From bfc23e5c01e36536a7aec57b060008256d4bda19 Mon Sep 17 00:00:00 2001 From: Pengyuan Zhao Date: Mon, 26 Feb 2024 14:05:26 -0500 Subject: [PATCH 1/2] ci: migrate Codefresh pipeline to Github Actions --- .github/workflows/prepare-release.yml | 49 +++++++++++++ .github/workflows/release.yml | 74 ++++++++++++++++++++ .github/workflows/trigger-release.yml | 51 ++++++++++++++ .github/workflows/update-scanner-version.yml | 54 ++++++++++++++ .github/workflows/verify-release.yml | 50 +++++++++++++ 5 files changed, 278 insertions(+) create mode 100644 .github/workflows/prepare-release.yml create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/trigger-release.yml create mode 100644 .github/workflows/update-scanner-version.yml create mode 100644 .github/workflows/verify-release.yml diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml new file mode 100644 index 0000000..01761ae --- /dev/null +++ b/.github/workflows/prepare-release.yml @@ -0,0 +1,49 @@ +name: Prepare Release + +on: + workflow_dispatch: + +jobs: + prepare-release: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: main + fetch-depth: 0 + + - name: Prepare release + env: + GPG_SECRET_KEY: ${{ secrets.GPG_SECRET_KEY }} + GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} + GITHUB_TOKEN: ${{ secrets.TOKEN }} + CI: true + run: | + echo "$GPG_SECRET_KEY" | base64 --decode | gpg --import --no-tty --batch --yes + scripts/release.sh prepare + + - name: Notify Slack on Failure + uses: slackapi/slack-github-action@v1.25.0 + if: failure() + with: + payload: | + { + "attachments": [ + { + "color": "#E92020", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "@oncall-growth-eng! There has been a failure that needs your attention. :rotating_light:\n*GitHub Workflow Failure*\nlw-scanner-action/prepare-release\n*Workflow Run*\n https://github.com/lacework/go-sdk/actions/runs/${{ github.run_id }}" + } + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_GROWTH_ENG_ALERTS }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..05ef360 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,74 @@ +name: Release + +on: + workflow_dispatch: + push: + tags: + - 'v*' + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Notify Slack on Release + uses: slackapi/slack-github-action@v1.25.0 + with: + payload: | + { + "attachments": [ + { + "color": "#E92020", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Releasing the lw-scanner Github Action" + } + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_GROWTH_ENG_ALERTS }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + + - name: Create Release + env: + GPG_SECRET_KEY: ${{ secrets.GPG_SECRET_KEY }} + GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} + GITHUB_TOKEN: ${{ secrets.TOKEN }} + run: | + echo "$GPG_SECRET_KEY" | base64 --decode | gpg --import --no-tty --batch --yes + scripts/release.sh publish + + - name: Notify Slack on Failure + uses: slackapi/slack-github-action@v1.25.0 + if: failure() + with: + payload: | + { + "attachments": [ + { + "color": "#E92020", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "@oncall-growth-eng! There has been a failure that needs your attention. :rotating_light:\n*GitHub Workflow Failure*\nlw-scanner-action/release\n*Workflow Run*\n https://github.com/lacework/go-sdk/actions/runs/${{ github.run_id }}" + } + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_GROWTH_ENG_ALERTS }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/trigger-release.yml b/.github/workflows/trigger-release.yml new file mode 100644 index 0000000..ec704f8 --- /dev/null +++ b/.github/workflows/trigger-release.yml @@ -0,0 +1,51 @@ +name: Trigger Release + +on: + workflow_dispatch: + push: + branches: + - main + +jobs: + trigger-release: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: main + token: ${{ secrets.TOKEN }} + + - name: Trigger release + env: + GPG_SECRET_KEY: ${{ secrets.GPG_SECRET_KEY }} + GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} + CI: true + run: | + echo "$GPG_SECRET_KEY" | base64 --decode | gpg --import --no-tty --batch --yes + scripts/release.sh trigger + + - name: Notify Slack on Failure + uses: slackapi/slack-github-action@v1.25.0 + if: failure() + with: + payload: | + { + "attachments": [ + { + "color": "#E92020", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "@oncall-growth-eng! There has been a failure that needs your attention. :rotating_light:\n*GitHub Workflow Failure*\nlw-scanner-action/trigger-release\n*Workflow Run*\n https://github.com/lacework/go-sdk/actions/runs/${{ github.run_id }}" + } + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_GROWTH_ENG_ALERTS }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/update-scanner-version.yml b/.github/workflows/update-scanner-version.yml new file mode 100644 index 0000000..b5bfb7f --- /dev/null +++ b/.github/workflows/update-scanner-version.yml @@ -0,0 +1,54 @@ +name: Update Docker Container Version + +on: + workflow_dispatch: + inputs: + scanner_version: + description: New lw-scanner version + required: true + type: string + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + + - name: Update Scanner Version + env: + GPG_SECRET_KEY: ${{ secrets.GPG_SECRET_KEY }} + GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} + GITHUB_TOKEN: ${{ secrets.TOKEN }} + run: | + echo "$GPG_SECRET_KEY" | base64 --decode | gpg --import --no-tty --batch --yes + export SCANNER_VERSION=${{inputs.scanner_version}} + echo Version passed to script= $SCANNER_VERSION + scripts/version-bump.sh $SCANNER_VERSION + + - name: Notify Slack on Failure + uses: slackapi/slack-github-action@v1.25.0 + if: failure() + with: + payload: | + { + "attachments": [ + { + "color": "#E92020", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "@oncall-growth-eng! There has been a failure that needs your attention. :rotating_light:\n*GitHub Workflow Failure*\nlw-scanner-action/release\n*Workflow Run*\n https://github.com/lacework/go-sdk/actions/runs/${{ github.run_id }}" + } + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_GROWTH_ENG_ALERTS }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml new file mode 100644 index 0000000..98cff37 --- /dev/null +++ b/.github/workflows/verify-release.yml @@ -0,0 +1,50 @@ +name: Verify Release + +on: + workflow_dispatch: + push: + branches: + - release + +jobs: + verify-release: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + + - name: Setup Go + uses: actions/setup-go@v4 + with: + go-version: 1.21.x + + - name: Verify release + run: | + scripts/release.sh verify + + - name: Notify Slack on Failure + uses: slackapi/slack-github-action@v1.25.0 + if: failure() + with: + payload: | + { + "attachments": [ + { + "color": "#E92020", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "@oncall-growth-eng! There has been a failure that needs your attention. :rotating_light:\n*GitHub Workflow Failure*\nlw-scanner-action/verify-release\n*Workflow Run*\n https://github.com/lacework/go-sdk/actions/runs/${{ github.run_id }}" + } + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_GROWTH_ENG_ALERTS }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK From 4bf235274b87ea7b015897356682710c6c98009f Mon Sep 17 00:00:00 2001 From: Pengyuan Zhao Date: Tue, 27 Feb 2024 17:46:40 -0500 Subject: [PATCH 2/2] ci: remove unused workflow_dispatch --- .github/workflows/release.yml | 1 - .github/workflows/trigger-release.yml | 1 - .github/workflows/verify-release.yml | 1 - 3 files changed, 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 05ef360..4eb97e4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,7 +1,6 @@ name: Release on: - workflow_dispatch: push: tags: - 'v*' diff --git a/.github/workflows/trigger-release.yml b/.github/workflows/trigger-release.yml index ec704f8..884fcf5 100644 --- a/.github/workflows/trigger-release.yml +++ b/.github/workflows/trigger-release.yml @@ -1,7 +1,6 @@ name: Trigger Release on: - workflow_dispatch: push: branches: - main diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml index 98cff37..5f72728 100644 --- a/.github/workflows/verify-release.yml +++ b/.github/workflows/verify-release.yml @@ -1,7 +1,6 @@ name: Verify Release on: - workflow_dispatch: push: branches: - release