Skip to content

feat: iac style updates (#673) #605

feat: iac style updates (#673)

feat: iac style updates (#673) #605

Workflow file for this run

# Copyright 2022 Snyk Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Release
on:
workflow_dispatch:
push:
branches:
- "main"
# Grant an OIDC token which we can exchange for an AWS IAM role
permissions:
id-token: write
contents: write
jobs:
release:
name: goreleaser
runs-on: ubuntu-latest
steps:
- name: Prepare git
run: git config --global core.autocrlf false
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # does an unshallow checkout with tags & branches
# this step can be removed if setup-go will support reading go-version from go.mod
- name: Determine Go version
run: |
sed -En 's/^go[[:space:]]+([[:digit:].]+)$/GO_VERSION=\1/p' go.mod >> $GITHUB_ENV
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: "true"
- name: Cache Pact CLI tools
id: cache-pact
uses: actions/cache@v4
with:
path: ~/pact
key: ${{ runner.os }}-pact
- name: Set up Pact CLI tools
shell: bash
if: steps.cache-pact.outputs.cache-hit != 'true'
run: |
make tools
- name: Lint source code
run: |
make tools lint
- name: Set up Snyk CLI # Tests need it
uses: snyk/actions/setup@master
- name: Run tests
env:
DEEPROXY_API_URL: ${{secrets.DEEPROXY_API_URL}}
SNYK_TOKEN: ${{secrets.SNYK_TOKEN }}
run: |
export PATH=$PATH:~/pact/bin
# this is required to be able to test the clipboard
export DISPLAY=:99
sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &
sudo apt-get install -y xsel xclip wl-clipboard
make clean test
- name: Run integration and smoke tests
env:
DEEPROXY_API_URL: ${{secrets.DEEPROXY_API_URL}}
SNYK_TOKEN: ${{secrets.SNYK_TOKEN }}
SNYK_TOKEN_CONSISTENT_IGNORES: ${{secrets.SNYK_TOKEN_CONSISTENT_IGNORES }}
INTEG_TESTS: "true"
SMOKE_TESTS: "true"
run: |
export PATH=$PATH:~/pact/bin
# this is required to be able to test the clipboard
export DISPLAY=:99
sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &
sudo apt-get install -y xsel xclip wl-clipboard
make clean test
- name: Set up Git actions user
uses: fregante/setup-git-user@v2
- name: Create Release Tag
run: |
VERSION=$(git show -s --format=%cd --date=format:%Y%m%d.%H%M%S)
git tag "v$VERSION"
git push --tags
- name: Create License Report
id: create_license_report
run: |
go install github.com/google/go-licenses@latest
LICENSES=$(go-licenses report . --ignore github.com/snyk/snyk-ls)
echo 'LICENSES<<EOF' >> $GITHUB_OUTPUT
echo $LICENSES >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
echo $LICENSES
- name: Build binaries and github release
uses: goreleaser/goreleaser-action@v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_S3_BUCKET_NAME: ${{ secrets.AWS_S3_BUCKET_NAME }}
LICENSES: ${{ steps.create_license_report.outputs.LICENSES }}
with:
version: "~> v2"
args: release --clean
- name: Output compiled licenses
run: |
chmod +x build/snyk-ls_linux_amd64_v1/snyk-ls
build/snyk-ls_linux_amd64_v1/snyk-ls -licenses
- name: Login to AWS
run: |
.github/setup_aws_credentials.py \
--role-arn "arn:aws:iam::198361731867:role/Snyk-Assets-WriteOnly" \
--region "${{ secrets.AWS_REGION }}"
- name: Upload binaries to static.snyk.io
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_S3_BUCKET_NAME: ${{ secrets.AWS_S3_BUCKET_NAME }}
run: |
.github/upload-to-s3.sh
- uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.TEAM_IDE_USER_SSH }}
- name: Create PR in CLI to integrate LS
env:
GH_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }}
GITHUB_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }}
PUB_SIGNING_KEY: ${{ secrets.TEAM_IDE_USER_SSH_PUB }}
run: |
.github/create-cli-pr.sh