diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index d959b24..0000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: Build - -on: { push: { branches-ignore: [main, production] } } - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - build-binary: - name: 👷 Build binary - runs-on: ubuntu-latest - container: golang:1.20 - - steps: - - name: Check out repository code - uses: actions/checkout@v4 - - - name: Mark source directory as safe. - run: git config --global --add safe.directory $GITHUB_WORKSPACE - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: "linux/amd64,linux/arm64" - - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - with: - args: release --snapshot - env: - BUGSNAG_API_KEY: "REAL_KEY_NOT_NEEDED_HERE" - REPOSITORY_URL: "ghcr.io/spacelift-io/vcs-agent" diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml index f52e343..d2ad47e 100644 --- a/.github/workflows/deployment.yml +++ b/.github/workflows/deployment.yml @@ -1,4 +1,4 @@ -name: Publish +name: Build & Publish on: [push] diff --git a/.github/workflows/goreleaser/action.yml b/.github/workflows/goreleaser/action.yml new file mode 100644 index 0000000..84b6c64 --- /dev/null +++ b/.github/workflows/goreleaser/action.yml @@ -0,0 +1,50 @@ +name: Run GoReleaser +description: Sets up the proper Go version, Docker Buildx, QEMU, and runs GoReleaser + +inputs: + snapshot: + description: Whether to create a snapshot release or real one + default: "true" + bugsnag_api_key: + description: The Bugsnag API key + default: "NOT_SET" + repository_url: + description: The repository URL that GoReleaser will use to create the Docker images + required: true + github_token: + description: The GitHub token + required: false + disable_github_release: + description: Whether to disable publishing the GitHub release + default: "true" + +runs: + using: composite + steps: + - name: Setup Go + uses: actions/setup-go@v4 + with: { go-version: "1.20" } + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: "linux/amd64,linux/arm64" + + - name: Run GoReleaser + id: goreleaser + uses: goreleaser/goreleaser-action@v5 + with: + args: release --snapshot=${{ inputs.snapshot }} + env: + BUGSNAG_API_KEY: ${{ inputs.bugsnag_api_key }} + REPOSITORY_URL: ${{ inputs.repository_url }} + GITHUB_TOKEN: ${{ inputs.github_token }} + DISABLE_GITHUB_RELEASE: ${{ inputs.DISABLE_GITHUB_RELEASE }} + +outputs: + metadata: + description: The release metadata of GoReleaser + value: ${{ steps.goreleaser.outputs.metadata }} diff --git a/.github/workflows/publish/action.yml b/.github/workflows/publish/action.yml index 78e5e27..cccbfc7 100644 --- a/.github/workflows/publish/action.yml +++ b/.github/workflows/publish/action.yml @@ -33,9 +33,14 @@ inputs: runs: using: composite steps: - - name: Setup Go - uses: actions/setup-go@v4 - with: { go-version: "1.20" } + - name: Run GoReleaser + uses: ./.github/workflows/goreleaser + with: + snapshot: ${{ github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/tags/') }} + bugsnag_api_key: ${{ inputs.bugsnag_api_key }} + repository_url: ${{ inputs.ecr_repository_url }} + github_token: ${{ inputs.github_token }} + disable_github_release: ${{ !startsWith(github.ref, 'refs/tags/') }} - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 @@ -49,23 +54,6 @@ runs: if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }} shell: bash run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: linux/amd64,linux/arm64 - - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 - with: - args: release --snapshot=${{ !startsWith(github.ref, 'refs/tags/') }} - env: - BUGSNAG_API_KEY: ${{ inputs.bugsnag_api_key }} - GITHUB_TOKEN: ${{ inputs.github_token }} - REPOSITORY_URL: ${{ inputs.ecr_repository_url }} - name: Import the PGP key shell: bash diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 60e7fc7..7423541 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -29,7 +29,6 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1 - gosec: name: 👮‍♀️ GoSec runs-on: ubuntu-latest diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 8337ec6..36f1d0d 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -20,28 +20,12 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - with: { fetch-depth: 0 } - - - name: Setup Go - uses: actions/setup-go@v4 - with: { go-version: "1.20" } - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: "linux/amd64,linux/arm64" - name: Run GoReleaser + uses: ./.github/workflows/goreleaser id: goreleaser - uses: goreleaser/goreleaser-action@v5 with: - args: release --snapshot - env: - BUGSNAG_API_KEY: "REAL_KEY_NOT_NEEDED_HERE" - REPOSITORY_URL: "ghcr.io/spacelift-io/vcs-agent" + repository_url: "ghcr.io/spacelift-io/vcs-agent" - name: Run Trivy vulnerability scanner (amd64) uses: aquasecurity/trivy-action@master diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 5d9024e..2d01383 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -2,7 +2,6 @@ project_name: spacelift-vcs-agent builds: - main: ./cmd/spacelift-vcs-agent - binary: spacelift-vcs-agent env: [CGO_ENABLED=0] goos: [windows, linux, darwin] goarch: [amd64, arm64] @@ -14,6 +13,9 @@ builds: changelog: use: github-native +release: + disable: "{{ .Env.DISABLE_GITHUB_RELEASE }}" + archives: - format: zip name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"