From 847869cabb7cf99481ad37332531fa31f380ebfb Mon Sep 17 00:00:00 2001 From: Viktor Delev Date: Mon, 11 Nov 2024 17:39:50 +0100 Subject: [PATCH 1/3] add post-merge release workflow --- .github/workflows/release-post-merge.yml | 67 ++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 .github/workflows/release-post-merge.yml diff --git a/.github/workflows/release-post-merge.yml b/.github/workflows/release-post-merge.yml new file mode 100644 index 00000000..00c0b211 --- /dev/null +++ b/.github/workflows/release-post-merge.yml @@ -0,0 +1,67 @@ +name: Post-Merge Release Actions + +on: + pull_request: + types: [closed] + branches: + - 'main' +env: + GITHUB_USER: "datavisyn-bot" + GITHUB_TOKEN: ${{ secrets.DATAVISYN_BOT_REPO_TOKEN }} + +jobs: + post_release: + if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.title, 'Release') + runs-on: ubuntu-22.04 + steps: + - name: checkout repository + uses: actions/checkout@v4 + with: + token: ${{ secrets.CHECKOUT_TOKEN || github.event.repository.private == true && secrets.DATAVISYN_BOT_REPO_TOKEN || github.token }} + + - name: Generate Release Notes + id: generate-release-notes + run: | + response=$(curl -s -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ + https://api.github.com/repos/${{ github.repository }}/releases/generate-notes \ + -d "$(jq -n --arg tag_name "v${{ github.event.pull_request.title.split(' ')[1] }}" \ + --arg target_commitish "main" \ + '{tag_name: $tag_name, target_commitish: $target_commitish}')") + echo "$(echo "$response" | jq -r '.body')" > release_notes.txt + + - name: Create GitHub Release + run: | + TAG="v${{ github.event.pull_request.title.split(' ')[1] }}" + RELEASE_NOTES=$(cat release_notes.txt) + curl -X POST \ + -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + -H "Accept: application/vnd.github.v3+json" \ + https://api.github.com/repos/${{ github.repository.full_name }}/releases \ + -d '{ + "tag_name": "'"$TAG"'", + "target_commitish": "main", + "name": "'"$TAG"'", + "body": "'"$RELEASE_NOTES"'", + "draft": false, + "prerelease": false + }' + + - name: Merge Main into Develop + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "<>" + git checkout develop + git pull origin main + git push origin develop + + - name: Update Package Version for Next Development Cycle + run: | + CURRENT_VERSION=$(jq -r '.version' package.json) + NEW_VERSION=$(echo "$CURRENT_VERSION" | awk -F. -v OFS=. '{$NF += 1 ; print $0"-SNAPSHOT"}') + jq --arg new_version "$NEW_VERSION" '.version = $new_version' package.json > tmp.json && mv tmp.json package.json + + git add package.json + git commit -m "Bump to $NEW_VERSION" + git push origin develop \ No newline at end of file From d8089a8eca80ebbf57ea5472fc6584a3e333caec Mon Sep 17 00:00:00 2001 From: Viktor Delev Date: Mon, 11 Nov 2024 17:44:10 +0100 Subject: [PATCH 2/3] revert main --- .github/workflows/release-post-merge.yml | 67 ------------------------ 1 file changed, 67 deletions(-) delete mode 100644 .github/workflows/release-post-merge.yml diff --git a/.github/workflows/release-post-merge.yml b/.github/workflows/release-post-merge.yml deleted file mode 100644 index 00c0b211..00000000 --- a/.github/workflows/release-post-merge.yml +++ /dev/null @@ -1,67 +0,0 @@ -name: Post-Merge Release Actions - -on: - pull_request: - types: [closed] - branches: - - 'main' -env: - GITHUB_USER: "datavisyn-bot" - GITHUB_TOKEN: ${{ secrets.DATAVISYN_BOT_REPO_TOKEN }} - -jobs: - post_release: - if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.title, 'Release') - runs-on: ubuntu-22.04 - steps: - - name: checkout repository - uses: actions/checkout@v4 - with: - token: ${{ secrets.CHECKOUT_TOKEN || github.event.repository.private == true && secrets.DATAVISYN_BOT_REPO_TOKEN || github.token }} - - - name: Generate Release Notes - id: generate-release-notes - run: | - response=$(curl -s -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ - https://api.github.com/repos/${{ github.repository }}/releases/generate-notes \ - -d "$(jq -n --arg tag_name "v${{ github.event.pull_request.title.split(' ')[1] }}" \ - --arg target_commitish "main" \ - '{tag_name: $tag_name, target_commitish: $target_commitish}')") - echo "$(echo "$response" | jq -r '.body')" > release_notes.txt - - - name: Create GitHub Release - run: | - TAG="v${{ github.event.pull_request.title.split(' ')[1] }}" - RELEASE_NOTES=$(cat release_notes.txt) - curl -X POST \ - -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - -H "Accept: application/vnd.github.v3+json" \ - https://api.github.com/repos/${{ github.repository.full_name }}/releases \ - -d '{ - "tag_name": "'"$TAG"'", - "target_commitish": "main", - "name": "'"$TAG"'", - "body": "'"$RELEASE_NOTES"'", - "draft": false, - "prerelease": false - }' - - - name: Merge Main into Develop - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "<>" - git checkout develop - git pull origin main - git push origin develop - - - name: Update Package Version for Next Development Cycle - run: | - CURRENT_VERSION=$(jq -r '.version' package.json) - NEW_VERSION=$(echo "$CURRENT_VERSION" | awk -F. -v OFS=. '{$NF += 1 ; print $0"-SNAPSHOT"}') - jq --arg new_version "$NEW_VERSION" '.version = $new_version' package.json > tmp.json && mv tmp.json package.json - - git add package.json - git commit -m "Bump to $NEW_VERSION" - git push origin develop \ No newline at end of file From 46cc7aa6c973f1b66fab4eb9143d5b6b1d87c86b Mon Sep 17 00:00:00 2001 From: Vanessa Stoiber <52395160+dvvanessastoiber@users.noreply.github.com> Date: Wed, 13 Nov 2024 10:12:52 +0100 Subject: [PATCH 3/3] Add retry loop for image scan (#117) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add debug to image scan * adapt workflow_branch * adapt workflow_branch * fix remaining branch references * add retry loop for image-scan * revert branches * Update .github/actions/get-ecr-scan-result/action.yml Co-authored-by: Michael PĆ¼hringer <51900829+puehringer@users.noreply.github.com> * Update .github/actions/get-ecr-scan-result/action.yml --------- Co-authored-by: Viktor Delev Co-authored-by: Michael PĆ¼hringer <51900829+puehringer@users.noreply.github.com> --- .github/actions/get-ecr-scan-result/action.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/actions/get-ecr-scan-result/action.yml b/.github/actions/get-ecr-scan-result/action.yml index c0074e11..e418009d 100644 --- a/.github/actions/get-ecr-scan-result/action.yml +++ b/.github/actions/get-ecr-scan-result/action.yml @@ -53,8 +53,18 @@ runs: - name: Get AWS ECR Scan results id: get-scan-results run: | - aws ecr wait image-scan-complete --repository-name $ECR_REPOSITORY --image-id imageTag=$IMAGE_TAG - if [ $(echo $?) -eq 0 ]; then + # As the image scan itself may not be started yet, we have to wait (and retry) until it is actually available + max_retries=5 + retries=0 + scan_complete=1 + until [ $retries -eq $max_retries ]; do + aws ecr wait image-scan-complete --repository-name $ECR_REPOSITORY --image-id imageTag=$IMAGE_TAG && scan_complete=0 && break + sleep 5 + retries=$((retries + 1)) + echo "Retry $retries/$max_retries: Waiting for image scan to start..." + done + + if [ $scan_complete -eq 0 ]; then scan_findings=$(aws ecr describe-image-scan-findings --repository-name $ECR_REPOSITORY --image-id imageTag=$IMAGE_TAG | jq '.imageScanFindings.findingSeverityCounts') critical=$(echo $scan_findings | jq '.CRITICAL') high=$(echo $scan_findings | jq '.HIGH')