Skip to content

feat: add writing secrets feature in terraform provider #426

feat: add writing secrets feature in terraform provider

feat: add writing secrets feature in terraform provider #426

Workflow file for this run

name: Release
env:
JFROG_CLI_BUILD_NAME: ${{ github.repository }}
JFROG_SERVER: eng-generic-dev-local
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
on:
pull_request:
branches: [main]
push:
branches:
- main
workflow_dispatch:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Build library
run: |
go build
- name: Run unit tests
run: |
cd api
go test -race -coverprofile=coverage.out -v ./...
go tool cover -func="coverage.out"
- name: Save unit tests coverage
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: coverage
path: api/coverage.out
- name: Save built library
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: library
path: go-client-library-passwordsafe
sonarqube:
needs: build
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Download coverage
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: coverage
- name: SonarQube Scan on PR
if: ${{ github.actor != 'dependabot[bot]' && ( github.event_name == 'pull_request' || github.event_name == 'pull_request_target' ) }}
uses: sonarsource/sonarqube-scan-action@884b79409bbd464b2a59edc326a4b77dc56b2195 # v3.0.0
with:
projectBaseDir: .
args: >
-Dsonar.projectKey=${{ github.event.repository.name }}
-Dsonar.pullrequest.key=${{ github.event.number }}
-Dsonar.pullrequest.branch=${{ github.head_ref }}
-Dsonar.pullrequest.base=${{ github.base_ref }}
-Dsonar.go.coverage.reportPaths=coverage.out
-Dsonar.exclusions=api/**/**_test.go,api/entities/**,api/logging/**,api/utils/**,TestClient.go,performancetest/PerformanceTest.go
env:
SONAR_TOKEN: ${{ env.SONAR_TOKEN }}
SONAR_HOST_URL: https://sonar.dev.beyondtrust.com
- name: SonarQube Scan on branch
if: ${{ github.actor != 'dependabot[bot]' && ( github.event_name != 'pull_request' && github.event_name != 'pull_request_target' ) }}
uses: sonarsource/sonarqube-scan-action@884b79409bbd464b2a59edc326a4b77dc56b2195 # v3.0.0
with:
projectBaseDir: .
args: >
-Dsonar.projectKey=${{ github.event.repository.name }}
-Dsonar.go.coverage.reportPaths=coverage.out
-Dsonar.exclusions=api/**/**_test.go,api/entities/**,api/logging/**,api/utils/**,TestClient.go,performancetest/PerformanceTest.go
env:
SONAR_TOKEN: ${{ env.SONAR_TOKEN }}
SONAR_HOST_URL: https://sonar.dev.beyondtrust.com
- name: SonarQube Quality Gate check
if: ${{ github.actor != 'dependabot[bot]' }}
uses: sonarsource/sonarqube-quality-gate-action@d304d050d930b02a896b0f85935344f023928496 # v1.1.0
timeout-minutes: 5
env:
SONAR_TOKEN: ${{ env.SONAR_TOKEN }}
x-ray:
needs: [build, sonarqube]
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
# Allow goreleaser to access older tag information.
fetch-depth: 0
- name: Jfrog setup
uses: jfrog/setup-jfrog-cli@d82fe26823e1f25529250895d5673f65b02af085 # v4.0.1
env:
JF_ENV_1: ${{ secrets.ARTIFACTORY_DEPLOYER }}
- name: Setting up artifactory
run: |
mkdir go-library-passwordsafe
- name: Download library binary
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: library
path: go-library-passwordsafe
- name: Send artifacts to Jfrog
run: |
jfrog rt u "go-library-passwordsafe/*" ${{ env.JFROG_SERVER }}
- name: Publish Build Information
run: |
jfrog rt build-add-git
jfrog rt build-collect-env
jfrog rt build-publish ${{ env.JFROG_CLI_BUILD_NAME }} ${{ env.JFROG_CLI_BUILD_NUMBER }}
- name: Scan Build
run: jfrog rt build-scan ${{ env.JFROG_CLI_BUILD_NAME }} ${{ env.JFROG_CLI_BUILD_NUMBER }}