Skip to content

[reconcile]: update .github/workflows/stale-issues.yaml #1

[reconcile]: update .github/workflows/stale-issues.yaml

[reconcile]: update .github/workflows/stale-issues.yaml #1

Workflow file for this run

name: alpha
on:
push:
branches:
- main
jobs:
generate-tag:
runs-on: ubuntu-20.04
outputs:
tag: ${{ steps.get_tag.outputs.GIT_TAG }}
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Get tags
id: get_tag
uses: ./actions/version-tag
generate-schema:
runs-on: ubuntu-20.04
container:
image: schemahero/schemahero:0.13.2
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Generate fixtures
run: |
/schemahero fixtures \
--input-dir ./migrations/tables \
--output-dir ./migrations/fixtures/schema \
--dbname ship-cloud --driver postgres
- name: Upload schema artifact
uses: actions/upload-artifact@v2
with:
name: schema
path: ./migrations/fixtures/schema/fixtures.sql
generate-fixtures:
runs-on: ubuntu-20.04
needs: [generate-schema]
container:
image: replicated/gitops-builder:buildkite
options: --user root
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Download schema artifact
uses: actions/download-artifact@v2
with:
name: schema
path: ./migrations/fixtures/schema
- name: Build fixtures
run: |
export $(cat .image.env | sed 's/#.*//g' | xargs) && make -C migrations/fixtures deps build run
shell: bash
- name: Upload fixtures artifact
uses: actions/upload-artifact@v2
with:
name: fixtures
path: ./migrations/fixtures/fixtures.sql
publish-fixtures:
runs-on: ubuntu-20.04
needs: [generate-fixtures]
steps:
- name: Checkout
uses: actions/checkout@v2
- uses: azure/docker-login@v1
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Download fixtures artifact
uses: actions/download-artifact@v2
with:
name: fixtures
path: ./migrations/fixtures
- name: Publish fixtures
run: |
export $(cat .image.env | sed 's/#.*//g' | xargs) && make -C migrations/fixtures publish
shell: bash
build-schema-migrations:
runs-on: ubuntu-20.04
needs: [publish-fixtures]
steps:
- name: Checkout
uses: actions/checkout@v2
- uses: azure/docker-login@v1
env:
DOCKER_CONFIG: ./migrations/.docker
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Build
env:
DOCKER_CONFIG: ./.docker
run: |
export $(cat .image.env | sed 's/#.*//g' | xargs) && make -C migrations schema-alpha
test_web:
runs-on: ubuntu-20.04
needs: [build-schema-migrations]
container:
image: replicated/gitops-builder:buildkite
options: --user root
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Node.js environment
uses: actions/setup-node@v2
with:
node-version: '17.x'
- name: Install cross-env
run: npm i -g cross-env
shell: bash
# - name: Test web
# env:
# PACT_BROKER_USERNAME: ${{ secrets.PACT_BROKER_USERNAME }}
# PACT_BROKER_PASSWORD: ${{ secrets.PACT_BROKER_PASSWORD }}
# run: |
# make -C kotsadm/web deps test publish-pact
build_web:
runs-on: ubuntu-20.04
needs: [build-schema-migrations, generate-tag]
container:
image: replicated/gitops-builder:buildkite
options: --user root
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Node.js environment
uses: actions/setup-node@v2
with:
node-version: '17.x'
- name: Build web
env:
GIT_TAG: ${{ needs.generate-tag.outputs.tag }}
run: export $(cat .image.env | sed 's/#.*//g' | xargs) && make -C web deps build-kotsadm
shell: bash
- name: Upload web artifact
uses: actions/upload-artifact@v2
with:
name: web
path: ./web/dist
build_kurl_proxy:
runs-on: ubuntu-20.04
needs: [build-schema-migrations, generate-tag]
steps:
- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: '^1.17.4'
- name: Checkout
uses: actions/checkout@v2
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-kurlproxy-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-kurlproxy-
- name: Build kurl_proxy
env:
GIT_TAG: ${{ needs.generate-tag.outputs.tag }}
SCOPE_DSN_PUBLIC: ""
run: export $(cat .image.env | sed 's/#.*//g' | xargs) && make -C kurl_proxy test build
shell: bash
- name: Upload kurl_proxy artifact
uses: actions/upload-artifact@v2
with:
name: kurl_proxy
path: ./kurl_proxy/bin
build_go_api:
runs-on: ubuntu-20.04
needs: [test_web, build_web, build_kurl_proxy, generate-tag]
steps:
- uses: actions/setup-go@v2
with:
go-version: '^1.17.4'
- name: Checkout
uses: actions/checkout@v1 # not @v2 because of: https://github.com/actions/checkout/issues/126
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-kots-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-kots-
- name: Download web artifact
uses: actions/download-artifact@v2
with:
name: web
path: ./web/dist
- name: Build Go API
env:
GIT_TAG: ${{ needs.generate-tag.outputs.tag }}
SCOPE_DSN_PUBLIC: ""
run: export $(cat .image.env | sed 's/#.*//g' | xargs) && make vet ci-test kots build
shell: bash
- name: Upload Go API artifact
uses: actions/upload-artifact@v2
with:
name: go_api
path: ./bin
release_go_api_alpha:
runs-on: ubuntu-20.04
needs: [build_web, build_go_api, generate-tag]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Download go_api artifact
uses: actions/download-artifact@v2
with:
name: go_api
path: ./bin
- name: Add executable permissions
run: |
chmod a+x ./bin/kotsadm
chmod a+x ./bin/kots
- uses: azure/docker-login@v1
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Build alpha release
env:
GIT_TAG: ${{ needs.generate-tag.outputs.tag }}
run: |
export $(cat .image.env | sed 's/#.*//g' | xargs) && make build-alpha
build_kurl_proxy_alpha:
runs-on: ubuntu-20.04
needs: [build_kurl_proxy, generate-tag]
steps:
- uses: azure/docker-login@v1
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Checkout
uses: actions/checkout@v2
- name: Download kurl_proxy artifact
uses: actions/download-artifact@v2
with:
name: kurl_proxy
path: ./kurl_proxy/bin
- name: Add executable permissions
run: chmod a+x ./kurl_proxy/bin/kurl_proxy
- name: Build alpha release
env:
GIT_TAG: ${{ needs.generate-tag.outputs.tag }}
run: |
export $(cat .image.env | sed 's/#.*//g' | xargs) && make -C kurl_proxy build-alpha
build_kurl_addon_alpha:
runs-on: ubuntu-20.04
needs: [release_go_api_alpha, build_kurl_proxy_alpha]
steps:
- name: Build kURL addon alpha package
env:
GH_PAT: ${{ secrets.GH_PAT }}
run: |
package=kotsadm-alpha.tar.gz
curl -H "Authorization: token $GH_PAT" \
-H 'Accept: application/json' \
-d "{\"event_type\": \"build-package-staging\", \"client_payload\": {\"package\": \"${package}\"}}" \
"https://api.github.com/repos/replicatedhq/kurl/dispatches"
scan_postgres_10:
runs-on: ubuntu-20.04
needs: [build-schema-migrations]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Read image tags from env file
uses: falti/[email protected]
id: dotenv
with:
path: .image.env
- name: Scan postgres for vulnerabilities
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/library/postgres:${{ steps.dotenv.outputs.POSTGRES_10_TAG }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'postgres-10-scan-output.sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload scan report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: postgres-10-scan-output.sarif
scan_postgres_14:
runs-on: ubuntu-20.04
needs: [build-schema-migrations]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Read image tags from env file
uses: falti/[email protected]
id: dotenv
with:
path: .image.env
- name: Scan postgres for vulnerabilities
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/library/postgres:${{ steps.dotenv.outputs.POSTGRES_14_TAG }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'postgres-14-scan-output.sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload scan report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: postgres-14-scan-output.sarif
scan_minio:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Read image tags from env file
uses: falti/[email protected]
id: dotenv
with:
path: .image.env
- name: Scan minio for vulnerabilities
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/minio/minio:${{ steps.dotenv.outputs.minio_tag }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'minio-scan-output.sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload scan report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'minio-scan-output.sarif'
scan_dex:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Read image tags from env file
uses: falti/[email protected]
id: dotenv
with:
path: .image.env
- name: Scan dex for vulnerabilities
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: "ghcr.io/dexidp/dex:${{ steps.dotenv.outputs.dex_tag }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'dex-scan-output.sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload scan report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: dex-scan-output.sarif
scan_kurl_proxy:
runs-on: ubuntu-20.04
needs: [build_kurl_proxy_alpha]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Scan kurl-proxy for vulnerabilities
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/kotsadm/kurl-proxy:alpha'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'kurl-proxy-scan-output.sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload scan report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: kurl-proxy-scan-output.sarif
scan_local_volume_provider:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Read image tags from env file
uses: falti/[email protected]
id: dotenv
with:
path: .image.env
- name: Scan replicated/local-volume-provider for vulnerabilities
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/replicated/local-volume-provider:${{ steps.dotenv.outputs.lvp_tag }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'scan-output.sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload scan report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: scan-output.sarif
scan_kotsadm:
runs-on: ubuntu-20.04
needs: [release_go_api_alpha]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Scan kotsadm for vulnerabilities
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/kotsadm/kotsadm:alpha'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'kotsadm-scan-output.sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload scan report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: kotsadm-scan-output.sarif
scan_migrations:
runs-on: ubuntu-20.04
needs: [build-schema-migrations]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Scan migrations for vulnerabilities
id: scan
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/kotsadm/kotsadm-migrations:alpha'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'kotsadm-migration-scan-output.sarif'
exit-code: '0'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload scan report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: kotsadm-migration-scan-output.sarif