Merge pull request #2310 from opengovern/fix-tasks #7543
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will build a golang project | |
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go | |
| name: Go | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| buildImportDemo: | |
| type: choice | |
| description: "build demo import images and dex image" | |
| options: | |
| - "true" | |
| - "false" | |
| default: "false" | |
| buildPostgres: | |
| type: choice | |
| description: "build postgres images " | |
| options: | |
| - "true" | |
| - "false" | |
| default: "false" | |
| servicesList: | |
| type: string | |
| description: "List of services to build" | |
| required: false | |
| default: "all" | |
| deployTo: | |
| type: choice | |
| description: "Environment to deploy to" | |
| options: | |
| - "dev" | |
| - "prod" | |
| default: "dev" | |
| push: | |
| branches: ["main","dev"] | |
| pull_request: | |
| branches: ["main","dev"] | |
| jobs: | |
| tag: | |
| runs-on: ubuntu-latest | |
| environment: golang | |
| outputs: | |
| latest_tag: ${{ steps.set_latest_tag.outputs.latest_tag }} | |
| if: github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') && ( ! contains(github.event.head_commit.message, 'ui-changes') ) | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Tag version | |
| id: tag_version | |
| uses: mathieudutour/[email protected] | |
| with: | |
| github_token: ${{ secrets.GH_ACCESS_TOKEN }} | |
| fetch_all_tags: true | |
| release_branches: main | |
| tag_prefix: v | |
| - name: Set latest tag output | |
| id: set_latest_tag | |
| run: | | |
| if [[ -z "${{ steps.tag_version.outputs.new_tag }}" ]]; then | |
| echo "latest_tag=${{ steps.tag_version.outputs.previous_tag }}" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "latest_tag=${{ steps.tag_version.outputs.new_tag }}" >> "$GITHUB_OUTPUT" | |
| fi | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - tag | |
| environment: golang | |
| outputs: | |
| steampipe: ${{ steps.build_services.outputs.steampipe }} | |
| auth-service: ${{ steps.build_services.outputs.auth-service }} | |
| checkup-job: ${{ steps.build_services.outputs.checkup-job }} | |
| compliance-report-job: ${{ steps.build_services.outputs.compliance-report-job }} | |
| compliance-service: ${{ steps.build_services.outputs.compliance-service }} | |
| compliance-summarizer-job: ${{ steps.build_services.outputs.compliance-summarizer-job }} | |
| scheduler-service: ${{ steps.build_services.outputs.scheduler-service }} | |
| inventory-service: ${{ steps.build_services.outputs.inventory-service }} | |
| metadata-service: ${{ steps.build_services.outputs.metadata-service }} | |
| post-install-job: ${{ steps.build_services.outputs.post-install-job }} | |
| swagger-ui: ${{ steps.build_services.outputs.swagger-ui }} | |
| cloudql: ${{ steps.build_services.outputs.cloudql }} | |
| integration-service: ${{ steps.build_services.outputs.integration-service }} | |
| es-sink-service: ${{ steps.build_services.outputs.es-sink-service }} | |
| query-runner-job: ${{ steps.build_services.outputs.query-runner-job }} | |
| query-validator-job: ${{ steps.build_services.outputs.query-validator-job }} | |
| demo-importer-job: ${{ steps.build_services.outputs.demo-importer-job }} | |
| task-service: ${{ steps.build_services.outputs.task-service }} | |
| rego-service: ${{ steps.build_services.outputs.rego-service }} | |
| env: | |
| SERVICE_LIST: ${{ github.event.inputs.servicesList }} | |
| GH_ACCESS_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }} | |
| steps: | |
| - name: Install musl cc | |
| uses: awalsh128/cache-apt-pkgs-action@v1 | |
| with: | |
| packages: musl-tools musl-dev musl | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 5 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: "./go.mod" | |
| cache: false | |
| - name: Go Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Configure Git | |
| run: git config --global url.https://[email protected]/opengovern.insteadOf https://github.com/opengovern | |
| - name: Build services | |
| id: build_services | |
| run: | | |
| set -x | |
| ./scripts/list_services > ./service-list | |
| cat ./service-list | |
| cat ./service-list | sed 's/\s\+/\n/g' | sed 's/^\<steampipe\>$//g' | sed '/^$/d' > ./build_services | |
| cat ./build_services | |
| mkdir -p ./build | |
| if [ ! -z "$(cat ./build_services)" ]; then | |
| for f in $(cat ./build_services); do | |
| CC=/usr/bin/musl-gcc GOPRIVATE="github.com/opengovern" GOOS=linux GOARCH=amd64 go build -v -ldflags "-linkmode external -extldflags '-static' -s -w" -tags musl -o ./build/ ./cmd/$f; | |
| done | |
| chmod +x ./build/* | |
| fi | |
| for f in $(cat ./service-list); do echo "$f=true" >> "$GITHUB_OUTPUT"; done | |
| - name: Pack build | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| tar -czvf build.tar.gz build | |
| - name: Upload artifact | |
| if: github.event_name != 'pull_request' | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: build | |
| path: build.tar.gz | |
| retention-days: 1 | |
| deploy-steampipe: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-steampipe-base | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: (needs.build.outputs.steampipe-base == 'true' || needs.build.outputs.steampipe == 'true') && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/steampipe-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/SteampipeServiceDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-steampipe-base: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-cloudql | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: (needs.build.outputs.cloudql == 'true' || needs.build.outputs.steampipe == 'true') && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/steampipe-plugin-base:0.0.1 | |
| ghcr.io/${{ github.repository_owner }}/steampipe-plugin-base:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/SteampipeBaseImageDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-auth-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.auth-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/auth-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/AuthServiceDockerfile | |
| context: . | |
| deploy-task-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.task-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/task-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/TaskServiceDockerfile | |
| context: . | |
| deploy-checkup-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.checkup-job == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/checkup-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/CheckupJobDockerfile | |
| context: . | |
| deploy-compliance-report-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-cloudql | |
| - deploy-steampipe | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: (needs.build.outputs.cloudql == 'true' || needs.build.outputs.compliance-report-job == 'true') && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/compliance-report-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/ComplianceReportJobDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-rego-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-cloudql | |
| - deploy-steampipe | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: (needs.build.outputs.cloudql == 'true' || needs.build.outputs.rego-service == 'true') && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/rego-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/RegoServiceDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-compliance-summarizer-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.compliance-summarizer-job == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/compliance-summarizer-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/ComplianceSummarizerJobDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-compliance-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.compliance-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/compliance-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/ComplianceServiceDockerfile | |
| context: . | |
| deploy-scheduler-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.scheduler-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/scheduler-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/SchedulerServiceDockerfile | |
| context: . | |
| deploy-integration-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.integration-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/integration:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/IntegrationServiceDockerfile | |
| context: . | |
| deploy-es-sink-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.es-sink-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/es-sink:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/EsSinkServiceDockerfile | |
| context: . | |
| deploy-inventory-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.inventory-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/inventory-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/InventoryServiceDockerfile | |
| context: . | |
| deploy-metadata-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.metadata-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/metadata-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/MetadataServiceDockerfile | |
| context: . | |
| deploy-post-install-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.post-install-job == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/post-install-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/PostInstallJobDockerfile | |
| context: . | |
| deploy-swagger-ui: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.swagger-ui == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/swagger-ui:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/SwaggerUIDockerfile | |
| context: . | |
| deploy-cloudql: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: (needs.build.outputs.cloudql == 'true' || | |
| needs.build.outputs.steampipe == 'true' || | |
| needs.build.outputs.compliance-report-job == 'true') && github.event_name != 'pull_request' | |
| steps: | |
| - name: Check if we need to actually push | |
| id: check_if_push | |
| run: | | |
| if [[ -z "${{ needs.build.outputs.cloudql }}" ]]; then | |
| echo "do_build=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "do_build=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Checkout code | |
| if: steps.check_if_push.outputs.do_build == 'true' | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| if: steps.check_if_push.outputs.do_build == 'true' | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| if: steps.check_if_push.outputs.do_build == 'true' | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| if: steps.check_if_push.outputs.do_build == 'true' | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/cloudql:0.0.1 | |
| ghcr.io/${{ github.repository_owner }}/cloudql:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/CloudQLDockerfile | |
| context: . | |
| deploy-query-runner-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-cloudql | |
| - deploy-steampipe | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.query-runner-job == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/query-runner-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/QueryRunnerJobDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-query-validator-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-cloudql | |
| - deploy-steampipe | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.query-validator-job == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/query-validator-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/QueryValidatorJobDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-audit-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-cloudql | |
| - deploy-steampipe | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.query-validator-job == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/audit-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/AuditJobDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-import-data-script: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - tag | |
| if: github.event.inputs.buildImportDemo == 'true' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/import-data-script:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/ImportDataScriptDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-export-data-script: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - tag | |
| if: github.event.inputs.buildImportDemo == 'true' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/export-data-script:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/ExportDataScriptDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-demo-importer-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.demo-importer-job == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/demo-importer-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/DemoImporterJobDockerfile | |
| context: . | |
| deploy-dex-login: | |
| runs-on: ubuntu-latest | |
| if: github.event.inputs.buildImportDemo == 'true' | |
| needs: | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/dex-login:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/DexLoginDockerfile | |
| context: . | |
| deploy-postgres: | |
| runs-on: ubuntu-latest | |
| if: github.event.inputs.buildPostgres == 'true' | |
| needs: | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/postgres:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/PostgresDockerfile | |
| context: . |