This repository has been archived by the owner on Aug 7, 2024. It is now read-only.
build-release #54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Builds and pushes server image to prod ECR | |
# Builds client binaries | |
# Runs in reponse to successful integration tests that were triggered by a release only | |
# NB: workflows that run on workflow_run use the workflow file from the main branch | |
name: build-release | |
on: | |
workflow_run: | |
workflows: [integration] | |
types: [completed] | |
jobs: | |
build_server_image: | |
# only run this job if the dependency workflow was a success and was triggered as part of a release | |
if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'release' | |
runs-on: ubuntu-latest | |
environment: prod | |
env: | |
ECR_REPOSITORY: orion-security-engineering/kiss | |
TAG: ${{ github.event.workflow_run.head_branch }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.workflow_run.head_branch }} | |
# using this action makes Docker layer caching easier: | |
# https://www.docker.com/blog/docker-github-actions/ | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Cache Docker layers | |
uses: actions/cache@v2 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-west-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Build and push | |
uses: docker/build-push-action@v2 | |
with: | |
context: ./ | |
file: server/Dockerfile | |
push: true | |
tags: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ env.TAG }} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new | |
builder: ${{ steps.buildx.outputs.name }} | |
# prevent cache from growing too large | |
# https://github.com/docker/build-push-action/issues/252 | |
- name: Move cache | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
build_linux_client: | |
# only run this job if the dependency workflow was a success and was triggered as part of a release | |
if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'release' | |
runs-on: ubuntu-latest | |
env: | |
TAG: ${{ github.event.workflow_run.head_branch }} | |
GOARCH: amd64 | |
GOOS: linux | |
steps: | |
- name: Install Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: 1.16 | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.workflow_run.head_branch }} | |
- uses: actions/cache@v2 | |
with: | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-go- | |
- name: Compile | |
working-directory: ./client/cmd | |
run: | | |
go build -o /tmp/kiss-client-${{ env.GOOS }}-${{ env.GOARCH }} . | |
- name: Release | |
uses: softprops/action-gh-release@v1 | |
with: | |
tag_name: ${{ env.TAG }} | |
files: | | |
/tmp/kiss-client-${{ env.GOOS }}-${{ env.GOARCH }} | |
LICENSE | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
build_darwin_client: | |
# only run this job if the dependency workflow was a success and was triggered as part of a release | |
if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'release' | |
runs-on: ubuntu-latest | |
env: | |
TAG: ${{ github.event.workflow_run.head_branch }} | |
GOARCH: amd64 | |
GOOS: darwin | |
steps: | |
- name: Install Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: 1.16 | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.workflow_run.head_branch }} | |
- uses: actions/cache@v2 | |
with: | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-go- | |
- name: Compile | |
working-directory: ./client/cmd | |
run: | | |
go build -o /tmp/kiss-client-${{ env.GOOS }}-${{ env.GOARCH }} . | |
- name: Release | |
uses: softprops/action-gh-release@v1 | |
with: | |
tag_name: ${{ env.TAG }} | |
files: | | |
/tmp/kiss-client-${{ env.GOOS }}-${{ env.GOARCH }} | |
LICENSE | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
build_windows_client: | |
# only run this job if the dependency workflow was a success and was triggered as part of a release | |
if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'release' | |
runs-on: ubuntu-latest | |
env: | |
TAG: ${{ github.event.workflow_run.head_branch }} | |
GOARCH: amd64 | |
GOOS: windows | |
steps: | |
- name: Install Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: 1.16 | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.workflow_run.head_branch }} | |
- uses: actions/cache@v2 | |
with: | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-go- | |
- name: Compile | |
working-directory: ./client/cmd | |
run: | | |
go build -o /tmp/kiss-client-${{ env.GOOS }}-${{ env.GOARCH }} . | |
- name: Release | |
uses: softprops/action-gh-release@v1 | |
with: | |
tag_name: ${{ env.TAG }} | |
files: | | |
/tmp/kiss-client-${{ env.GOOS }}-${{ env.GOARCH }} | |
LICENSE | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |