AST Cli Release #330
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: AST Cli Release | |
on: | |
workflow_call: | |
inputs: | |
tag: | |
description: 'Next release tag' | |
required: true | |
type: string | |
dev: | |
description: 'Is dev build' | |
required: false | |
default: true | |
type: boolean | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: 'Next release tag' | |
required: true | |
type: string | |
dev: | |
description: 'Is dev build' | |
required: false | |
default: true | |
type: boolean | |
permissions: | |
id-token: write | |
contents: write | |
jobs: | |
build: | |
runs-on: macos-latest | |
env: | |
AC_PASSWORD: ${{ secrets.AC_PASSWORD }} | |
APPLE_DEVELOPER_CERTIFICATE_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }} | |
APPLE_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: go.mod | |
- name: Import Code-Signing Certificates | |
uses: Apple-Actions/import-codesign-certs@253ddeeac23f2bdad1646faac5c8c2832e800071 #v1 | |
with: | |
# The certificates in a PKCS12 file encoded as a base64 string | |
p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }} | |
# The password used to import the PKCS12 file. | |
p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }} | |
- name: Updating and upgrading brew | |
run: | | |
git config --global pack.windowMemory "100m" | |
git config --global pack.SizeLimit "100m" | |
git config --global pack.threads "1" | |
git config --global pack.window "0" | |
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" | |
brew --version | |
- name: Install gon | |
run: | | |
brew install Bearer/tap/gon | |
- name: Install gpg | |
run: | | |
brew install gpg | |
- name: Install and start docker | |
if: inputs.dev == false | |
run: | | |
brew install docker | |
colima start | |
sudo ln -sf $HOME/.colima/default/docker.sock /var/run/docker.sock | |
- name: Test docker | |
if: inputs.dev == false | |
run: | | |
docker version | |
docker info | |
- name: Login to Docker Hub | |
if: inputs.dev == false | |
uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 #v1 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2 | |
with: | |
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} | |
aws-region: ${{ secrets.AWS_ASSUME_ROLE_REGION }} | |
- name: Tag | |
run: | | |
echo ${{ inputs.tag }} | |
echo "NEXT_VERSION=${{ inputs.tag }}" >> $GITHUB_ENV | |
tag=${{ inputs.tag }} | |
message='${{ inputs.tag }}: PR #${{ github.event.pull_request.number }} ${{ github.event.pull_request.title }}' | |
git config user.name "${GITHUB_ACTOR}" | |
git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
git tag -a "${tag}" -m "${message}" | |
git push origin "${tag}" | |
- name: Build GoReleaser Args | |
run: | | |
args='release --clean --debug' | |
if [ ${{ inputs.dev }} = true ]; then | |
args=${args}' --config=".goreleaser-dev.yml"' | |
fi | |
echo "GR_ARGS=${args}" >> $GITHUB_ENV | |
- name: Echo GoReleaser Args | |
run: echo ${{ env.GR_ARGS }} | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 #v3 | |
with: | |
version: v1.18.2 | |
args: ${{ env.GR_ARGS }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GO_BOT_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} | |
S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }} | |
S3_BUCKET_REGION: ${{ secrets.S3_BUCKET_REGION }} | |
notify: | |
runs-on: ubuntu-latest | |
if: inputs.dev == false | |
needs: build | |
steps: | |
- name: Get latest release notes | |
id: release | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
body_release="$(gh api -H "Accept: application/vnd.github.v3+json" /repos/Checkmarx/ast-cli/releases/latest | jq -r '.body' )" | |
body_release="${body_release//$'\n'/'%0A'}" | |
echo "::set-output name=body_release::$body_release" | |
- name: Converts Markdown to HTML | |
id: convert | |
uses: lifepal/markdown-to-html@71ed74a56602597c05dd7dd0e561631557158ed5 #v1.1 | |
with: | |
text: "${{ steps.release.outputs.body_release }}" | |
- name: Clean html | |
id: clean | |
run: | | |
clean="$(echo "${{ steps.convert.outputs.html }}" | awk '{gsub(/id=.[a-z]+/,"");print}' | tr -d '\n')" | |
echo "$clean" | |
echo "::set-output name=clean::$clean" | |
- name: Send a Notification | |
id: notify | |
uses: thechetantalwar/teams-notify@8a78811f5e8f58cdd204efebd79158006428c46b #v2 | |
with: | |
teams_webhook_url: ${{ secrets.TEAMS_WEBHOOK_URI }} | |
message: "${{ steps.clean.outputs.clean }}" |