🐛 make sure gitlab discovers only unique assets (#3392) #700
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Build & Release Providers' | |
on: | |
push: | |
branches: ['main'] | |
paths: ['providers/**'] | |
workflow_dispatch: | |
inputs: | |
build_all: | |
description: 'Force build all providers' | |
type: boolean | |
required: false | |
default: false | |
skip_publish: | |
description: 'Skip publishing' | |
type: boolean | |
required: false | |
default: false | |
env: | |
BUCKET: releases-us.mondoo.io | |
SKIP_PROVIDERS: "core" | |
jobs: | |
scoping: | |
name: "Scoping" | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
outputs: | |
providers: ${{ steps.providers.outputs.providers }} | |
build_list: ${{ steps.providers.outputs.build_list }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Detect providers | |
id: providers | |
run: | | |
providers=$(find providers -mindepth 1 -maxdepth 1 -type d -exec basename {} \;) | |
echo "providers=$(echo -n $providers | jq -Rsc 'split(" ")')" >> $GITHUB_OUTPUT | |
build="" | |
root=$PWD | |
for p in $providers; do | |
skip=0 | |
for s in $SKIP_PROVIDERS; do | |
if [[ $p == $s ]]; then | |
skip=1 | |
fi | |
done | |
if [[ $skip == 1 ]]; then | |
echo "$p is on the skip list. Skipping." | |
continue | |
fi | |
cd providers/$p | |
REPO_VERSION=$(grep Version config/config.go | cut -f2 -d\") | |
STATUS_CODE=$(curl -s -o /dev/null -I -w "%{http_code}" https://releases.mondoo.com/providers/atlassian/latest.json) | |
if [ "$STATUS_CODE" -eq "404" ]; then | |
DIST_VERSION="unreleased" | |
else | |
DIST_VERSION=$(curl -s https://releases.mondoo.com/providers/${p}/latest.json | jq -r .version) | |
fi | |
printf "PROVIDER $p:\n Local version: $REPO_VERSION\n Remote version: $DIST_VERSION\n" | |
if [[ $REPO_VERSION != $DIST_VERSION ]]; then | |
echo " Adding $p to build list" | |
build="$build $p" | |
else | |
echo " Skipping: Provider version unchanged." | |
fi | |
cd $root | |
done | |
echo "build_list=$(echo -n $build | jq -Rsc 'split(" ")')" >> $GITHUB_OUTPUT | |
build_all=${{ github.event.inputs.build_all }} | |
if [[ $build_all == true ]]; then | |
echo "=== BUILD OF ALL PROVIDERS FORCED ===" | |
printf '%s\n' "${providers[@]}" | jq -R . | jq -sc . > providers.json | |
echo "build_list=$(cat providers.json)" >> $GITHUB_OUTPUT | |
fi | |
- name: Build List | |
run: | | |
echo "=== Providers detected:" | |
echo ${{ steps.providers.outputs.providers }} | |
echo "=== Providers select to build:" | |
echo ${{ steps.providers.outputs.build_list }} | |
provider-build: | |
name: "${{ matrix.provider }}" | |
runs-on: ubuntu-latest | |
timeout-minutes: 120 | |
needs: scoping | |
if: ${{ needs.scoping.outputs.build_list != '[]' }} | |
strategy: | |
fail-fast: false | |
max-parallel: 12 | |
matrix: | |
provider: ${{ fromJSON(needs.scoping.outputs.build_list) }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Import environment variables from file | |
run: cat ".github/env" >> $GITHUB_ENV | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ">=${{ env.golang-version }}" | |
cache: false | |
## Install Build Tools, for Github Hosted Runners only | |
- name: Install Build Tools | |
if: contains( ${{ runner.name }}, 'Github Actions') | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y xz-utils make protobuf-compiler curl zip unzip jq | |
make prep/tools | |
- name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@v2' | |
with: | |
credentials_json: ${{ secrets.GCP_RELEASE_SERVICE_ACCOUNT}} | |
- name: 'Set up gcloud CLI' | |
uses: 'google-github-actions/setup-gcloud@v2' | |
- name: 'Build dependencies' | |
run: | | |
make providers/proto | |
go build -o lr ./providers-sdk/v1/lr/cli/main.go | |
- name: 'Build Provider' | |
run: | | |
rm -rf ./dist | |
scripts/provider_bundler.sh ${{ matrix.provider }} | |
- name: 'Publish Provider' | |
if: ${{ ! inputs.skip_publish }} | |
run: | | |
for pkg in $(ls dist | cut -f1,2 -d_ | uniq); do | |
PROVIDER=$(echo $pkg | cut -f1 -d_) | |
VERSION=$(echo $pkg | cut -f2 -d_) | |
echo "Publishing $pkg: $PROVIDER $VERSION" | |
echo "Publishing $pkg to gs://${BUCKET}/providers/${PROVIDER}/${VERSION}/" | |
gsutil -m cp -c dist/${pkg}*.xz gs://${BUCKET}/providers/${PROVIDER}/${VERSION}/ | |
gsutil -m cp -c dist/${pkg}_SHA256SUMS gs://${BUCKET}/providers/${PROVIDER}/${VERSION}/ | |
done | |
- name: 'Save Artifacts' | |
if: ${{ inputs.skip_publish }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.provider }} | |
path: dist | |
provider-index: | |
needs: [provider-build, scoping] | |
runs-on: ubuntu-latest | |
if: ${{ ! inputs.skip_publish }} | |
steps: | |
- name: Trigger Reindex of releases.mondoo.com | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ secrets.RELEASR_ACTION_TOKEN }} | |
repository: "mondoohq/releasr" | |
event-type: reindex | |
client-payload: '{ }' |