AST Cli Release #336
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: AST Cli Release | |
| on: | |
| workflow_call: | |
| inputs: | |
| tag: | |
| description: 'Next release tag' | |
| required: true | |
| type: string | |
| dev: | |
| description: 'Is dev build' | |
| required: false | |
| default: true | |
| type: boolean | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Next release tag' | |
| required: true | |
| type: string | |
| dev: | |
| description: 'Is dev build' | |
| required: false | |
| default: true | |
| type: boolean | |
| permissions: | |
| id-token: write | |
| contents: write | |
| jobs: | |
| build: | |
| runs-on: macos-latest | |
| env: | |
| AC_PASSWORD: ${{ secrets.AC_PASSWORD }} | |
| APPLE_DEVELOPER_CERTIFICATE_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }} | |
| APPLE_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version-file: go.mod | |
| - name: Import Code-Signing Certificates | |
| uses: Apple-Actions/import-codesign-certs@253ddeeac23f2bdad1646faac5c8c2832e800071 #v1 | |
| with: | |
| # The certificates in a PKCS12 file encoded as a base64 string | |
| p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }} | |
| # The password used to import the PKCS12 file. | |
| p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }} | |
| - name: Updating and upgrading brew | |
| run: | | |
| git config --global pack.windowMemory "100m" | |
| git config --global pack.SizeLimit "100m" | |
| git config --global pack.threads "1" | |
| git config --global pack.window "0" | |
| /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" | |
| brew --version | |
| - name: Install gon | |
| run: | | |
| brew install Bearer/tap/gon | |
| - name: Install Docker | |
| if: inputs.dev == false | |
| run: | | |
| # Install Docker CLI using Homebrew | |
| brew install docker | |
| - name: Start Docker engine daemon | |
| if: inputs.dev == false | |
| run: | | |
| # Start Docker engine daemon | |
| dockerd & | |
| - name: Wait for Docker daemon to start | |
| if: inputs.dev == false | |
| run: | | |
| # Wait for Docker daemon to start | |
| sleep 10 | |
| - name: Test Docker | |
| if: inputs.dev == false | |
| run: | | |
| # Test Docker installation | |
| docker version | |
| docker info | |
| - name: Login to Docker Hub | |
| if: inputs.dev == false | |
| uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 #v1 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} | |
| aws-region: ${{ secrets.AWS_ASSUME_ROLE_REGION }} | |
| - name: Tag | |
| run: | | |
| echo ${{ inputs.tag }} | |
| echo "NEXT_VERSION=${{ inputs.tag }}" >> $GITHUB_ENV | |
| tag=${{ inputs.tag }} | |
| message='${{ inputs.tag }}: PR #${{ github.event.pull_request.number }} ${{ github.event.pull_request.title }}' | |
| git config user.name "${GITHUB_ACTOR}" | |
| git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
| git tag -a "${tag}" -m "${message}" | |
| git push origin "${tag}" | |
| - name: Build GoReleaser Args | |
| run: | | |
| args='release --clean --debug' | |
| if [ ${{ inputs.dev }} = true ]; then | |
| args=${args}' --config=".goreleaser-dev.yml"' | |
| fi | |
| echo "GR_ARGS=${args}" >> $GITHUB_ENV | |
| - name: Echo GoReleaser Args | |
| run: echo ${{ env.GR_ARGS }} | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 #v3 | |
| with: | |
| version: v1.18.2 | |
| args: ${{ env.GR_ARGS }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GO_BOT_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} | |
| S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }} | |
| S3_BUCKET_REGION: ${{ secrets.S3_BUCKET_REGION }} | |
| notify: | |
| runs-on: ubuntu-latest | |
| if: inputs.dev == false | |
| needs: build | |
| steps: | |
| - name: Get latest release notes | |
| id: release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| body_release="$(gh api -H "Accept: application/vnd.github.v3+json" /repos/Checkmarx/ast-cli/releases/latest | jq -r '.body' )" | |
| body_release="${body_release//$'\n'/'%0A'}" | |
| echo "::set-output name=body_release::$body_release" | |
| - name: Converts Markdown to HTML | |
| id: convert | |
| uses: lifepal/markdown-to-html@71ed74a56602597c05dd7dd0e561631557158ed5 #v1.1 | |
| with: | |
| text: "${{ steps.release.outputs.body_release }}" | |
| - name: Clean html | |
| id: clean | |
| run: | | |
| clean="$(echo "${{ steps.convert.outputs.html }}" | awk '{gsub(/id=.[a-z]+/,"");print}' | tr -d '\n')" | |
| echo "$clean" | |
| echo "::set-output name=clean::$clean" | |
| - name: Send a Notification | |
| id: notify | |
| uses: thechetantalwar/teams-notify@8a78811f5e8f58cdd204efebd79158006428c46b #v2 | |
| with: | |
| teams_webhook_url: ${{ secrets.TEAMS_WEBHOOK_URI }} | |
| message: "${{ steps.clean.outputs.clean }}" |