Build & Release Providers #116
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Build & Release Providers' | |
on: | |
push: | |
branches: ['main'] | |
paths: ['providers/**'] | |
workflow_dispatch: | |
inputs: | |
build_all: | |
description: 'Force build all providers' | |
type: boolean | |
required: false | |
default: 'false' | |
skip_publish: | |
description: 'Skip publishing' | |
type: boolean | |
required: false | |
default: 'false' | |
env: | |
BUCKET: releases-us.mondoo.io | |
SKIP_PROVIDERS: "core" | |
jobs: | |
scoping: | |
name: "Scoping" | |
runs-on: self-hosted | |
timeout-minutes: 10 | |
outputs: | |
providers: ${{ steps.providers.outputs.providers }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Detect providers | |
id: providers | |
run: | | |
providers=$(find providers -mindepth 1 -maxdepth 1 -type d -exec basename {} \;) | |
build="" | |
root=$PWD | |
for p in $providers; do | |
skip=0 | |
for s in $SKIP_PROVIDERS; do | |
if [[ $p == $s ]]; then | |
skip=1 | |
fi | |
done | |
if [[ $skip == 1 ]]; then | |
echo "$p is on the skip list. Skipping." | |
continue | |
fi | |
cd providers/$p | |
REPO_VERSION=$(grep Version config/config.go | cut -f2 -d\") | |
DIST_VERSION=$(curl -s https://releases.mondoo.com/providers/${p}/latest.json | jq -r .version) | |
printf "PROVIDER $p:\n Local version: $REPO_VERSION\n Remote version: $DIST_VERSION\n" | |
if [[ $REPO_VERSION != $DIST_VERSION ]]; then | |
echo " Adding $p to build list" | |
build="$build $p" | |
else | |
echo " Skipping: Provider version unchanged." | |
fi | |
cd $root | |
done | |
echo "providers=$(echo -n $build | jq -Rsc 'split(" ")')" >> $GITHUB_OUTPUT | |
build_all=${{ github.event.inputs.build_all }}} | |
if [[ $build_all ]]; then | |
echo "Forced build of all providers" | |
printf '%s\n' "${providers[@]}" | jq -R . | jq -sc . > providers.json | |
echo "providers=$(cat providers.json)" >> $GITHUB_OUTPUT | |
fi | |
echo "Providers detected:" | |
echo $providers | |
echo "Providers to build:" | |
echo $build | |
provider-build: | |
name: "${{ matrix.provider }}" | |
runs-on: self-hosted | |
timeout-minutes: 120 | |
needs: scoping | |
strategy: | |
max-parallel: 2 | |
matrix: | |
provider: ${{ fromJSON(needs.scoping.outputs.providers) }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ">=1.21.0" | |
cache: false | |
- name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@v1' | |
with: | |
credentials_json: ${{ secrets.GCP_RELEASE_SERVICE_ACCOUNT}} | |
- name: 'Set up gcloud CLI' | |
uses: 'google-github-actions/setup-gcloud@v1' | |
- name: 'Build dependencies' | |
run: | | |
make providers/proto | |
go build -o lr ./providers-sdk/v1/lr/cli/main.go | |
- name: 'Build Provider' | |
run: | | |
rm -rf ./dist | |
scripts/provider_bundler.sh ${{ matrix.provider }} | |
- name: 'Publish Provider' | |
if: ${{ github.event.inputs.skip_publish == 'false' }} | |
run: | | |
for pkg in $(ls dist | cut -f1,2 -d_ | uniq); do | |
PROVIDER=$(echo $pkg | cut -f1 -d_) | |
VERSION=$(echo $pkg | cut -f2 -d_) | |
echo "Publishing $pkg: $PROVIDER $VERSION" | |
echo "Publishing $pkg to gs://${BUCKET}/providers/${PROVIDER}/${VERSION}/" | |
gsutil -m cp -c dist/${pkg}*.xz gs://${BUCKET}/providers/${PROVIDER}/${VERSION}/ | |
gsutil -m cp -c dist/${pkg}_SHA256SUMS gs://${BUCKET}/providers/${PROVIDER}/${VERSION}/ | |
done | |
- name: 'Save Artifacts' | |
if: ${{ github.event.inputs.skip_publish == 'true' }} | |
uses: actions/upload-artifact@v2 | |
with: | |
name: ${{ matrix.provider }} | |
path: dist | |
provider-index: | |
needs: [provider-build, scoping] | |
runs-on: self-hosted | |
steps: | |
- name: Trigger Reindex of releases.mondoo.com | |
uses: peter-evans/repository-dispatch@v2 | |
with: | |
token: ${{ secrets.RELEASR_ACTION_TOKEN }} | |
repository: "mondoohq/releasr" | |
event-type: reindex | |
client-payload: '{ }' |