Merge pull request #1958 from opengovern/fix-web-ui #6484
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will build a golang project | |
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go | |
| name: Go | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| buildImportDemo: | |
| type: choice | |
| description: "build demo import images and dex image" | |
| options: | |
| - "true" | |
| - "false" | |
| default: "false" | |
| servicesList: | |
| type: string | |
| description: "List of services to build" | |
| required: false | |
| default: "all" | |
| deployTo: | |
| type: choice | |
| description: "Environment to deploy to" | |
| options: | |
| - "dev" | |
| - "prod" | |
| default: "dev" | |
| push: | |
| branches: ["main","dev"] | |
| pull_request: | |
| branches: ["main","dev"] | |
| jobs: | |
| tag: | |
| runs-on: ubuntu-latest | |
| environment: golang | |
| outputs: | |
| latest_tag: ${{ steps.set_latest_tag.outputs.latest_tag }} | |
| if: github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') && ( ! contains(github.event.head_commit.message, 'ui-changes') ) | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Tag version | |
| id: tag_version | |
| uses: mathieudutour/[email protected] | |
| with: | |
| github_token: ${{ secrets.GH_ACCESS_TOKEN }} | |
| fetch_all_tags: true | |
| release_branches: main | |
| tag_prefix: v | |
| - name: Set latest tag output | |
| id: set_latest_tag | |
| run: | | |
| if [[ -z "${{ steps.tag_version.outputs.new_tag }}" ]]; then | |
| echo "latest_tag=${{ steps.tag_version.outputs.previous_tag }}" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "latest_tag=${{ steps.tag_version.outputs.new_tag }}" >> "$GITHUB_OUTPUT" | |
| fi | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - tag | |
| environment: golang | |
| outputs: | |
| steampipe: ${{ steps.build_services.outputs.steampipe }} | |
| auth-service: ${{ steps.build_services.outputs.auth-service }} | |
| checkup-worker: ${{ steps.build_services.outputs.checkup-worker }} | |
| compliance-report-worker: ${{ steps.build_services.outputs.compliance-report-worker }} | |
| compliance-service: ${{ steps.build_services.outputs.compliance-service }} | |
| compliance-summarizer: ${{ steps.build_services.outputs.compliance-summarizer }} | |
| describe-scheduler: ${{ steps.build_services.outputs.describe-scheduler }} | |
| inventory-service: ${{ steps.build_services.outputs.inventory-service }} | |
| metadata-service: ${{ steps.build_services.outputs.metadata-service }} | |
| migrator-worker: ${{ steps.build_services.outputs.migrator-worker }} | |
| swagger-ui: ${{ steps.build_services.outputs.swagger-ui }} | |
| analytics-worker: ${{ steps.build_services.outputs.analytics-worker }} | |
| steampipe-plugin-opengovernance: ${{ steps.build_services.outputs.steampipe-plugin-opengovernance }} | |
| integration-service: ${{ steps.build_services.outputs.integration-service }} | |
| es-sink-service: ${{ steps.build_services.outputs.es-sink-service }} | |
| wastage-service: ${{ steps.build_services.outputs.wastage-service }} | |
| information-service: ${{ steps.build_services.outputs.information-service }} | |
| query-runner-worker: ${{ steps.build_services.outputs.query-runner-worker }} | |
| demo-importer-worker: ${{ steps.build_services.outputs.demo-importer-worker }} | |
| env: | |
| SERVICE_LIST: ${{ github.event.inputs.servicesList }} | |
| GH_ACCESS_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }} | |
| steps: | |
| - name: Free Disk Space (Ubuntu) | |
| uses: jlumbroso/free-disk-space@main | |
| with: | |
| # This might remove tools that are actually needed, | |
| # if set to "true" but frees about 6 GB | |
| tool-cache: false | |
| # All of these default to true, but feel free to set to | |
| # "false" if necessary for your workflow | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| large-packages: false | |
| docker-images: true | |
| swap-storage: true | |
| - name: Install musl cc | |
| uses: awalsh128/cache-apt-pkgs-action@v1 | |
| with: | |
| packages: musl-tools musl-dev musl | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 5 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version-file: "./go.mod" | |
| cache: false | |
| - name: Go Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Configure Git | |
| run: git config --global url.https://[email protected]/opengovern.insteadOf https://github.com/opengovern | |
| - name: Build services | |
| id: build_services | |
| run: | | |
| set -x | |
| ./scripts/list_services > ./service-list | |
| cat ./service-list | |
| cat ./service-list | sed 's/\s\+/\n/g' | sed 's/^\<steampipe\>$//g' | sed '/^$/d' > ./build_services | |
| cat ./build_services | |
| mkdir -p ./build | |
| if [ ! -z "$(cat ./build_services)" ]; then | |
| for f in $(cat ./build_services); do | |
| CC=/usr/bin/musl-gcc GOPRIVATE="github.com/opengovern" GOOS=linux GOARCH=amd64 go build -v -ldflags "-linkmode external -extldflags '-static' -s -w" -tags musl -o ./build/ ./cmd/$f; | |
| done | |
| chmod +x ./build/* | |
| fi | |
| for f in $(cat ./service-list); do echo "$f=true" >> "$GITHUB_OUTPUT"; done | |
| - name: Pack build | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| tar -czvf build.tar.gz build | |
| - name: Upload artifact | |
| if: github.event_name != 'pull_request' | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: build | |
| path: build.tar.gz | |
| retention-days: 1 | |
| deploy-steampipe: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-steampipe-plugin-opengovernance | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: (needs.build.outputs.steampipe-plugin-opengovernance == 'true' || needs.build.outputs.steampipe == 'true') && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/steampipe-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/SteampipeServiceDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-auth-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.auth-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/auth-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/AuthServiceDockerfile | |
| context: . | |
| deploy-checkup-worker: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.checkup-worker == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/checkup-worker:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/CheckupWorkerDockerfile | |
| context: . | |
| deploy-compliance-report-worker: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-steampipe-plugin-opengovernance | |
| - deploy-steampipe | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: (needs.build.outputs.steampipe-plugin-opengovernance == 'true' || needs.build.outputs.compliance-report-worker == 'true') && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/compliance-report-worker:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/ComplianceReportWorkerDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-compliance-summarizer: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.compliance-summarizer == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/compliance-summarizer:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/ComplianceSummarizerDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-compliance-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.compliance-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/compliance-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/ComplianceServiceDockerfile | |
| context: . | |
| deploy-describe-scheduler: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.describe-scheduler == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/describe-scheduler:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/DescribeSchedulerDockerfile | |
| context: . | |
| deploy-integration-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.integration-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/integration:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/IntegrationServiceDockerfile | |
| context: . | |
| deploy-es-sink-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.es-sink-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/es-sink:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/EsSinkServiceDockerfile | |
| context: . | |
| deploy-inventory-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.inventory-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/inventory-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/InventoryServiceDockerfile | |
| context: . | |
| deploy-metadata-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.metadata-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/metadata-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/MetadataServiceDockerfile | |
| context: . | |
| deploy-migrator-worker: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.migrator-worker == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/migrator:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/MigratorDockerfile | |
| context: . | |
| deploy-swagger-ui: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.swagger-ui == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/swagger-ui:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/SwaggerUIDockerfile | |
| context: . | |
| deploy-analytics-worker: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-steampipe-plugin-opengovernance | |
| - deploy-compliance-report-worker | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: (needs.build.outputs.steampipe-plugin-opengovernance == 'true' || needs.build.outputs.analytics-worker == 'true') && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/analytics-worker:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/AnalyticsWorkerDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-steampipe-plugin-opengovernance: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: (needs.build.outputs.steampipe-plugin-opengovernance == 'true' || | |
| needs.build.outputs.steampipe == 'true' || | |
| needs.build.outputs.compliance-report-worker == 'true' || | |
| needs.build.outputs.analytics-worker == 'true') && github.event_name != 'pull_request' | |
| steps: | |
| - name: Check if we need to actually push | |
| id: check_if_push | |
| run: | | |
| if [[ -z "${{ needs.build.outputs.steampipe-plugin-opengovernance }}" ]]; then | |
| echo "do_build=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "do_build=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Checkout code | |
| if: steps.check_if_push.outputs.do_build == 'true' | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| if: steps.check_if_push.outputs.do_build == 'true' | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| if: steps.check_if_push.outputs.do_build == 'true' | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| if: steps.check_if_push.outputs.do_build == 'true' | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/steampipe-plugin-opengovernance:0.0.1 | |
| ghcr.io/${{ github.repository_owner }}/steampipe-plugin-opengovernance:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/SteampipePluginOpengovernanceDockerfile | |
| context: . | |
| deploy-wastage-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.wastage-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/wastage-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/WastageServiceDockerfile | |
| context: . | |
| deploy-information-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.information-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/information-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/InformationServiceDockerfile | |
| context: . | |
| deploy-query-runner-worker: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-steampipe-plugin-opengovernance | |
| - deploy-steampipe | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.query-runner-worker == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/query-runner-worker:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/QueryRunnerWorkerDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-import-data-script: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - tag | |
| if: github.event.inputs.buildImportDemo == 'true' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/import-data-script:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/ImportDataScriptDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-export-data-script: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - tag | |
| if: github.event.inputs.buildImportDemo == 'true' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/export-data-script:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/ExportDataScriptDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-demo-importer-worker: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.demo-importer-worker == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/demo-importer:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/DemoImporterDockerfile | |
| context: . | |
| deploy-dex-login: | |
| runs-on: ubuntu-latest | |
| if: github.event.inputs.buildImportDemo == 'true' | |
| needs: | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/dex-login:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/DexLoginDockerfile | |
| context: . |