diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml new file mode 100644 index 0000000..01761ae --- /dev/null +++ b/.github/workflows/prepare-release.yml @@ -0,0 +1,49 @@ +name: Prepare Release + +on: + workflow_dispatch: + +jobs: + prepare-release: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: main + fetch-depth: 0 + + - name: Prepare release + env: + GPG_SECRET_KEY: ${{ secrets.GPG_SECRET_KEY }} + GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} + GITHUB_TOKEN: ${{ secrets.TOKEN }} + CI: true + run: | + echo "$GPG_SECRET_KEY" | base64 --decode | gpg --import --no-tty --batch --yes + scripts/release.sh prepare + + - name: Notify Slack on Failure + uses: slackapi/slack-github-action@v1.25.0 + if: failure() + with: + payload: | + { + "attachments": [ + { + "color": "#E92020", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "@oncall-growth-eng! There has been a failure that needs your attention. :rotating_light:\n*GitHub Workflow Failure*\nlw-scanner-action/prepare-release\n*Workflow Run*\n https://github.com/lacework/go-sdk/actions/runs/${{ github.run_id }}" + } + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_GROWTH_ENG_ALERTS }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..4eb97e4 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,73 @@ +name: Release + +on: + push: + tags: + - 'v*' + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Notify Slack on Release + uses: slackapi/slack-github-action@v1.25.0 + with: + payload: | + { + "attachments": [ + { + "color": "#E92020", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Releasing the lw-scanner Github Action" + } + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_GROWTH_ENG_ALERTS }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + + - name: Create Release + env: + GPG_SECRET_KEY: ${{ secrets.GPG_SECRET_KEY }} + GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} + GITHUB_TOKEN: ${{ secrets.TOKEN }} + run: | + echo "$GPG_SECRET_KEY" | base64 --decode | gpg --import --no-tty --batch --yes + scripts/release.sh publish + + - name: Notify Slack on Failure + uses: slackapi/slack-github-action@v1.25.0 + if: failure() + with: + payload: | + { + "attachments": [ + { + "color": "#E92020", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "@oncall-growth-eng! There has been a failure that needs your attention. :rotating_light:\n*GitHub Workflow Failure*\nlw-scanner-action/release\n*Workflow Run*\n https://github.com/lacework/go-sdk/actions/runs/${{ github.run_id }}" + } + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_GROWTH_ENG_ALERTS }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/trigger-release.yml b/.github/workflows/trigger-release.yml new file mode 100644 index 0000000..884fcf5 --- /dev/null +++ b/.github/workflows/trigger-release.yml @@ -0,0 +1,50 @@ +name: Trigger Release + +on: + push: + branches: + - main + +jobs: + trigger-release: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: main + token: ${{ secrets.TOKEN }} + + - name: Trigger release + env: + GPG_SECRET_KEY: ${{ secrets.GPG_SECRET_KEY }} + GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} + CI: true + run: | + echo "$GPG_SECRET_KEY" | base64 --decode | gpg --import --no-tty --batch --yes + scripts/release.sh trigger + + - name: Notify Slack on Failure + uses: slackapi/slack-github-action@v1.25.0 + if: failure() + with: + payload: | + { + "attachments": [ + { + "color": "#E92020", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "@oncall-growth-eng! There has been a failure that needs your attention. :rotating_light:\n*GitHub Workflow Failure*\nlw-scanner-action/trigger-release\n*Workflow Run*\n https://github.com/lacework/go-sdk/actions/runs/${{ github.run_id }}" + } + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_GROWTH_ENG_ALERTS }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/update-scanner-version.yml b/.github/workflows/update-scanner-version.yml new file mode 100644 index 0000000..b5bfb7f --- /dev/null +++ b/.github/workflows/update-scanner-version.yml @@ -0,0 +1,54 @@ +name: Update Docker Container Version + +on: + workflow_dispatch: + inputs: + scanner_version: + description: New lw-scanner version + required: true + type: string + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + + - name: Update Scanner Version + env: + GPG_SECRET_KEY: ${{ secrets.GPG_SECRET_KEY }} + GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} + GITHUB_TOKEN: ${{ secrets.TOKEN }} + run: | + echo "$GPG_SECRET_KEY" | base64 --decode | gpg --import --no-tty --batch --yes + export SCANNER_VERSION=${{inputs.scanner_version}} + echo Version passed to script= $SCANNER_VERSION + scripts/version-bump.sh $SCANNER_VERSION + + - name: Notify Slack on Failure + uses: slackapi/slack-github-action@v1.25.0 + if: failure() + with: + payload: | + { + "attachments": [ + { + "color": "#E92020", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "@oncall-growth-eng! There has been a failure that needs your attention. :rotating_light:\n*GitHub Workflow Failure*\nlw-scanner-action/release\n*Workflow Run*\n https://github.com/lacework/go-sdk/actions/runs/${{ github.run_id }}" + } + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_GROWTH_ENG_ALERTS }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml new file mode 100644 index 0000000..5f72728 --- /dev/null +++ b/.github/workflows/verify-release.yml @@ -0,0 +1,49 @@ +name: Verify Release + +on: + push: + branches: + - release + +jobs: + verify-release: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + + - name: Setup Go + uses: actions/setup-go@v4 + with: + go-version: 1.21.x + + - name: Verify release + run: | + scripts/release.sh verify + + - name: Notify Slack on Failure + uses: slackapi/slack-github-action@v1.25.0 + if: failure() + with: + payload: | + { + "attachments": [ + { + "color": "#E92020", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "@oncall-growth-eng! There has been a failure that needs your attention. :rotating_light:\n*GitHub Workflow Failure*\nlw-scanner-action/verify-release\n*Workflow Run*\n https://github.com/lacework/go-sdk/actions/runs/${{ github.run_id }}" + } + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_GROWTH_ENG_ALERTS }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK