1.0.4 #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create release # You may choose a different name | |
run-name: ${{ inputs.releaseversion }} # Enumerates entries in the "workflow runs" view | |
on: | |
workflow_dispatch: | |
inputs: | |
releaseversion: | |
description: 'Release version' | |
required: true | |
type: string | |
default: "X.Y.Z" | |
jobs: | |
release: # Arbitrarily chosen | |
name: Release | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
packages: write | |
attestations: write | |
id-token: write | |
steps: | |
- uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ vars.CI_APP_ID }} | |
private-key: ${{ secrets.CI_PRIVATE_KEY }} | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
token: ${{ steps.app-token.outputs.token }} | |
ref: ${{ github.head_ref }} | |
- name: Get GitHub App User ID | |
id: get-user-id | |
run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" | |
env: | |
GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
- name: Configure Git author | |
run: | | |
git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]' | |
git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>' | |
- name: Setup NodeJS | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '20' | |
registry-url: 'https://registry.npmjs.org' | |
- name: Setup Java | |
uses: actions/setup-java@v4 # Does also set up Maven and GPG | |
with: | |
distribution: 'temurin' # As good as any other, see: https://github.com/actions/setup-java#supported-distributions | |
java-version: '21' | |
- name: Package Application | |
run: | | |
npm run clean | |
npm version --no-git-tag-version ${{ github.event.inputs.releaseversion }} | |
npm run build | |
- name: Write version vars | |
run: | | |
BUILD_DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"` | |
BRANCH=${GITHUB_REF_NAME#v} | |
APP_VERSION=$(cat package.json | grep version| head -1 | awk -F: '{ print $2 }' | sed 's/[",]//g') | |
echo Version: $APP_VERSION | |
echo "VERSION=$APP_VERSION" >> $GITHUB_ENV | |
echo "APP_VERSION=$APP_VERSION" >> $GITHUB_ENV | |
echo "BUILD_DATE=$BUILD_DATE" >> $GITHUB_ENV | |
- name: Install Helm | |
uses: azure/setup-helm@v4 | |
- name: Install Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.9' | |
check-latest: true | |
- name: Set up chart-testing | |
uses: helm/[email protected] | |
- name: Set up helm-docs | |
uses: gabe565/setup-helm-docs-action@v1 | |
- name: Run chart-testing (lint) | |
run: ct lint --config .ct.yaml | |
- name: Helm Package | |
run: | | |
# Increment a version string using Semantic Versioning (SemVer) terminology. | |
# Parse command line options. | |
# Source: https://github.com/fmahnke/shell-semver | |
# | |
# usage: increment_version.sh [-Mmp] major.minor.patch | |
increment_version() { | |
while getopts ":Mmp" Option | |
do | |
case $Option in | |
M ) major=true;; | |
m ) minor=true;; | |
p ) patch=true;; | |
* ) patch=true;; | |
esac | |
done | |
# shellcheck disable=SC2004,SC2206 | |
shift $(($OPTIND - 1)) | |
version=$1 | |
# Build array from version string. | |
# shellcheck disable=SC2206 | |
a=( ${version//./ } ) | |
# If version string is missing or has the wrong number of members, show usage message. | |
if [ ${#a[@]} -ne 3 ] | |
then | |
echo "usage: $(basename $0) [-Mmp] major.minor.patch" | |
exit 1 | |
fi | |
# Increment version numbers as requested. | |
if [ -n "$major" ] | |
then | |
((a[0]++)) | |
a[1]=0 | |
a[2]=0 | |
fi | |
if [ -n "$minor" ] | |
then | |
((a[1]++)) | |
a[2]=0 | |
fi | |
if [ -n "$patch" ] | |
then | |
((a[2]++)) | |
fi | |
echo "${a[0]}.${a[1]}.${a[2]}" | |
} | |
export HELM_CHART_DIR=charts/keycloak-reporter | |
chartVersion=$(cat $HELM_CHART_DIR/Chart.yaml | grep "version: " | sed -E -n "s/^version: \s*(.*)$/\1/p") | |
appVersion=$(cat $HELM_CHART_DIR/Chart.yaml | grep "appVersion: " | sed -E -n "s/^appVersion: \s*(.*)$/\1/p") | |
newVersion=$(increment_version -p $chartVersion) | |
sed -i 's/version: '"$chartVersion"'/version: '"$newVersion"'/g' $HELM_CHART_DIR/Chart.yaml | |
sed -i 's/appVersion: '"$appVersion"'/appVersion: '"${{ github.event.inputs.releaseversion }}"'/g' $HELM_CHART_DIR/Chart.yaml | |
helm-docs | |
helm package $HELM_CHART_DIR | |
git add . | |
- name: Run chart-testing (lint) | |
run: ct lint --config .ct.yaml | |
- name: Conventional Changelog Action | |
uses: TriPSs/conventional-changelog-action@v5 | |
with: | |
input-file: CHANGELOG.md | |
github-token: ${{ steps.app-token.outputs.token }} | |
version-file: package.json | |
pre-release: true | |
skip-bump: true | |
skip-tag: true | |
skip-on-empty: true | |
tag-prefix: 'v' | |
- name: Create Release on GH | |
id: tag-and-release | |
uses: avakar/tag-and-release@v1 | |
with: | |
draft: true | |
release_name: ${{ github.event.inputs.releaseversion }} | |
tag_name: v${{ github.event.inputs.releaseversion }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build Container Image | |
id: build-image | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: continuoussecuritytooling/keycloak-reporting-cli | |
tags: 'latest ${{ github.event.inputs.releaseversion }}' | |
containerfiles: | | |
./Dockerfile | |
build-args: | | |
BUILD_DATE=${{ env.BUILD_DATE }} | |
APP_VERSION=${{ github.event.inputs.releaseversion }} | |
- name: Push To Docker Hub | |
id: push-to-dockerhub-preview | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build-image.outputs.image }} | |
tags: 'latest ${{ github.event.inputs.releaseversion }}' | |
registry: registry.hub.docker.com | |
username: continuoussecuritytooling | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Publish npm package | |
run: | | |
npm publish | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} | |
- name: Login to GitHub Container Registry | |
run: | | |
echo ${{ secrets.CT_OCI_GITHUB_TOKEN }} | helm registry login ghcr.io -u $ --password-stdin | |
- name: Push Charts to GHCR | |
run: | | |
shopt -s nullglob | |
for pkg in *.tgz; do | |
if [ -z "${pkg:-}" ]; then | |
break | |
fi | |
helm push "${pkg}" oci://ghcr.io/cloudtooling/helm-charts | |
done |