-
Notifications
You must be signed in to change notification settings - Fork 1
144 lines (119 loc) · 4.7 KB
/
push-networks.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: Update external networks
on:
pull_request:
types:
- opened
- reopened
- synchronize
schedule:
- cron: 30 10 * * * # Run this every day at 10:30 UTC
workflow_dispatch:
inputs:
dry-run:
description: Execute Dry Run
required: false
default: true
type: boolean
jobs:
save-current-networks:
name: Download and store currently published latest networks
if: github.event_name == 'schedule' || (github.event.inputs.dry-run == 'false' && github.event_name == 'workflow_dispatch') # Can only be triggered by scheduled run or manual action with dry-run set to false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download and test latest networks
run: ${GITHUB_WORKSPACE}/.github/workflows/scripts/download-current-networks.sh
shell: bash
- uses: actions/upload-artifact@v3
with:
name: current-latest-networks
path: /tmp/external-networks
build:
name: Build external-network-pusher
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Read Go version from go.mod
run: echo "GO_VERSION=$(grep -E "^go\s+[0-9.]+$" go.mod | cut -d " " -f 2)" >> $GITHUB_ENV
- name: Setup Go environment
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Go Build Cache
uses: actions/cache@v4
with:
path: ~/.cache
key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }}
- name: Go Mod Cache
uses: actions/cache@v4
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }}
- name: Run unit tests
run: make test
- name: Build binaries
run: make build
- name: Upload binary
uses: actions/upload-artifact@v3
with:
name: bin
path: .gobin
run-dry-run: # Dry run will run on PRs by default
runs-on: ubuntu-latest
needs: build
name: Dry-run external-network-pusher and simulate results
steps:
- uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GCP_NETWORKS_UPLOADER_SA }}'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: Download executable
uses: actions/download-artifact@v3
with:
name: bin
- name: Set permissions to file
run: chmod +x linux/network-crawler
- name: Dry run external-network-pusher
run: linux/network-crawler --dry-run --bucket-name definitions.stackrox.io
run-and-upload:
name: Run external-network-pusher and upload results
if: github.event_name == 'schedule' || (github.event.inputs.dry-run == 'false' && github.event_name == 'workflow_dispatch') # Can only be triggered by scheduled run or manual action with dry-run set to false
runs-on: ubuntu-latest
needs: [build, run-dry-run, save-current-networks]
steps:
- uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GCP_NETWORKS_UPLOADER_SA }}'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: Download executable
uses: actions/download-artifact@v3
with:
name: bin
- name: Set permissions to file
run: chmod +x linux/network-crawler
- name: Run external-network-pusher
run: linux/network-crawler --bucket-name definitions.stackrox.io
notify:
name: Notify about failed run
if: failure() && (github.event_name == 'schedule' || (github.event.inputs.dry-run == 'false' && github.event_name == 'workflow_dispatch')) # Only trigger on failures of schedule & manual non-dry runs
needs: run-and-upload
runs-on: ubuntu-latest
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
steps:
- name: Post to Slack channel team-acs-maple-interruptions
uses: slackapi/[email protected]
with:
channel-id: "C03SWCX9W0Z"
payload: >-
{ "blocks": [
{ "type": "section", "text": { "type": "mrkdwn", "text":
":red-warning: Daily update of external networks for defintions.stackrox.io failed! :red-warning:\nRefer to the Workflow logs for more information."}},
{ "type": "divider" },
{ "type": "section", "text": { "type": "mrkdwn", "text":
">
Repository: <${{github.server_url}}/${{github.repository}}|${{github.repository}}>\n>
Workflow: <${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.workflow}}>" }}
]}