1+ name : release
2+
3+ on :
4+ push :
5+ tags :
6+ - ' [0-9]+.[0-9]+.[0-9]+\-?*'
7+
8+ jobs :
9+ compile :
10+ name : Cross compile binaries
11+ runs-on : ubuntu-latest
12+ container :
13+ image : golangci/golangci-lint:latest
14+ steps :
15+ - name : Checkout Code
16+ uses : actions/checkout@v4
17+ with :
18+ fetch-depth : 0
19+ - name : Make repo safe
20+ run : git config --global --add safe.directory /__w/SOARCA/SOARCA
21+
22+ - name : Install swaggo
23+ run : go install github.com/swaggo/swag/cmd/swag@latest
24+
25+ - name : Build with make
26+ run : |
27+ go install github.com/swaggo/swag/cmd/swag@latest
28+ go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
29+ make compile
30+ make sbom
31+
32+ name : ' Upload Artifact'
33+ uses : actions/upload-artifact@v4
34+ with :
35+ name : ${{ github.sha }}
36+ path : bin/*
37+ retention-days : 1
38+
39+ docker-build :
40+ needs : compile
41+ name : Build docker image and release it to docker hub
42+ runs-on : ubuntu-latest
43+ steps :
44+ - name : Checkout Code
45+ uses : actions/checkout@v4
46+ with :
47+ fetch-depth : 0
48+ - name : Make repo safe
49+ run : git config --global --add safe.directory /__w/SOARCA/SOARCA
50+
51+ - name : Set up QEMU
52+ uses : docker/setup-qemu-action@v3
53+ - name : Set up Docker Buildx
54+ uses : docker/setup-buildx-action@v3
55+
56+ - name : Download bin
57+ uses : actions/download-artifact@v4
58+ with :
59+ pattern : ${{ github.sha }}
60+
61+ - name : Move files to bin folder
62+ run : |
63+ mkdir -p bin
64+ mv ${{ github.sha }}/* ./bin/
65+
66+ name : Login to Docker Hub
67+ uses : docker/login-action@v3
68+ with :
69+ username : ${{ secrets.DOCKER_HUB_USER }}
70+ password : ${{ secrets.DOCKER_HUB_TOKEN }}
71+
72+ - name : Get version
73+ run : |
74+ export VERSION=$(git describe --tags --dirty)
75+ echo "describe_version=$(git describe --tags --dirty)" >> "$GITHUB_ENV"
76+
77+ name : Build and push
78+ uses : docker/build-push-action@v5
79+ with :
80+ context : .
81+ build-args : |
82+ VERSION=${{ env.describe_version }}
83+ push : true
84+ tags : cossas/soarca:${{ env.describe_version }}
85+
86+ release-binary :
87+ needs : compile
88+ name : Create release artifacts
89+ runs-on : ubuntu-latest
90+ steps :
91+ - name : Setup Go
92+ uses : actions/setup-go@v4
93+ with :
94+ go-version : ' 1.21.x'
95+ - name : Import GPG key
96+ uses : crazy-max/ghaction-import-gpg@v6
97+ with :
98+ gpg_private_key : ${{ secrets.GPG_PRIVATE_KEY }}
99+ passphrase : ${{ secrets.GPG_PASSPHRASE }}
100+ - name : Checkout Code
101+ uses : actions/checkout@v4
102+ with :
103+ fetch-depth : 0
104+ - name : Make repo safe
105+ run : git config --global --add safe.directory /__w/SOARCA/SOARCA
106+
107+ - name : Build and sbom swagger
108+ run : |
109+ go install github.com/swaggo/swag/cmd/swag@latest
110+ go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
111+ swag init -o swaggerdocs
112+ make sbom
113+ zip -r bin/sbom.zip bin
114+
115+ name : Release soarca binary
116+ uses : goreleaser/goreleaser-action@v5
117+ with :
118+ distribution : goreleaser
119+ version : latest
120+ args : release --clean
121+ env :
122+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
123+ GPG_FINGERPRINT : ${{ steps.import_gpg.outputs.fingerprint }}
124+
125+ - name : Upload release sbom
126+ uses : actions/github-script@v4
127+ with :
128+ script : |
129+ const fs = require('fs');
130+ const tag = context.ref.replace("refs/tags/", "");
131+ // Get release for this tag
132+ const release = await github.repos.getReleaseByTag({
133+ owner: context.repo.owner,
134+ repo: context.repo.repo,
135+ tag
136+ });
137+ // Upload the release asset
138+ await github.repos.uploadReleaseAsset({
139+ owner: context.repo.owner,
140+ repo: context.repo.repo,
141+ release_id: release.data.id,
142+ name: "sbom.zip",
143+ data: await fs.readFileSync("bin/sbom.zip")
144+ });
0 commit comments