Build & Release Providers #1169

Workflow file for this run

.github/workflows/providers.yaml at 914af9a

	name: 'Build & Release Providers'

	on:
	push:
	branches: ['main']
	paths: ['providers/**']
	workflow_dispatch:
	inputs:
	build_all:
	description: 'Force build all providers'
	type: boolean
	required: false
	default: false
	skip_publish:
	description: 'Skip publishing'
	type: boolean
	required: false
	default: false


	env:
	BUCKET: releases-us.mondoo.io
	SKIP_PROVIDERS: "core"

	jobs:
	scoping:
	name: "Scoping"
	runs-on: ubuntu-latest
	timeout-minutes: 10
	outputs:
	providers: ${{ steps.providers.outputs.providers }}
	build_list: ${{ steps.providers.outputs.build_list }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Detect providers
	id: providers
	run: \|
	providers=$(find providers -mindepth 1 -maxdepth 1 -type d -exec basename {} \;)
	echo "providers=$(echo -n $providers \| jq -Rsc 'split(" ")')" >> $GITHUB_OUTPUT
	build=""
	root=$PWD
	for p in $providers; do
	skip=0
	for s in $SKIP_PROVIDERS; do
	if [[ $p == $s ]]; then
	skip=1
	fi
	done
	if [[ $skip == 1 ]]; then
	echo "$p is on the skip list. Skipping."
	continue
	fi
	cd providers/$p
	REPO_VERSION=$(grep Version: config/config.go \| cut -f2 -d\")
	STATUS_CODE=$(curl -s -o /dev/null -I -w "%{http_code}" https://releases.mondoo.com/providers/${p}/latest.json)
	if [ "$STATUS_CODE" -eq "404" ]; then
	DIST_VERSION="unreleased"
	else
	DIST_VERSION=$(curl -s https://releases.mondoo.com/providers/${p}/latest.json \| jq -r .version)
	fi
	printf "PROVIDER $p:\n Local version: $REPO_VERSION\n Remote version: $DIST_VERSION\n"
	if [[ $REPO_VERSION != $DIST_VERSION ]]; then
	echo " Adding $p to build list"
	build="$build $p"
	else
	echo " Skipping: Provider version unchanged."
	fi
	cd $root
	done

	echo "build_list=$(echo -n $build \| jq -Rsc 'split(" ")')" >> $GITHUB_OUTPUT

	build_all=${{ github.event.inputs.build_all }}
	if [[ $build_all == true ]]; then
	echo "=== BUILD OF ALL PROVIDERS FORCED ==="
	printf '%s\n' "${providers[@]}" \| jq -R . \| jq -sc . > providers.json
	echo "build_list=$(cat providers.json)" >> $GITHUB_OUTPUT
	fi
	- name: Build List
	run: \|
	echo "=== Providers detected:"
	echo ${{ steps.providers.outputs.providers }}

	echo "=== Providers select to build:"
	echo ${{ steps.providers.outputs.build_list }}

	provider-build:
	name: "${{ matrix.provider }}"
	runs-on: self-hosted
	timeout-minutes: 120
	needs: scoping
	if: ${{ needs.scoping.outputs.build_list != '[]' }}
	strategy:
	fail-fast: false
	max-parallel: 2
	matrix:
	provider: ${{ fromJSON(needs.scoping.outputs.build_list) }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Import environment variables from file
	run: cat ".github/env" >> $GITHUB_ENV

	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: ">=${{ env.golang-version }}"
	cache: false

	- name: 'Authenticate to Google Cloud'
	uses: 'google-github-actions/auth@v2'
	with:
	credentials_json: ${{ secrets.GCP_RELEASE_SERVICE_ACCOUNT}}

	- name: 'Set up gcloud CLI'
	uses: 'google-github-actions/setup-gcloud@v2'

	- name: Set DigiCert Signing Variables
	shell: bash
	run: \|
	echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" \| base64 --decode > Certificate_pkcs12.p12
	echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
	echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
	echo "SM_CLIENT_CERT_FILE=`realpath Certificate_pkcs12.p12`" >> "$GITHUB_ENV"
	echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
	echo "SM_CODE_SIGNING_CERT_SHA1_HASH=${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}" >> "$GITHUB_ENV"


	# - name: Install jSign (Windows Signing Tool) -- Required for public runners
	# run: \|
	# curl -LO https://github.com/ebourg/jsign/releases/download/5.0/jsign_5.0_all.deb
	# sudo dpkg -i ./jsign_5.0_all.deb

	- name: 'Build dependencies'
	run: \|
	make providers/proto
	go build -o lr ./providers-sdk/v1/lr/cli/main.go

	- name: 'Build Provider'
	id: build-providers
	run: \|
	rm -rf ./dist
	scripts/provider_bundler.sh ${{ matrix.provider }}

	- name: 'Publish Provider'
	if: ${{ ! inputs.skip_publish }}
	run: \|
	for pkg in $(ls dist \| cut -f1,2 -d_ \| uniq); do
	PROVIDER=$(echo $pkg \| cut -f1 -d_)
	VERSION=$(echo $pkg \| cut -f2 -d_)
	echo "Publishing $pkg: $PROVIDER $VERSION"

	echo "Publishing $pkg to gs://${BUCKET}/providers/${PROVIDER}/${VERSION}/"
	gsutil -m cp -c dist/${pkg}*.xz gs://${BUCKET}/providers/${PROVIDER}/${VERSION}/
	gsutil -m cp -c dist/${pkg}_SHA256SUMS gs://${BUCKET}/providers/${PROVIDER}/${VERSION}/
	done

	- name: 'Save Artifacts'
	if: ${{ inputs.skip_publish }}
	uses: actions/upload-artifact@v4
	with:
	name: ${{ matrix.provider }}
	path: dist

	- uses: sarisia/actions-status-discord@v1
	if: ${{ steps.build-providers.outcome != 'success' }}
	with:
	webhook: ${{ secrets.DISCORD_WEBHOOK }}
	status: ${{ steps.build-providers.outcome }}
	url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
	description: Workflow ${{ github.workflow }} for commit ${{ github.sha }} on ${{ github.ref_name }} failed
	color: 0xff4d4d

	provider-index:
	needs: [provider-build, scoping]
	runs-on: ubuntu-latest
	if: ${{ ! inputs.skip_publish }}
	steps:
	- name: Trigger Reindex of releases.mondoo.com
	uses: peter-evans/repository-dispatch@v3
	with:
	token: ${{ secrets.RELEASR_ACTION_TOKEN }}
	repository: "mondoohq/releasr"
	event-type: reindex
	client-payload: '{ }'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build & Release Providers #1169

Workflow file

Build & Release Providers #1169

Jobs

Run details

Workflow file for this run