diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index 7c2cca1..e7e0d0c 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -11,7 +11,7 @@ jobs: with: fetch-depth: '0' - name: Bump version and push tag - uses: anothrNick/github-tag-action@1.39.0 + uses: anothrNick/github-tag-action@1.46.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} WITH_V: true diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml index 69ddc90..8ccb674 100644 --- a/.github/workflows/docker-ci.yml +++ b/.github/workflows/docker-ci.yml @@ -7,6 +7,7 @@ on: push: branches: - main + - dev tags: - 'v*.*.*' pull_request: @@ -16,38 +17,62 @@ on: release: types: [released] jobs: - sonarcloud: - name: SonarCloud - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - submodules: recursive - - name: SonarCloud Scan - uses: SonarSource/sonarcloud-github-action@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - SONAR_TOKEN: ${{ secrets.SONAR_PUBLIC_TOKEN }} - with: - projectBaseDir: ./ - args: > - -Dsonar.organization=mov-ai - -Dsonar.projectKey=MOV-AI_${{ github.event.repository.name }} - -Dsonar.verbose=true - -Dsonar.sources=. - -Dsonar.scm.provider=git - -Dsonar.qualitygate.wait=true - -Dsonar.qualitygate.timeout=300 - docker-build: - uses: MOV-AI/.github/.github/workflows/docker-workflow.yml@main + uses: MOV-AI/.github/.github/workflows/docker-workflow.yml@v1 with: docker_file: Dockerfile - docker_image: qa/redis2 + docker_image: devops/redis2 github_ref: ${{ github.ref }} + deploy: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/tags/v')}} + version: ${GITHUB_REF##*/} + push_latest: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/tags/v') }} public: true public_image: ce/redis2 + snyk_check: true secrets: registry_user: ${{ secrets.PORTUS_APP_USER }} registry_password: ${{ secrets.PORTUS_APP_TOKEN }} + pub_registry_user: ${{ secrets.PORTUS_APP_USER }} + pub_registry_password: ${{ secrets.PORTUS_APP_TOKEN }} + snyk_token: ${{ secrets.SNYK_TOKEN }} + extra_tagging: + needs: [docker-build] + runs-on: ubuntu-latest + env: + DOCKER_PUSH: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/tags/v')}} + DOCKER_REGISTRY: registry.cloud.mov.ai + if: ${{ contains(github.ref, 'refs/heads/main') || contains(github.ref, 'refs/tags/v')}} + steps: + - name: Login to Movai Registry + uses: docker/login-action@v2 + with: + username: ${{ secrets.PORTUS_APP_USER }} + password: ${{ secrets.PORTUS_APP_TOKEN }} + registry: ${{ env.DOCKER_REGISTRY }} + - name: "Verify push and tag vars from env" + id: get_version + env: + GITHUB_REF: ${{ github.ref }} + DOCKER_PUSH: ${{ env.DOCKER_PUSH }} + run: | + echo $GITHUB_REF + echo $DOCKER_PUSH + if [ "${DOCKER_PUSH}" = "true" ]; then + if [ "${GITHUB_REF}" = "refs/heads/main" ]; then + echo ::set-output name=DOCKER_TAG::latest + else + echo ::set-output name=DOCKER_TAG::${GITHUB_REF##*/} + fi + else + echo ::set-output name=DOCKER_TAG::local + fi + - name: Extra tags + run: | + images="redis2" + for img in $images; do + docker pull "${{ env.DOCKER_REGISTRY }}/devops/${img}:${{ steps.get_version.outputs.DOCKER_TAG }}" + docker tag "${{ env.DOCKER_REGISTRY }}/devops/${img}:${{ steps.get_version.outputs.DOCKER_TAG }}" "${{ env.DOCKER_REGISTRY }}/develop/${img}:${{ steps.get_version.outputs.DOCKER_TAG }}" + docker tag "${{ env.DOCKER_REGISTRY }}/devops/${img}:${{ steps.get_version.outputs.DOCKER_TAG }}" "${{ env.DOCKER_REGISTRY }}/qa/${img}:${{ steps.get_version.outputs.DOCKER_TAG }}" + docker push "${{ env.DOCKER_REGISTRY }}/develop/${img}:${{ steps.get_version.outputs.DOCKER_TAG }}" + docker push "${{ env.DOCKER_REGISTRY }}/qa/${img}:${{ steps.get_version.outputs.DOCKER_TAG }}" + done