-
Notifications
You must be signed in to change notification settings - Fork 276
108 lines (94 loc) · 4.62 KB
/
release-sboms.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
name: Release SBOMs
on:
workflow_dispatch:
inputs:
tag:
description: 'Release tag name'
required: true
release:
types: [released, prereleased]
env:
# The values are extracted from the github.event context,
# which is only available when the workflow gets triggered by a release event.
RELEASE_VERSION: ${{ github.event.release.name }}
BRANCH: ${{ github.event.release.target_commitish }}
jobs:
release-sboms:
if: github.repository_owner == 'Apicurio' && (github.event_name == 'workflow_dispatch' || startsWith(github.event.release.tag_name, '3.'))
runs-on: ubuntu-22.04
timeout-minutes: 30
env:
RELEASE_TYPE: release
steps:
- name: Fetch Release Details
if: github.event_name == 'workflow_dispatch'
run: |
touch release.json && curl https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/${{ github.event.inputs.tag }} > release.json
echo "RELEASE_VERSION=$(cat release.json | jq -r '.name')" >> $GITHUB_ENV
echo "BRANCH=$(cat release.json | jq -r '.target_commitish')" >> $GITHUB_ENV
- name: Download Source Code
run: |
git config --global user.name "apicurio-ci"
git config --global user.email "apicurio.ci@gmail.com"
git clone --branch $RELEASE_VERSION --single-branch https://apicurio-ci:${{ secrets.ACCESS_TOKEN }}@github.com/Apicurio/apicurio-registry.git registry
- name: Checkout SBOMs Repo
run: |
git config --global user.name "apicurio-ci"
git config --global user.email "apicurio.ci@gmail.com"
git clone --branch main --single-branch https://apicurio-ci:${{ secrets.ACCESS_TOKEN }}@github.com/Apicurio/apicurio-sboms.git sboms
cd sboms
echo "SBOM_OUTPUT_DIR=$(pwd)/apicurio-registry/$RELEASE_VERSION" >> $GITHUB_ENV
echo "Generating SBOMs into: $SBOM_OUTPUT_DIR"
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
- name: Set up Node
uses: actions/setup-node@v3
with:
node-version: 20
cache: 'npm'
cache-dependency-path: 'registry/ui/**/package-lock.json'
- name: Maven Install
run: |
cd registry
mvn install -Pprod -DskipTests -Dspotless.check.skip=true
- name: Generate Maven SBOMs
run: |
mkdir -p $SBOM_OUTPUT_DIR
cd registry
echo "Generating Maven SBOM output to: $SBOM_OUTPUT_DIR/apicurio-registry-app-$RELEASE_VERSION.runtime.sbom.dot"
mvn -f app/pom.xml dependency:tree -DoutputType=dot -Dscope=runtime -DoutputFile=$SBOM_OUTPUT_DIR/apicurio-registry-app-$RELEASE_VERSION.runtime.sbom.dot
- name: Generate npm SBOMs
run: |
cd registry/ui
npm install
cd ui-app
echo "Generating npm SBOM output to: $SBOM_OUTPUT_DIR/apicurio-registry-ui-app-$RELEASE_VERSION.sbom.npm"
npm list -prod -depth 10 --json > $SBOM_OUTPUT_DIR/apicurio-registry-ui-app-$RELEASE_VERSION.sbom.npm
cd ../ui-docs
echo "Generating npm SBOM output to: $SBOM_OUTPUT_DIR/apicurio-registry-ui-docs-$RELEASE_VERSION.sbom.npm"
npm list -prod -depth 10 --json > $SBOM_OUTPUT_DIR/apicurio-registry-ui-docs-$RELEASE_VERSION.sbom.npm
- name: Commit SBOMs to Repo
run: |
cd sboms
git add .
git commit -m 'Generated SBOMs for release $RELEASE_VERSION'
git push origin main
- name: Slack Notification (Always)
if: always()
run: |
MESSAGE="'${{ github.workflow }}/${{ github.job }}' job completed with status: ${{ job.status }}"
REPO="${{ github.repository }}"
LINK="https://github.com/$REPO/actions/runs/${{ github.run_id }}"
PAYLOAD="{\"workflow\": \"${{ github.workflow }}\", \"status\": \"${{ job.status }}\", \"message\": \"$MESSAGE\", \"link\": \"$LINK\", \"repository\": \"$REPO\"}"
curl -X POST -H "Content-Type: application/json" -d "$PAYLOAD" ${{ secrets.SLACK_NOTIFICATION_WEBHOOK }}
- name: Slack Notification (Error)
if: failure()
run: |
MESSAGE="'${{ github.workflow }}/${{ github.job }}' job FAILED!"
REPO="${{ github.repository }}"
LINK="https://github.com/$REPO/actions/runs/${{ github.run_id }}"
PAYLOAD="{\"workflow\": \"${{ github.workflow }}\", \"status\": \"${{ job.status }}\", \"message\": \"$MESSAGE\", \"link\": \"$LINK\", \"repository\": \"$REPO\"}"
curl -X POST -H "Content-Type: application/json" -d "$PAYLOAD" ${{ secrets.SLACK_ERROR_WEBHOOK }}