Automated update to primary components #982
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: "CI" | |
on: # yamllint disable-line rule:truthy | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
env: | |
python_version: "3.11" | |
defaults: | |
run: | |
shell: 'bash --noprofile --norc -Eeuo pipefail {0}' | |
jobs: | |
test: | |
name: Test | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- linux/amd64 | |
- linux/arm64 | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.python_version }} | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.local/share/virtualenvs | |
key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }} | |
- name: Install Task | |
uses: arduino/setup-task@v2 | |
- name: Initialize the repo | |
run: task -v init | |
- name: Set up QEMU for cross-platform emulation | |
uses: docker/setup-qemu-action@v3 | |
- name: Build the goat | |
run: task -v build | |
env: | |
PLATFORM: ${{ matrix.platform }} | |
- name: Run the tests | |
run: task -v test -- debug | |
env: | |
PLATFORM: ${{ matrix.platform }} | |
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Generate the SBOMs | |
run: task -v sbom | |
env: | |
PLATFORM: ${{ matrix.platform }} | |
- name: Set env var for unique artifact uploads | |
run: echo SANITIZED_PLATFORM="$(echo "${{ matrix.platform }}" | sed 's/\//_/g')" >> $GITHUB_ENV | |
- name: Upload the SBOMs to GitHub | |
uses: actions/upload-artifact@v4 | |
with: | |
name: SBOM-${{ env.SANITIZED_PLATFORM }} | |
path: sbom.*.json | |
if-no-files-found: error | |
- name: Generate vuln scan results | |
run: task -v vulnscan | |
env: | |
PLATFORM: ${{ matrix.platform }} | |
- name: Upload the vuln scan results to GitHub | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Vulns-${{ env.SANITIZED_PLATFORM }} | |
path: vulns.*.json | |
if-no-files-found: error | |
distribute: | |
name: Distribute | |
needs: [test] | |
if: "${{ github.event_name == 'push' && !startsWith(github.event.head_commit.message, 'Bump version: 2') }}" | |
permissions: | |
contents: write | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.SEISO_AUTOMATION_PAT }} | |
fetch-depth: 0 | |
- name: Setup python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.python_version }} | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.local/share/virtualenvs | |
key: ${{ runner.os }}-python-${{ env.python_version }}-pipenv-${{ hashFiles('Pipfile.lock') }} | |
- name: Install Task | |
uses: arduino/setup-task@v2 | |
- name: Initialize the repo | |
run: task -v init | |
- name: Update and bump the version | |
run: | | |
task -v release | |
TAG="$(git describe --tags)" | |
echo "TAG=${TAG}" >> "${GITHUB_ENV}" | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Set up QEMU for cross-platform emulation | |
uses: docker/setup-qemu-action@v3 | |
- name: Build and publish all the supported images to Docker Hub | |
run: task -v publish | |
env: | |
PLATFORM: all | |
- name: Generate the SBOMs | |
run: task -v sbom | |
env: | |
PLATFORM: all | |
- name: Set env var for unique artifact uploads | |
run: echo SANITIZED_PLATFORM="$(echo "${{ matrix.platform }}" | sed 's/\//_/g')" >> $GITHUB_ENV | |
- name: Upload the SBOMs to GitHub | |
uses: actions/upload-artifact@v4 | |
with: | |
name: SBOM-${{ env.SANITIZED_PLATFORM }} | |
path: sbom.*.json | |
if-no-files-found: error | |
- name: Generate vuln scan results | |
run: task -v vulnscan | |
env: | |
PLATFORM: all | |
- name: Upload the vuln scan results to GitHub | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Vulns-${{ env.SANITIZED_PLATFORM }} | |
path: vulns.*.json | |
if-no-files-found: error | |
- name: Publish the release README to Docker Hub | |
uses: peter-evans/dockerhub-description@v4 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
repository: seiso/goat | |
short-description: Seiso's Grand Opinionated AutoTester (GOAT) | |
- name: Push the release commit | |
run: | | |
BRANCH="$(git branch --show-current)" | |
git push --atomic origin "${BRANCH}" "${{ env.TAG }}" | |
- name: Publish the release to GitHub | |
uses: softprops/action-gh-release@v2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
name: ${{ env.TAG }} | |
tag_name: ${{ env.TAG }} | |
generate_release_notes: true | |
files: | | |
vulns.*.json | |
sbom.*.json | |
draft: false | |
prerelease: false |