Skip to content
Release version

fix: mise a jour du fichier SIFA (#3934) #704

Sign in to view logs

fix: mise a jour du fichier SIFA (#3934)

fix: mise a jour du fichier SIFA (#3934) #704

Workflow file for this run

.github/workflows/release.yml at aedf36d
name: Release version
on:
push:
branches: [master, hotfix]
jobs:
tests:
uses: "./.github/workflows/ci.yml"
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
release:
concurrency:
group: "release-${{ github.workflow }}-${{ github.ref }}"
permissions: write-all
outputs:
VERSION: ${{ steps.get-version.outputs.VERSION }}
PREV_VERSION: ${{ steps.get-prev-version.outputs.VERSION }}
runs-on: ubuntu-latest
steps:
- name: Checkout project
uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: true
- uses: actions/setup-node@v4
with:
node-version: 22.6
- uses: actions/cache@v4
with:
path: |
**/node_modules
.yarn/install-state.gz
.yarn/cache
key: yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: yarn-
save-always: true
- name: Install dependencies
run: yarn install
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
platforms: linux/amd64
install: true
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v2
- name: Retrieve previous version
id: get-prev-version
run: echo "VERSION=$(git describe --tags --abbrev=0 | cut -c2-)" >> "$GITHUB_OUTPUT"
- name: bump and release
run: yarn release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
GITHUB_REF_NAME: ${{ env.GITHUB_REF_NAME }}
- name: Retrieve new version
id: get-version
run: echo "VERSION=$(git describe --tags --abbrev=0 | cut -c2-)" >> "$GITHUB_OUTPUT"
sentry-release:
if: needs.release.outputs.VERSION != needs.release.outputs.PREV_VERSION
needs: ["release"]
runs-on: ubuntu-latest
steps:
- name: Checkout project
uses: actions/checkout@v4
- name: Create vault pwd file
run: echo ${{ secrets.VAULT_PWD }} > .infra/.vault_pwd.txt
- name: Create sentry release
run: .bin/mna-tdb sentry:release "${{ needs.release.outputs.VERSION }}" "${{ github.sha }}"
env:
ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
docker-scout:
if: needs.release.outputs.VERSION != needs.release.outputs.PREV_VERSION
concurrency:
group: "scout-${{ github.workflow }}-${{ github.ref }}"
needs: ["release"]
runs-on: ubuntu-latest
steps:
- name: Authenticate to Docker
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PAT }}
- name: Server Docker Scout
uses: docker/scout-action@v1
with:
command: quickview,cves,recommendations,compare
image: ghcr.io/mission-apprentissage/mna_tdb_server:${{ needs.release.outputs.VERSION }}
to: ghcr.io/mission-apprentissage/mna_tdb_server:${{ needs.release.outputs.PREV_VERSION }}
sarif-file: sarif-server.output.json
- name: Server Docker Upload SARIF result
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: sarif-server.output.json
category: Docker Server
- name: UI Docker Scout
uses: docker/scout-action@v1
with:
command: quickview,cves,recommendations,compare
image: ghcr.io/mission-apprentissage/mna_tdb_ui:${{ needs.release.outputs.VERSION }}-production
to: ghcr.io/mission-apprentissage/mna_tdb_ui:${{ needs.release.outputs.PREV_VERSION }}-production
sarif-file: sarif-ui.output.json
- name: UI Docker Upload SARIF result
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: sarif-ui.output.json
category: Docker UI
deploy:
concurrency:
group: "deploy-${{ github.workflow }}-${{ github.ref }}"
needs: ["release"]
name: Deploy ${{ needs.release.outputs.VERSION }} on recette
uses: "./.github/workflows/_deploy.yml"
with:
environment: recette
app_version: ${{ needs.release.outputs.VERSION }}
secrets:
DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
DEPLOY_PASS: ${{ secrets.DEPLOY_PASS }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
VAULT_PWD: ${{ secrets.VAULT_PWD }}