-
Notifications
You must be signed in to change notification settings - Fork 104
174 lines (150 loc) · 6.06 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
name: Release
on:
workflow_dispatch:
inputs:
version:
description: 'Image version (single-digit suffix like 2.35.0-1)'
required: true
default: 1
bundled-version:
description: 'Bundled WireMock version'
required: true
default: 3.6.0
jobs:
check-new-version:
runs-on: ubuntu-latest
outputs:
new_version: ${{ steps.new_version.outputs.NEW_VERSION }}
steps:
- name: Release if newer version
id: new_version
run: |
CURRENT_VERSION=$(git -c 'versionsort.suffix=-' ls-remote --tags --sort='v:refname' https://github.com/wiremock/wiremock-docker.git '*.*.*' | tail -1 | cut -d '/' -f3)
CURRENT_VERSION=${CURRENT_VERSION%-*}
LATEST_VERSION=$(git -c 'versionsort.suffix=-' ls-remote --tags --sort='v:refname' https://github.com/wiremock/wiremock.git '*.*.*' | tail -1 | cut -d '/' -f3)
echo "NEW_VERSION=${{ github.event.inputs.bundled-version }}-${{ github.event.inputs.version }}" >> $GITHUB_OUTPUT
docker-build-push:
runs-on: ubuntu-latest
needs: [check-new-version]
if: needs.check-new-version.outputs.new_version
strategy:
matrix:
versions:
- CONTEXT: .
IMAGES:
- wiremock/wiremock:latest
- wiremock/wiremock:3x
- wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}
- wiremock/wiremock:${{ github.event.inputs.bundled-version }}
- ghcr.io/wiremock/wiremock:latest
- ghcr.io/wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}
PLATFORMS:
- linux/amd64
- linux/arm64
- linux/arm/v7
- CONTEXT: alpine
IMAGES:
- wiremock/wiremock:latest-alpine
- wiremock/wiremock:3x-alpine
- wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}-alpine
- wiremock/wiremock:${{ github.event.inputs.bundled-version }}-alpine
- ghcr.io/wiremock/wiremock:latest-alpine
- ghcr.io/wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}-alpine
PLATFORMS:
- linux/amd64
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
with:
image: tonistiigi/binfmt:latest
platforms: all
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Checkout sources
uses: actions/checkout@main
with:
fetch-depth: 0
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: wiremockio
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: wiremock
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push WireMock Docker image
uses: docker/build-push-action@v4
with:
context: ${{ matrix.versions.CONTEXT }}
platforms: ${{ join(matrix.versions.PLATFORMS, ',') }}
push: true
tags: ${{ join(matrix.versions.IMAGES, ',') }}
build-args: |
"WIREMOCK_VERSION=${{ github.event.inputs.bundled-version }}"
container-image-scan:
uses: ./.github/workflows/container-image-scan.yml
needs: [check-new-version, docker-build-push]
if: needs.check-new-version.outputs.new_version
with:
image_version: ${{ needs.check-new-version.outputs.new_version }}
secrets: inherit
release:
runs-on: ubuntu-latest
needs: [docker-build-push, check-new-version]
steps:
- name: Checkout sources
uses: actions/checkout@main
with:
fetch-depth: 0
- name: Update version
run: |
# Replace version in README.md
LAST_VERSION=$(git describe --tag --abbrev=0)
LAST_MINOR_VERSION=${LAST_VERSION%.*}
NEW_VERSION=${{ needs.check-new-version.outputs.new_version }}
NEW_MINOR_VERSION=${NEW_VERSION%.*}
sed -i s/${LAST_VERSION}/${NEW_VERSION}/g README.md
sed -i s/${LAST_MINOR_VERSION}/${NEW_MINOR_VERSION}/g README.md
# Replace version in Dockerfiles
LAST_VERSION=${LAST_VERSION%-*}
sed -i 's/ARG WIREMOCK_VERSION=.*/ARG WIREMOCK_VERSION=${{ github.event.inputs.bundled-version }}/g' Dockerfile alpine/Dockerfile
# Push update
git config --local user.name "wiremockio"
git config --local user.email "[email protected]"
git add .
git commit -m "upgrade to version ${NEW_VERSION}"
git remote set-url origin https://${{ secrets.GITHUB_TOKEN }}@github.com/wiremock/wiremock-docker.git
git push origin main
- name: Release
uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ needs.check-new-version.outputs.new_version }}
container-image-monitor:
name: Snyk container image monitoring
runs-on: ubuntu-latest
needs: [check-new-version, release]
if: needs.check-new-version.outputs.new_version
strategy:
matrix:
versions:
- CONTEXT: .
image: wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}
- CONTEXT: alpine
image: wiremock/wiremock:${{ needs.check-new-version.outputs.new_version }}-alpine
steps:
- uses: actions/checkout@v4
- name: Pull image to check we've got it
run: docker pull ${{ matrix.versions.image }}
- name: Run Snyk to monitor Docker image for vulnerabilities
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: ${{ matrix.versions.image }}
command: monitor
args: --file=${{ matrix.versions.CONTEXT }}/Dockerfile --org=f310ee2f-5552-444d-84ee-ec8c44c33adb --project-name=wiremock-docker --policy-path=${{ matrix.versions.CONTEXT }}/.snyk