Release DongTai-Server #70
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release DongTai-Server | |
on: | |
release: | |
types: [ created, edited ] | |
workflow_dispatch: | |
inputs: | |
agent_version: | |
required: true | |
type: string | |
server_version: | |
required: true | |
type: string | |
jobs: | |
build: | |
if: ${{ github.repository_owner == 'HXSecurity' }} | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
strategy: | |
max-parallel: 4 | |
matrix: | |
python-version: [3.7] | |
steps: | |
- name: start-build | |
uses: joelwmale/webhook-action@master | |
with: | |
url: ${{ secrets.DONGTAI_WEBHOOK_URL }} | |
body: '{"msg_type": "interactive","card": {"config": {"wide_screen_mode": true,"enable_forward": true},"elements": [{"tag": "div","text": {"content": "状态:项目${{github.repository}}构建开始\n分支:${{github.ref}}\n流程:${{github.workflow}}\n构建编号:${{github.run_number}}\n触发事件:${{github.event_name}}\n提交人:${{github.actor}}\nSHA-1:${{github.sha}}\n","tag": "lark_md"}}]}}' | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Set the value | |
id: release | |
run: | | |
TAG_NAME=${{ github.event.release.tag_name }} | |
ID=`echo ${TAG_NAME##v}` | |
if [ -z "${{ inputs.server_version }}" ] | |
then | |
echo "variable is empty" | |
else | |
ID=${{ inputs.server_version }} | |
fi | |
echo "iast_version=$ID" >> $GITHUB_ENV | |
- name: Generate version file | |
run: | | |
bash .github/workflows/version_update.sh "${{ env.iast_version }}" | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DONGTAI_DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DONGTAI_DOCKERHUB_TOKEN }} | |
- name: Login to Aliyun Registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ${{ secrets.ALIYUN_REGISTRY_HONGKONG }} | |
username: ${{ secrets.ALIYUN_DOCKERHUB_USER }} | |
password: ${{ secrets.ALIYUN_DOCKERHUB_PASSWORD }} | |
- run: | | |
echo "REPLACE INTO project_version_control (version, component_name, component_version_hash) VALUES('${{ env.iast_version }}', '${{ github.event.repository.name }}', '${GITHUB_SHA}');" >> ./deploy/docker/version.sql | |
- name: Upload COS java | |
uses: zkqiang/tencent-cos-action@v0.1.0 | |
with: | |
args: download -rs /agent/java/latest/ ./ --include "*.jar" | |
secret_id: ${{ secrets.TENSECRET_ID }} | |
secret_key: ${{ secrets.TENSECRET_KEY }} | |
bucket: dongtai-helm-charts-1251882848 | |
region: ap-hongkong | |
- name: Upload COS python | |
uses: zkqiang/tencent-cos-action@v0.1.0 | |
with: | |
args: download -rs /agent/python/ ./ --include "*.tar.gz" | |
secret_id: ${{ secrets.TENSECRET_ID }} | |
secret_key: ${{ secrets.TENSECRET_KEY }} | |
bucket: dongtai-helm-charts-1251882848 | |
region: ap-hongkong | |
- name: Upload COS php | |
uses: zkqiang/tencent-cos-action@v0.1.0 | |
with: | |
args: download -rs /agent/php/ ./ --include "*.tar.gz" | |
secret_id: ${{ secrets.TENSECRET_ID }} | |
secret_key: ${{ secrets.TENSECRET_KEY }} | |
bucket: dongtai-helm-charts-1251882848 | |
region: ap-hongkong | |
- name: Setup QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Setup Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build and push | |
uses: docker/build-push-action@v3 | |
with: | |
file: Dockerfile | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: | | |
dongtai/dongtai-server:latest | |
dongtai/dongtai-server:${{ env.iast_version }} | |
- name: finish build | |
uses: joelwmale/webhook-action@master | |
with: | |
url: ${{ secrets.DONGTAI_WEBHOOK_URL }} | |
body: '{"msg_type": "interactive","card": {"config": {"wide_screen_mode": true,"enable_forward": true},"elements": [{"tag": "div","text": {"content": "状态:项目${{github.repository}}构建成功\n分支:${{github.ref}}\n流程:${{github.workflow}}\n构建编号:${{github.run_number}}\n触发事件:${{github.event_name}}\n提交人:${{github.actor}}\nSHA-1:${{github.sha}}\n","tag": "lark_md"}}]}}' | |
helm: | |
if: ${{ github.repository_owner == 'HXSecurity' }} | |
name: Build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Set the value | |
id: release | |
run: | | |
TAG_NAME=${{ github.event.release.tag_name }} | |
ID=`echo ${TAG_NAME##v}` | |
if [ -z "${{ inputs.server_version }}" ] | |
then | |
echo "variable is empty" | |
else | |
ID=${{ inputs.server_version }} | |
fi | |
echo "iast_version=$ID" >> $GITHUB_ENV | |
- uses: azure/setup-helm@v1 | |
with: | |
version: 'latest' | |
id: install | |
- name: Get the release version | |
id: get_version | |
run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/} | |
- name: Download existed repo files | |
run: | | |
sed -i "s#tag: latest#tag: ${{ env.iast_version }}#g" deploy/kubernetes/helm/values.yaml | |
mkdir -p /github/workspace/cos | |
- name: Upload COS php | |
uses: zkqiang/tencent-cos-action@v0.1.0 | |
with: | |
args: download -rs iast/ /github/workspace/cos --ignore "*.yaml" | |
secret_id: ${{ secrets.TENSECRET_ID }} | |
secret_key: ${{ secrets.TENSECRET_KEY }} | |
bucket: dongtai-helm-charts-1251882848 | |
region: ap-hongkong | |
- name: Create helm package | |
run: | | |
ls /github/workspace/cos | |
helm package deploy/kubernetes/helm -d /github/workspace/cos --app-version ${{ env.iast_version }} --version ${{ env.iast_version }} | |
ls /github/workspace/cos | |
helm repo index /github/workspace/cos --url ${{ secrets.DONGTAI_IAST_CHART_REPO_URL }} | |
- name: Upload COS 2 | |
uses: zkqiang/tencent-cos-action@v0.1.0 | |
with: | |
args: upload -rs /github/workspace/cos/dongtai-iast-${{ env.iast_version }}.tgz /iast/ && upload -rs /github/workspace/cos/index.yaml /iast/ | |
secret_id: ${{ secrets.TENSECRET_ID }} | |
secret_key: ${{ secrets.TENSECRET_KEY }} | |
bucket: dongtai-helm-charts-1251882848 | |
region: ap-hongkong | |