(improvement) more logging when purl format is invalid (#166) #70
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Release" | |
on: | |
push: | |
# take no actions on push to any branch... | |
branches-ignore: | |
- "**" | |
# ... only act on release tags | |
tags: | |
- "v*" | |
env: | |
GO_VERSION: "1.20.x" | |
permissions: | |
contents: read | |
packages: read | |
jobs: | |
quality-gate: | |
environment: release | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v2.5.0 | |
# we don't want to release commits that have been pushed and tagged, but not necessarily merged onto main | |
- name: Ensure tagged commit is on main | |
run: | | |
echo "Tag: ${GITHUB_REF##*/}" | |
git fetch origin main | |
git merge-base --is-ancestor ${GITHUB_REF##*/} origin/main && echo "${GITHUB_REF##*/} is a commit on main!" | |
- name: Check static analysis results | |
uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 # v1.1.0 | |
id: static-analysis | |
with: | |
token: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
# This check name is defined as the github action job name (in .github/workflows/testing.yaml) | |
checkName: "Static analysis" | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
- name: Check unit test results | |
uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 # v1.1.0 | |
id: unit | |
with: | |
token: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
# This check name is defined as the github action job name (in .github/workflows/testing.yaml) | |
checkName: "Unit tests" | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
- name: Check integration test results | |
uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 # v1.1.0 | |
id: integration | |
with: | |
token: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
# This check name is defined as the github action job name (in .github/workflows/testing.yaml) | |
checkName: "Integration tests" | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
- name: Check acceptance test results (linux) | |
uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 # v1.1.0 | |
id: acceptance-linux | |
with: | |
token: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
# This check name is defined as the github action job name (in .github/workflows/testing.yaml) | |
checkName: "Acceptance tests (Linux)" | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
- name: Check acceptance test results (mac) | |
uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 # v1.1.0 | |
id: acceptance-mac | |
with: | |
token: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
# This check name is defined as the github action job name (in .github/workflows/testing.yaml) | |
checkName: "Acceptance tests (Mac)" | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
- name: Check cli test results (linux) | |
uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 # v1.1.0 | |
id: cli-linux | |
with: | |
token: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
# This check name is defined as the github action job name (in .github/workflows/testing.yaml) | |
checkName: "CLI tests (Linux)" | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
- name: Quality gate | |
if: steps.static-analysis.outputs.conclusion != 'success' || steps.unit.outputs.conclusion != 'success' || steps.cli-linux.outputs.conclusion != 'success' || steps.acceptance-linux.outputs.conclusion != 'success' || steps.acceptance-mac.outputs.conclusion != 'success' | |
run: | | |
echo "Static Analysis Status: ${{ steps.static-analysis.conclusion }}" | |
echo "Unit Test Status: ${{ steps.unit.outputs.conclusion }}" | |
echo "Acceptance Test (Linux) Status: ${{ steps.acceptance-linux.outputs.conclusion }}" | |
echo "Acceptance Test (Mac) Status: ${{ steps.acceptance-mac.outputs.conclusion }}" | |
echo "CLI Test (Linux) Status: ${{ steps.cli-linux.outputs.conclusion }}" | |
false | |
release: | |
needs: [quality-gate] | |
# due to our code signing process, it's vital that we run our release steps on macOS | |
runs-on: macos-latest | |
steps: | |
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v2.5.0 | |
with: | |
fetch-depth: 0 | |
- name: Restore tool cache | |
id: tool-cache | |
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | |
with: | |
path: ${{ github.workspace }}/.tmp | |
key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }} | |
- name: Restore go cache | |
id: go-cache | |
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-${{ env.GO_VERSION }}- | |
- name: (cache-miss) Bootstrap all project dependencies | |
if: steps.tool-cache.outputs.cache-hit != 'true' || steps.go-cache.outputs.cache-hit != 'true' | |
run: make bootstrap | |
- name: Build & publish release artifacts | |
run: make release | |
env: | |
GITHUB_TOKEN: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.DATA_XEOL_IO_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.DATA_XEOL_IO_AWS_SECRET_ACCESS_KEY }} | |
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
with: | |
name: artifacts | |
path: dist/**/* | |
release-docker-assets: | |
needs: [release] | |
# code signing requires we run on mac-os runners. docker does not come installed on the mac-os runner | |
# a previous release process installed and configured docker on the mac-os runner which lead to blocked releases | |
# the anchore tools team opted to break this step out to a separate process to remove this work constraint | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
steps: | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v2.5.0 | |
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Login to Docker Hub | |
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 | |
with: | |
username: ${{ secrets.DOCKER_USER }} | |
password: ${{ secrets.DOCKER_PASS }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
- name: Restore go cache | |
id: go-cache | |
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-${{ env.GO_VERSION }}- | |
- name: (cache-miss) Bootstrap all project dependencies | |
if: steps.tool-cache.outputs.cache-hit != 'true' || steps.go-cache.outputs.cache-hit != 'true' | |
run: make bootstrap | |
- name: Build & Publish docker images | |
run: make release-docker-assets |