release #67

Workflow file for this run

.github/workflows/release.yml at b681011

	name: release

	on:
	push:
	tags:
	- '*'
	branches:
	- 'snapshot/**'

	jobs:
	publish_docker:
	if: startsWith(github.ref, 'refs/tags/') \|\| startsWith(github.ref, 'refs/heads/snapshot')
	runs-on: ubuntu-latest
	strategy:
	matrix:
	app:
	- pubsub
	- kinesis
	- kafka
	- nsq
	include:
	- app: kinesis
	run_snyk: ${{ !contains(github.ref, 'rc') }}
	- app: pubsub
	run_snyk: ${{ !contains(github.ref, 'rc') }}
	- app: kafka
	run_snyk: ${{ !contains(github.ref, 'rc') }}
	- app: nsq
	run_snyk: ${{ !contains(github.ref, 'rc') }}
	steps:
	- uses: actions/checkout@v2
	if: startsWith(github.ref, 'refs/tags/')
	- name: Checkout with history for version info
	uses: actions/checkout@v2
	if: startsWith(github.ref, 'refs/heads/snapshot')
	with:
	fetch-depth: 0
	- uses: coursier/cache-action@v6
	- name: Set up JDK 11
	uses: actions/setup-java@v1
	with:
	java-version: 11
	- name: Docker login
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	- name: Get current version
	if: startsWith(github.ref, 'refs/tags/')
	id: ver
	run: echo "::set-output name=tag::${GITHUB_REF#refs/tags/}"
	- name: Get current version (snapshot)
	if: startsWith(github.ref, 'refs/heads/snapshot')
	id: ver-snapshot
	run: \|
	export SNAPSHOT_VERSION=$(sbt common/version -Dsbt.log.noformat=true \| grep 'SNAPSHOT' \| awk '{ print $2 }')
	echo "::set-output name=tag::$SNAPSHOT_VERSION"
	- name: Get app package name
	id: packageName
	run: \|
	export PACKAGE_NAME=$(sbt "project ${{ matrix.app }}" dockerAlias -Dsbt.log.noformat=true \| sed -n '/\[info\]/ s/\[info\] //p' \| tail -1 \| tr -d '\n' \| cut -d":" -f1)
	echo "::set-output name=package_name::$PACKAGE_NAME"
	- name: Get app base directory
	id: baseDirectory
	run: \|
	export BASE_DIRECTORY=$(sbt "project ${{ matrix.app }}" baseDirectory -Dsbt.log.noformat=true \| sed -n '/\[info\]/ s/\[info\] //p' \| tail -1 \| tr -d '\n')
	echo "::set-output name=directory::$BASE_DIRECTORY"
	- name: Get app base directory (distroless)
	id: baseDirectoryDistroless
	run: \|
	export BASE_DIRECTORY_DISTROLESS=$(sbt "project ${{ matrix.app }}Distroless" baseDirectory -Dsbt.log.noformat=true \| sed -n '/\[info\]/ s/\[info\] //p' \| tail -1 \| tr -d '\n')
	echo "::set-output name=directory::$BASE_DIRECTORY_DISTROLESS"
	- name: Stage the Docker build
	run: sbt "project ${{ matrix.app }}" docker:stage
	- name: Stage the Docker distroless build
	run: sbt "project ${{ matrix.app }}Distroless" docker:stage
	- name: Docker metadata
	id: meta
	uses: docker/metadata-action@v3
	with:
	images: ${{ steps.packageName.outputs.package_name }}
	tags: \|
	type=raw,value=latest,enable=${{ !contains(steps.ver.outputs.tag, 'rc') && !contains(steps.ver-snapshot.outputs.tag, 'SNAPSHOT' )}}
	type=raw,value=latest-focal,enable=${{ !contains(steps.ver.outputs.tag, 'rc') && !contains(steps.ver-snapshot.outputs.tag, 'SNAPSHOT' )}}
	type=raw,value=${{ steps.ver.outputs.tag }},enable=${{ !contains(steps.ver.outputs.tag, 'SNAPSHOT') && steps.ver.outputs.tag != '' }}
	type=raw,value=${{ steps.ver.outputs.tag }}-focal,enable=${{ !contains(steps.ver.outputs.tag, 'SNAPSHOT') && steps.ver.outputs.tag != '' }}
	type=raw,value=${{ steps.ver-snapshot.outputs.tag }},enable=${{ contains(steps.ver-snapshot.outputs.tag, 'SNAPSHOT') }}
	type=raw,value=${{ steps.ver-snapshot.outputs.tag }}-focal,enable=${{ contains(steps.ver-snapshot.outputs.tag, 'SNAPSHOT') }}
	flavor: \|
	latest=false
	- name: Docker metadata distroless
	id: distroless-meta
	uses: docker/metadata-action@v3
	with:
	images: ${{ steps.packageName.outputs.package_name }}
	tags: \|
	type=raw,value=latest-distroless,enable=${{ !contains(steps.ver.outputs.tag, 'rc') && !contains(steps.ver-snapshot.outputs.tag, 'SNAPSHOT' )}}
	type=raw,value=${{ steps.ver.outputs.tag }}-distroless,enable=${{ !contains(steps.ver.outputs.tag, 'SNAPSHOT') && steps.ver.outputs.tag != '' }}
	type=raw,value=${{ steps.ver-snapshot.outputs.tag }}-distroless,enable=${{ contains(steps.ver-snapshot.outputs.tag, 'SNAPSHOT') }}
	flavor: \|
	latest=false
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v1
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	- name: Push image
	uses: docker/build-push-action@v2
	with:
	context: ${{ steps.baseDirectory.outputs.directory }}/target/docker/stage
	file: ${{ steps.baseDirectory.outputs.directory }}/target/docker/stage/Dockerfile
	platforms: linux/amd64,linux/arm64/v8
	tags: ${{ steps.meta.outputs.tags }}
	push: true
	- name: Push distroless image
	uses: docker/build-push-action@v2
	with:
	context: ${{ steps.baseDirectoryDistroless.outputs.directory }}/target/docker/stage
	file: ${{ steps.baseDirectoryDistroless.outputs.directory }}/target/docker/stage/Dockerfile
	platforms: linux/amd64,linux/arm64/v8
	tags: ${{ steps.distroless-meta.outputs.tags }}
	push: true
	- name: Build local distroless image, which is needed to run Snyk
	if: matrix.run_snyk
	run: sbt "project ${{ matrix.app }}Distroless" docker:publishLocal
	- name: Run Snyk to check for vulnerabilities
	uses: snyk/actions/docker@master
	if: matrix.run_snyk
	with:
	image: "${{ steps.packageName.outputs.package_name }}:${{ steps.ver.outputs.tag }}-distroless"
	args: "--app-vulns --org=data-processing-new"
	command: monitor
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	publish_sce:
	if: startsWith(github.ref, 'refs/tags/')
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	- uses: coursier/cache-action@v6
	- name: Set up JDK 11
	uses: actions/setup-java@v1
	with:
	java-version: 11
	- name: Deploy SCE on Maven Central
	run: sbt "project common" ci-release
	env:
	PGP_PASSPHRASE: ${{ secrets.SONA_PGP_PASSPHRASE }}
	PGP_SECRET: ${{ secrets.SONA_PGP_SECRET }}
	SONATYPE_USERNAME: ${{ secrets.SONA_USER }}
	SONATYPE_PASSWORD: ${{ secrets.SONA_PASS }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

release #67

Workflow file

release #67

Jobs

Run details

Workflow file for this run