RF Runtime Release publish #29

Workflow file for this run

.github/workflows/publish_release.yml at dc595af


	name: RF Runtime Release publish

	# Controls when the workflow will run
	on:
	# Allows you to run this workflow manually from the Actions tab
	workflow_dispatch:
	inputs:
	patch-version:
	description: 'Patch Version Number (1.0.XX)'
	required: true
	default: '22'
	type: string
	build-number:
	description: 'Patch Version Number (1.0.22-XX)'
	required: true
	default: '1'
	type: string
	project-for-scan:
	description: 'Project for RF scan results'
	required: false
	default: '661'

	jobs:
	publish-release:
	runs-on: ubuntu-latest
	steps:
	- name: Clone runtime repo
	uses: actions/checkout@v4
	- name: Download release
	env:
	PATCH_VERSION: ${{ inputs.patch-version }}
	BUILD_NUMBER: ${{ inputs.build-number }}
	run: \|
	REVISION="1.0.$PATCH_VERSION-$BUILD_NUMBER"
	az storage blob download --account-name ${{ secrets.PRODMON_STORAGE_ACCOUNT }} --account-key ${{ secrets.PRODMON_STORAGE_KEY }} --container-name "releases" --name rfcmd-$REVISION.tar.gz --file rfcmd-$REVISION.tar.gz
	tar xvzf rfcmd-$REVISION.tar.gz
	- name: Make Release
	uses: softprops/action-gh-release@v1
	with:
	name: 1.0.${{ inputs.patch-version }}
	tag_name: 1.0.${{ inputs.patch-version }}
	body_path: CHANGELOG.md
	files: \|
	rf-cmd-darwin-arm64
	rf-cmd-linux-amd64

	- name: Update latest Release
	uses: softprops/action-gh-release@v1
	with:
	name: latest
	tag_name: latest
	body_path: CHANGELOG.md
	files: \|
	rf-cmd-darwin-arm64
	rf-cmd-linux-amd64

	- name: Install crane
	run: \|
	VERSION=$(curl -s "https://api.github.com/repos/google/go-containerregistry/releases/latest" \| jq -r '.tag_name')
	OS=Linux
	ARCH=x86_64
	curl -sL "https://github.com/google/go-containerregistry/releases/download/${VERSION}/go-containerregistry_${OS}_${ARCH}.tar.gz" > go-containerregistry.tar.gz
	tar -zxvf go-containerregistry.tar.gz -C /usr/local/bin/ crane
	crane version

	- name: docker login to quay
	run: docker login -u=${{ secrets.RF_QUAY_USERNAME }} -p=${{ secrets.RF_QUAY_PASSWORD }} quay.io

	- name: crane login to quay
	run: crane auth login quay.io -u ${{ secrets.RF_QUAY_USERNAME }} -p ${{ secrets.RF_QUAY_PASSWORD }}

	- name: crane login to rfruntimeoffer
	run: crane auth login rfruntimeoffer.azurecr.io -u ${{ secrets.RF_AZURE_RUNTIMEOFFER_USERNAME }} -p ${{ secrets.RF_AZURE_RUNTIMEOFFER_PASSWORD }}

	- name: download CNAB bundle
	run: \|
	REVISION=1.0.${{ inputs.patch-version }}-${{ inputs.build-number }}
	az storage blob download --account-name ${{ secrets.PRODMON_STORAGE_ACCOUNT }} --account-key ${{ secrets.PRODMON_STORAGE_KEY }} --container-name "releases" --name cnab-$REVISION.tar.gz --file cnab-$REVISION.tar.gz
	rm -rf $GITHUB_WORKSPACE/cnab_bundle
	mkdir -p $GITHUB_WORKSPACE/cnab_bundle
	tar -xvzf cnab-$REVISION.tar.gz -C $GITHUB_WORKSPACE/cnab_bundle

	- name: download yq
	run: \|
	yq_url=https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
	wget -q "$yq_url" -O /usr/local/bin/yq
	yq --version

	- name: install the RapidFort CLI tools
	run: \|
	curl -k https://us01.rapidfort.com/cli > rfcli
	sudo bash rfcli -p /usr/local/bin/rfcli
	rm rfcli
	echo "/usr/local/bin/rfcli" >> $GITHUB_PATH

	- name: authenticate
	env:
	RF_ROOT_URL: https://us01.rapidfort.com
	RF_ACCESS_ID: ${{ secrets.RF_ACCESS_ID }}
	RF_SECRET_ACCESS_KEY: ${{ secrets.RF_SECRET_ACCESS_KEY }}
	run: \|
	rflogin

	- name: copy quay to rfruntime
	run: \|
	echo "#!/bin/bash" > $GITHUB_WORKSPACE/scan_script.sh
	chmod +x $GITHUB_WORKSPACE/scan_script.sh
	image_keys=$(yq eval '.global.azure.images \| keys ' $GITHUB_WORKSPACE/cnab_bundle/k8s-scanner/values.yaml)
	# Iterate over the images using a Bash for loop
	while IFS= read -r image_key; do
	# Remove "-" and extra space from the image
	image_key=${image_key//- /}
	echo "fetching details for ${image_key}"
	image=$(yq eval ".global.azure.images.${image_key}.image" $GITHUB_WORKSPACE/cnab_bundle/k8s-scanner/values.yaml)
	registry=$(yq eval ".global.azure.images.${image_key}.registry" $GITHUB_WORKSPACE/cnab_bundle/k8s-scanner/values.yaml)
	tag=$(yq eval ".global.azure.images.${image_key}.tag" $GITHUB_WORKSPACE/cnab_bundle/k8s-scanner/values.yaml)
	docker pull "${registry}/${image}:${tag}"
	echo rfscan "${registry}/${image}:${tag}" -p ${{ inputs.project-for-scan }} >> $GITHUB_WORKSPACE/scan_script.sh
	crane copy "${registry}/${image}:${tag}" rfruntimeoffer.azurecr.io/"${image}:${tag}"
	done <<< "$image_keys"
	awk '!seen[$0]++' < $GITHUB_WORKSPACE/scan_script.sh > $GITHUB_WORKSPACE/scan_script_deduped.sh
	chmod +x $GITHUB_WORKSPACE/scan_script_deduped.sh
	cat $GITHUB_WORKSPACE/scan_script_deduped.sh
	bash -c "$GITHUB_WORKSPACE/scan_script_deduped.sh"

	- name: modify registry to azure registry
	run: \|
	image_keys=$(yq eval '.global.azure.images \| keys ' $GITHUB_WORKSPACE/cnab_bundle/k8s-scanner/values.yaml)
	# Iterate over the images using a Bash for loop
	while IFS= read -r image_key; do
	# Remove "-" and extra space from the image
	image_key=${image_key//- /}
	echo "updating registry for ${image_key}"
	yq eval -i ".global.azure.images.${image_key}.registry = \"rfruntimeoffer.azurecr.io\"" $GITHUB_WORKSPACE/cnab_bundle/k8s-scanner/values.yaml
	done <<< "$image_keys"
	echo """ *** dumping $GITHUB_WORKSPACE/cnab_bundle/k8s-scanner/values.yaml **"
	cat $GITHUB_WORKSPACE/cnab_bundle/k8s-scanner/values.yaml

	- name: publish cnab bundle
	run: \|
	docker pull mcr.microsoft.com/container-package-app:latest
	cat cnab_publish.sh
	echo """ running docker now for cnab publishing"""
	docker run -i -v /var/run/docker.sock:/var/run/docker.sock -v $GITHUB_WORKSPACE/cnab_bundle:/data -v $GITHUB_WORKSPACE/cnab_publish.sh:/scripts/cnab_publish.sh -eAZURE_TENANT_ID=${{ secrets.AZURE_TENANT_ID }} -eAZURE_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }} -eAZURE_CLIENT_SECRET=${{ secrets.AZURE_CLIENT_SECRET }} -eREGISTRY_NAME=rfruntimeoffer --entrypoint "/scripts/cnab_publish.sh" mcr.microsoft.com/container-package-app:latest

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RF Runtime Release publish #29

Workflow file

RF Runtime Release publish #29

Jobs

Run details

Workflow file for this run