Skip to content

Release (Nightly)

Release (Nightly) #795

Workflow file for this run

name: Release (Nightly)
on:
workflow_dispatch:
schedule:
- cron: "30 22 * * *" # nightly @ 10:30 PM UTC
permissions:
contents: write
packages: write
env:
GO_VERSION: "1.23"
jobs:
nightly-build:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
name: linux
- os: macos-latest
name: darwin
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- uses: actions/cache@v4
with:
path: _tools/
key: ${{ runner.os }}-go-tools${{ hashFiles('_tools/go.sum') }}
restore-keys: |
${{ runner.os }}-go-tools-
- uses: actions/setup-node@v4
with:
node-version: "18"
- name: Install GCC for arm64
if: matrix.os == 'ubuntu-latest'
run: |
sudo apt-get update && \
sudo apt-get install -y gcc-aarch64-linux-gnu
- name: Install Quill
if: matrix.os == 'macos-latest'
run: |
curl -sSfL https://raw.githubusercontent.com/anchore/quill/main/install.sh | sh -s -- -b $GITHUB_WORKSPACE/bin
echo "${GITHUB_WORKSPACE}/bin" >> $GITHUB_PATH
- name: Install Mage
uses: magefile/mage-action@v3
with:
# mac build currently doesn't exist for v1.15.0 https://github.com/magefile/mage/issues/481
version: v1.14.0
install-only: true
- name: Prep Build
run: mage prep
- name: Git Tag
run: |
echo "GORELEASER_CURRENT_TAG=$(git describe --tags --match='v[0-9]*' `git rev-list --tags --max-count=1`)" >> $GITHUB_ENV
- name: GoReleaser (Nightly) Build
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser-pro
version: "~> v2.3.0"
args: release --clean --nightly -f .goreleaser.${{ matrix.name }}.yml
env:
GORELEASER_CURRENT_TAG: ${{ env.GORELEASER_CURRENT_TAG }}
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ANALYTICS_WRITE_KEY: ${{ secrets.ANALYTICS_WRITE_KEY }}
ANALYTICS_WRITE_ENDPOINT: ${{ secrets.ANALYTICS_WRITE_ENDPOINT }}
QUILL_SIGN_P12: ${{ secrets.QUILL_SIGN_P12 }}
QUILL_SIGN_PASSWORD: ${{ secrets.QUILL_SIGN_PASSWORD }}
- uses: actions/upload-artifact@v4
with:
name: flipt-nightly-${{ matrix.name }}
path: dist/flipt_${{ matrix.name }}_*/flipt
nightly-release:
runs-on: ubuntu-latest
needs: nightly-build
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: "${{ github.repository_owner }}"
password: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/download-artifact@v4
with:
name: flipt-nightly-linux
path: tmp/dist
- uses: actions/download-artifact@v4
with:
name: flipt-nightly-darwin
path: tmp/dist
- name: Install Syft
run: |
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
- name: Git Tag
run: |
echo "GORELEASER_CURRENT_TAG=$(git describe --tags --match='v[0-9]*' `git rev-list --tags --max-count=1`)" >> $GITHUB_ENV
- name: GoReleaser (Nightly) Release
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser-pro
version: "~> v2.3.0"
args: release --nightly -f .goreleaser.nightly.yml
env:
GORELEASER_CURRENT_TAG: ${{ env.GORELEASER_CURRENT_TAG }}
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
stackhawk:
name: HawkScan
runs-on: ubuntu-latest
needs: nightly-release
services:
flipt:
image: flipt/flipt:nightly # <-- this is the image name from the previous job
ports:
- 8080:8080
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: "17"
- name: Update HawkScan Configuration
uses: mikefarah/yq@master
with:
cmd: yq -i '.app.env = "Nightly"' stackhawk.yml
- name: Run HawkScan
uses: stackhawk/[email protected]
with:
apiKey: ${{ secrets.HAWK_API_KEY }}