Feature/68 add release ci build job (#70)

MaartendeKruijf · web-flow · commit 61a0486fd747 · 2025-01-09T08:59:15.000+01:00
* Added release steps for CI * Added release ci file * Fix naming of safe dir * Update sbom generation * Added install-tools target for makefile * Added install commands * Install dependencies script * Added install script * Install latest fixed by PR #72 * Fixed build instructions and script * Install cyclonedx for sbom * Fix path for sbom * Install cyclonedx in pipeline * Also install node for sbom * Set workdir of main to server
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,154 @@
+name: release
+
+on:
+  push:
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+\-?*'
+
+jobs:
+  compile:
+    name: Build binary
+    runs-on: ubuntu-latest
+    container:
+      image: golangci/golangci-lint:latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Make repo safe
+        run: git config --global --add safe.directory /__w/SOARCA-GUI/SOARCA-GUI
+      - name: Install Templ 
+        run:  go install github.com/a-h/templ/cmd/templ@latest 
+
+      - name: Setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18
+      - run: npm ci
+      
+      - name: Build with make
+        run: make compile
+
+      - name: 'Upload Artifact'
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ github.sha }}
+          path: bin/*
+          retention-days: 1
+
+  
+  docker-build:
+    needs: compile
+    name: Build docker image and push it to docker hub
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Make repo safe
+        run: git config --global --add safe.directory /__w/SOARCA-GUI/SOARCA-GUI
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Download bin
+        uses: actions/download-artifact@v4
+        with: 
+          pattern: ${{ github.sha }}
+
+      - name: Move files to bin folder and make executable
+        run: |
+          mkdir -p bin 
+          mv ${{ github.sha }}/* ./bin/
+          chmod +x bin/soarca-gui-*
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Get version
+        run: |
+          export VERSION=$(git describe --tags --dirty)
+          echo "describe_version=$(git describe --tags --dirty)" >> "$GITHUB_ENV"
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          build-args: |
+            VERSION=${{ env.describe_version }}
+          push: true
+          tags: cossas/soarca-gui:${{ env.describe_version }},cossas/soarca-gui:latest
+
+
+  release-binary:
+    needs: compile
+    name: Create release artifacts
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.23.x'
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Make repo safe
+        run: git config --global --add safe.directory /__w/SOARCA-GUI/SOARCA-GUI
+
+      - name: Setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18
+      - run: npm ci
+
+      - name: Build and sbom
+        run: |
+          go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
+          go install github.com/a-h/templ/cmd/templ@latest 
+          make sbom
+          zip -r bin/sbom.zip bin
+
+      - name: Release soarca gui binary
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+          workdir: server
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+
+      - name: Upload release sbom
+        uses: actions/github-script@v4
+        with:
+          script: |
+            const fs = require('fs');
+            const tag = context.ref.replace("refs/tags/", "");
+            // Get release for this tag
+            const release = await github.repos.getReleaseByTag({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              tag
+            });
+            // Upload the release asset
+            await github.repos.uploadReleaseAsset({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              release_id: release.data.id,
+              name: "sbom.zip",
+              data: await fs.readFileSync("bin/sbom.zip")
+            });
diff --git a/.gitignore b/.gitignore
@@ -8,6 +8,7 @@ plugins/*
 .vscode/*
 build/*
 !build/build.md
+!build/dependencies.sh
 bin/*
 swaggerdocs/*
 **.env
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-.PHONY: dev-server dev-tailwind dev-templ dev build-server build-tailwind build-templ build launch deploy clean test
+.PHONY: install-tools dev-server dev-tailwind dev-templ dev build-server build-tailwind build-templ build launch deploy clean test
 
 
 BINARY_NAME = soarca-gui
@@ -10,6 +10,14 @@ GOLDFLAGS += -X main.Version=$(VERSION)
 GOLDFLAGS += -X main.Buildtime=$(BUILDTIME)
 GOFLAGS = -ldflags "$(GOLDFLAGS)"
 
+#-----------------------------------------------------
+# install
+#-----------------------------------------------------
+
+install-tools: 
+	bash build/dependencies.sh
+	
+
 #-----------------------------------------------------
 # DEV
 #-----------------------------------------------------
@@ -57,9 +65,8 @@ build:  build-templ build-tailwind build-server
 
 build-server:
 	echo "Compiling for every OS and Platform"
-	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/${BINARY_NAME}-${VERSION}-linux-amd64 $(GOFLAGS) ./server/main.go
-	CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o bin/${BINARY_NAME}-${VERSION}-darwin-arm64 $(GOFLAGS) ./server/main.go
-	CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -o bin/${BINARY_NAME}-${VERSION}-windows-amd64 $(GOFLAGS) ./server/main.go
+	CGO_ENABLED=0 go build -o build/${BINARY_NAME} $(GOFLAGS) ./server/main.go
+
 
 
 docker: 
@@ -85,4 +92,17 @@ run: docker
 test: build-templ
 	go test ./... -v
 
-.DEFAULT_GOAL := dev  
+.DEFAULT_GOAL := build  
+
+
+# release
+
+compile: build-templ build-tailwind
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/${BINARY_NAME}-${VERSION}-linux-amd64 $(GOFLAGS) server/main.go
+	CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o bin/${BINARY_NAME}-${VERSION}-darwin-arm64 $(GOFLAGS) server/main.go
+	CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -o bin/${BINARY_NAME}-${VERSION}-windows-amd64 $(GOFLAGS) server/main.go
+
+sbom: build-templ compile
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 cyclonedx-gomod app -main server -json -licenses -output bin/${BINARY_NAME}-${VERSION}-linux-amd64.bom.json
+	CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 cyclonedx-gomod app -main server -json -licenses -output bin/${BINARY_NAME}-${VERSION}-darwin-amd64.bom.json
+	CGO_ENABLED=0 GOOS=windows GOARCH=amd64 cyclonedx-gomod app -main server -json -licenses -output bin/${BINARY_NAME}-${VERSION}-windows-amd64.bom.json
diff --git a/build/build.md b/build/build.md
@@ -0,0 +1,21 @@
+# Building the SOARCA-GUI
+
+
+Install dependencies (Linux):
+
+```
+make install-tools
+
+# Export paths to ~/.bashrc
+echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc
+echo 'export GOROOT=/usr/local/go' >> ~/.bashrc
+echo 'export PATH=$PATH:$GOROOT/bin' >> ~/.bashrc
+echo 'export GOPATH=$HOME/go' >> ~/.bashrc
+echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrc
+
+# Reconnect of start a new shell or
+source ~/.bashrc
+
+
+```
+
diff --git a/build/dependencies.sh b/build/dependencies.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/bash
+set -euxo pipefail
+
+# Install go
+wget https://go.dev/dl/go1.23.4.linux-amd64.tar.gz
+rm -rf /usr/local/go && tar -C /usr/local -xzf go1.23.4.linux-amd64.tar.gz
+
+export PATH=$PATH:/usr/local/go/bin 
+export GOROOT=/usr/local/go
+export PATH=$PATH:$GOROOT/bin
+export GOPATH=$HOME/go
+export PATH=$PATH:$GOPATH/bin
+
+# Install nvm
+wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")" 
+[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
+nvm install 18
+
+# Install dependencies for project
+go install github.com/a-h/templ/cmd/templ@latest
+go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
+npm install
