Merge pull request #38 from cortexapps/36-tag-docker-image-with-both-… #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'cortexapps_cli/cortex.py' | |
| - '.github/workflows/publish.yml' | |
| env: | |
| CORTEX_API_KEY: ${{ secrets.CORTEX_API_KEY_PRODUCTION }} | |
| DOCKER_USERNAME: jeffschnittercortex | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| jobs: | |
| pypi: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| EMAIL: ${{ steps.git-details.outputs.EMAIL }} | |
| PUSHER: ${{ steps.git-details.outputs.PUSHER }} | |
| VERSION: ${{ steps.git-details.outputs.VERSION }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Bump version and push tag | |
| uses: anothrNick/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| WITH_V: false | |
| - name: Set up Python 3.11 | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.11 | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install poetry | |
| - name: Git details about version | |
| id: git-details | |
| env: | |
| GITHUB_CONTEXT: ${{ toJson(github) }} | |
| run: | | |
| version=$(git describe --tags --abbrev=0) | |
| echo "VERSION=${version}" >> $GITHUB_ENV | |
| echo "VERSION=${version}" >> $GITHUB_OUTPUT | |
| pusher=$(echo "$GITHUB_CONTEXT" | jq -r ".event.pusher.name") | |
| email=$(echo "$GITHUB_CONTEXT" | jq -r ".event.pusher.email") | |
| echo "PUSHER=${pusher}" >> $GITHUB_ENV | |
| echo "PUSHER=${pusher}" >> $GITHUB_OUTPUT | |
| echo "EMAIL=${email}" >> $GITHUB_ENV | |
| echo "EMAIL=${email}" >> $GITHUB_OUTPUT | |
| echo "URL=https://pypi.org/project/cortexapps-cli/${version}/" >> $GITHUB_ENV | |
| echo "$GITHUB_CONTEXT" | |
| echo "pusher = ${pusher}" | |
| echo "email = ${email}" | |
| - name: Publish | |
| id: publish | |
| run: | | |
| poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }} | |
| poetry version ${{ env.VERSION }} | |
| poetry build | |
| poetry publish | |
| sha=$(sha256sum dist/*.tar.gz | awk '{ print $1 }') | |
| echo "SHA=${sha}" >> $GITHUB_ENV | |
| - uses: actions/checkout@v4 | |
| - name: Post pypi deploy event to Cortex | |
| uses: ./.github/actions/cortex-deploys | |
| with: | |
| deployer-email: "${{ env.EMAIL }}" | |
| deployer-name: "${{ env.PUSHER }}" | |
| environment: "PyPI.org" | |
| sha: "${{ env.SHA }}" | |
| tag: "cli" | |
| title: "${{ env.VERSION }}" | |
| type: "DEPLOY" | |
| url: "${{ env.URL }}" | |
| docker: | |
| needs: pypi | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Get version info | |
| env: | |
| EMAIL: ${{needs.pypi.outputs.EMAIL}} | |
| PUSHER: ${{needs.pypi.outputs.PUSHER}} | |
| VERSION: ${{needs.pypi.outputs.VERSION}} | |
| run: | | |
| echo "EMAIL=${EMAIL}" >> $GITHUB_ENV | |
| echo "PUSHER=${PUSHER}" >> $GITHUB_ENV | |
| echo "VERSION=${VERSION}" >> $GITHUB_ENV | |
| echo "DOCKER_IMAGE=${{ env.DOCKER_USERNAME }}/cli:${VERSION}" >> $GITHUB_ENV | |
| echo "DOCKER_IMAGE_LATEST=${{ env.DOCKER_USERNAME }}/cli:latest" >> $GITHUB_ENV | |
| - name: build docker image | |
| working-directory: ./docker | |
| run: | | |
| docker build -t ${{ env.DOCKER_IMAGE }} . | |
| sha=$(docker images --format {{.ID}} --no-trunc ${{ env.DOCKER_USERNAME }}/cli:${{ env.VERSION }}) | |
| echo "DOCKER_SHA=${sha}" >> $GITHUB_ENV | |
| echo "URL=https://hub.docker.com/layers/${{ env.DOCKER_USERNAME }}/cli/${{ env.VERSION }}/images/${sha}" >> $GITHUB_ENV | |
| - name: Run Trivy on Root Image | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ env.DOCKER_IMAGE }} | |
| format: table | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| severity: CRITICAL,HIGH | |
| - name: push docker image | |
| run: | | |
| docker login -u ${{ env.DOCKER_USERNAME }} -p ${{ env.DOCKER_PASSWORD }} | |
| docker tag ${{ env.DOCKER_IMAGE }} ${{ env.DOCKER_IMAGE_LATEST }} | |
| docker push ${{ env.DOCKER_IMAGE }} | |
| docker push ${{ env.DOCKER_IMAGE_LATEST }} | |
| docker-deploy-event: | |
| needs: docker | |
| runs-on: ubuntu-latest | |
| container: | |
| image: jeffschnittercortex/cli:latest | |
| steps: | |
| - name: Post docker deploy event to Cortex | |
| env: | |
| EMAIL: ${{needs.pypi.outputs.EMAIL}} | |
| PUSHER: ${{needs.pypi.outputs.PUSHER}} | |
| SHA: ${{needs.docker.outputs.SHA}} | |
| URL: ${{needs.docker.outputs.URL}} | |
| VERSION: ${{needs.pypi.outputs.VERSION}} | |
| run: | | |
| cat << EOF > /tmp/deploy.json | |
| { | |
| "customData": {}, | |
| "deployer": { | |
| "email": "${{ env.EMAIL }}", | |
| "name": "${{ env.PUSHER }}" | |
| }, | |
| "environment": "docker", | |
| "sha": " ${{ env.SHA }}", | |
| "timestamp": "$(date +'%Y-%m-%dT%H:%M:%S').000Z", | |
| "title": "${{ env.VERSION }}", | |
| "type": "DEPLOY", | |
| "url": "${{ env.URL }}" | |
| } | |
| EOF | |
| cortex deploys add -t cli -f /tmp/deploy.json |