outputs.conclusion }}" +# echo "Acceptance Test (Linux) Status: ${{ steps.acceptance-linux.outputs.conclusion }}" +# echo "Acceptance Test (Mac) Status: ${{ steps.acceptance-mac.outputs.conclusion }}" +# echo "Inline Compare Status: ${{ steps.inline-compare.outputs.conclusion }}" +# false release: - needs: [wait-for-checks] +# needs: [wait-for-checks] runs-on: macos-latest # Due to our code signing process, it's vital that we run our release steps on macOS. steps: + - uses: docker-practice/actions-setup-docker@master + - run: | + set -x + + docker version + + docker run --rm hello-world + - uses: actions/setup-go@v2 with: go-version: ${{ env.GO_VERSION }} @@ -104,6 +112,10 @@ jobs: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}- ${{ runner.os }}-go-${{ env.GO_VERSION }}- + - name: Bootstrap project dependencies + if: steps.bootstrap-cache.outputs.cache-hit != 'true' + run: make bootstrap + - name: Import GPG key id: import_gpg uses: crazy-max/ghaction-import-gpg@v2 @@ -118,30 +130,30 @@ jobs: echo "name: ${{ steps.import_gpg.outputs.name }}" echo "email: ${{ steps.import_gpg.outputs.email }}" - - name: Build & publish release artifacts - run: make release - env: - GITHUB_TOKEN: ${{ secrets.ANCHORE_GIT_READ_TOKEN }} - GPG_PRIVATE_KEY: ${{ secrets.SIGNING_GPG_PRIVATE_KEY }} - PASSPHRASE: ${{ secrets.SIGNING_GPG_PASSPHRASE }} - SIGNING_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} - AWS_ACCESS_KEY_ID: ${{ secrets.TOOLBOX_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLBOX_AWS_SECRET_ACCESS_KEY }} - APPLE_DEVELOPER_ID_CERT: ${{ secrets.APPLE_DEVELOPER_ID_CERT }} # Used during macOS code signing. - APPLE_DEVELOPER_ID_CERT_PASS: ${{ secrets.APPLE_DEVELOPER_ID_CERT_PASS }} # Used during macOS code signing. - AC_USERNAME: ${{ secrets.ENG_CI_APPLE_ID }} # Used during macOS notarization. - AC_PASSWORD: ${{ secrets.ENG_CI_APPLE_ID_PASS }} # Used during macOS notarization. +# - name: Build & publish release artifacts +# run: make release +# env: +# GITHUB_TOKEN: ${{ secrets.ANCHORE_GIT_READ_TOKEN }} +# GPG_PRIVATE_KEY: ${{ secrets.SIGNING_GPG_PRIVATE_KEY }} +# PASSPHRASE: ${{ secrets.SIGNING_GPG_PASSPHRASE }} +# SIGNING_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} +# AWS_ACCESS_KEY_ID: ${{ secrets.TOOLBOX_AWS_ACCESS_KEY_ID }} +# AWS_SECRET_ACCESS_KEY: ${{ secrets.TOOLBOX_AWS_SECRET_ACCESS_KEY }} +# APPLE_DEVELOPER_ID_CERT: ${{ secrets.APPLE_DEVELOPER_ID_CERT }} # Used during macOS code signing. +# APPLE_DEVELOPER_ID_CERT_PASS: ${{ secrets.APPLE_DEVELOPER_ID_CERT_PASS }} # Used during macOS code signing. +# AC_USERNAME: ${{ secrets.ENG_CI_APPLE_ID }} # Used during macOS notarization. +# AC_PASSWORD: ${{ secrets.ENG_CI_APPLE_ID_PASS }} # Used during macOS notarization. - - uses: 8398a7/action-slack@v3 - with: - status: ${{ job.status }} - fields: repo,workflow,action,eventName - text: "A new Syft release is ready to be manually published: https://github.com/anchore/syft/releases" - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }} - if: ${{ success() }} - - - uses: actions/upload-artifact@v2 - with: - name: artifacts - path: dist/**/* +# - uses: 8398a7/action-slack@v3 +# with: +# status: ${{ job.status }} +# fields: repo,workflow,action,eventName +# text: "A new Syft release is ready to be manually published: https://github.com/anchore/syft/releases" +# env: +# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }} +# if: ${{ success() }} +# +# - uses: actions/upload-artifact@v2 +# with: +# name: artifacts +# path: dist/**/*