Dependencies aligned with k6 master (#252) #52
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and publish xk6-kafka | |
on: | |
push: | |
tags: | |
- "v*" | |
jobs: | |
build: | |
name: Build xk6-kafka | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout 🛎️ | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Install Go 🧑💻 | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
uses: actions/setup-go@v3 | |
with: | |
go-version: "1.21" | |
- name: Install xk6 and build xk6-kafka for different platforms 🏗️ | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
run: | | |
mkdir dist | |
go install go.k6.io/xk6/cmd/xk6@latest | |
GOOS=linux GOARCH=amd64 xk6 build --output dist/xk6-kafka_${{ github.ref_name }}_linux_amd64 --with github.com/mostafa/xk6-kafka@${{ github.ref_name }} | |
tar cvzf dist/xk6-kafka_${{ github.ref_name }}_linux_amd64.tar.gz dist/xk6-kafka_${{ github.ref_name }}_linux_amd64 | |
GOOS=darwin GOARCH=amd64 xk6 build --output dist/xk6-kafka_${{ github.ref_name }}_darwin_amd64 --with github.com/mostafa/xk6-kafka@${{ github.ref_name }} | |
tar cvzf dist/xk6-kafka_${{ github.ref_name }}_darwin_amd64.tar.gz dist/xk6-kafka_${{ github.ref_name }}_darwin_amd64 | |
GOOS=windows GOARCH=amd64 xk6 build --output dist/xk6-kafka_${{ github.ref_name }}_windows_amd64.exe --with github.com/mostafa/xk6-kafka@${{ github.ref_name }} | |
tar cvzf dist/xk6-kafka_${{ github.ref_name }}_windows_amd64.tar.gz dist/xk6-kafka_${{ github.ref_name }}_windows_amd64.exe | |
- name: Generate CycloneDX SBOM artifacts 📃 | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
run: | | |
go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest | |
cyclonedx-gomod mod -json -licenses -output code-cyclonedx-xk6-kafka-${{ github.ref_name }}.json | |
- name: Docker meta 📝 | |
id: meta | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
uses: docker/metadata-action@v4 | |
with: | |
images: mostafamoradian/xk6-kafka | |
tags: | | |
type=semver,pattern={{version}} | |
- name: Login to DockerHub 🔒 | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build and push Docker image 🛳️ | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
uses: docker/build-push-action@v2 | |
with: | |
context: . | |
push: true | |
build-args: K6_BINARY=./dist/xk6-kafka_${{ github.ref_name }}_linux_amd64 | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Install cosign ⬇️ | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
uses: sigstore/cosign-installer@main | |
- name: Sign the Docker image ✍️ | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign -y docker.io/{} | |
- name: Verify the Docker image signature ✅ | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
run: | | |
echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign verify --certificate-identity ${IDENTITY} --certificate-oidc-issuer ${OIDC_ISSUER_URL} docker.io/{} | |
env: | |
IDENTITY: ${{ secrets.IDENTITY }} | |
OIDC_ISSUER_URL: ${{ secrets.OIDC_ISSUER_URL }} | |
- name: Scan code with Trivy vulnerability scanner 🔍 | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: mostafamoradian/xk6-kafka:${{ github.ref_name }} | |
scan-type: "fs" | |
format: "sarif" | |
output: "trivy-results.sarif" | |
exit-code: 1 | |
ignore-unfixed: true | |
severity: "CRITICAL,HIGH" | |
skip-dirs: "fixtures" | |
- name: Upload Trivy scan results to GitHub Security tab ⬆️ | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
uses: github/codeql-action/upload-sarif@v1 | |
with: | |
sarif_file: "trivy-results.sarif" | |
- name: Scan Docker image with Syft and generate SBOM 🦉 | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
uses: anchore/sbom-action@v0 | |
with: | |
artifact-name: docker-image-cyclonedx-xk6-kafka-${{ github.ref_name }}.json | |
format: cyclonedx-json | |
dependency-snapshot: true | |
- name: Create Release 📦 and add binaries and SBOM files 💾 | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
uses: softprops/action-gh-release@v1 | |
with: | |
files: | | |
dist/*.tar.gz | |
code-cyclonedx-xk6-kafka-${{ github.ref_name }}.json | |
docker-image-cyclonedx-xk6-kafka-${{ github.ref_name }}.json |