Merge pull request #97 from canonical/IAM-274

ci: sync version in rockcraft.yaml when release

.github/workflows/build.yaml

@@ -1,6 +1,6 @@
+name: build
 run-name: Build steps for ${{ github.sha }} on ${{ github.ref_name }}
 
-
 on:
   workflow_call:
     outputs:
@@ -14,29 +14,29 @@ jobs:
     outputs:
       rock: ${{ steps.set.outputs.rock }}
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - uses: canonical/craft-actions/rockcraft-pack@main
+        id: rockcraft
+      - name: Set rock output
+        id: set
+        run: echo "rock=${{ steps.rockcraft.outputs.rock }}" >> "$GITHUB_OUTPUT"
 
-    - uses: canonical/craft-actions/rockcraft-pack@main
-      id: rockcraft
-    - name: Set rock output
-      id: set
-      run: echo "rock=${{ steps.rockcraft.outputs.rock }}" >> "$GITHUB_OUTPUT"
-
-    - uses: actions/upload-artifact@v3
-      with:
-        path: ${{ steps.rockcraft.outputs.rock }}
-        name: ${{ steps.rockcraft.outputs.rock }}
+      - uses: actions/upload-artifact@v3
+        with:
+          path: ${{ steps.rockcraft.outputs.rock }}
+          name: ${{ steps.rockcraft.outputs.rock }}
 
-    - name: Install Syft
-      run: |
-        curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
-    - name: Create SBOM
-      run: syft $(realpath ${{ steps.rockcraft.outputs.rock }}) -o spdx-json=identity_platform_login_ui.sbom.json
+      - name: Install Syft
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
 
-    - name: Upload SBOM
-      uses: actions/upload-artifact@v3
-      with:
-        name: identity-platform-login-ui-sbom
-        path: "identity_platform_login_ui.sbom.json"
+      - name: Create SBOM
+        run: syft $(realpath ${{ steps.rockcraft.outputs.rock }}) -o spdx-json=identity_platform_login_ui.sbom.json
 
+      - name: Upload SBOM
+        uses: actions/upload-artifact@v3
+        with:
+          name: identity-platform-login-ui-sbom
+          path: "identity_platform_login_ui.sbom.json"

.github/workflows/ci.yaml

@@ -2,31 +2,31 @@ name: ci
 run-name: CI for ${{ github.sha }} on ${{ github.ref_name }}
 
 on:
-   workflow_dispatch:
-   push:
-     branches:
-     - "main"
-     - "release-**"
-     tags:
-     - "v**"
-   pull_request:
-     branches:
-     - "*"
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+      - "release-**"
+    tags:
+      - "v**"
+  pull_request:
+    branches:
+      - "*"
 
 jobs:
   unit-test:
     uses: ./.github/workflows/unittest.yaml
   build:
     uses: ./.github/workflows/build.yaml
-  publish: 
+  publish:
     if: ${{ (github.ref == 'refs/heads/main') || (github.ref_type == 'tag') }}
-    needs: [build, unit-test]
+    needs: [ build, unit-test ]
     uses: ./.github/workflows/publish.yaml
     with:
-      rock: ${{ needs.build.outputs.rock }} 
+      rock: ${{ needs.build.outputs.rock }}
   scan:
     if: ${{ (github.ref == 'refs/heads/main') || (github.ref_type == 'tag') }}
     needs: publish
     uses: ./.github/workflows/scan.yaml
     with:
-      image: ${{ needs.publish.outputs.image }} 
+      image: ${{ needs.publish.outputs.image }}

.github/workflows/codeql-analysis.yaml

@@ -7,10 +7,10 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [main]
+    branches: [ main ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [main]
+    branches: [ main ]
   schedule:
     - cron: '0 19 * * 4'
 
@@ -24,48 +24,48 @@ jobs:
       matrix:
         # Override automatic language detection by changing the below list
         # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
-        language: ['go']
+        language: [ 'go' ]
         # Learn more...
         # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          # We must fetch at least the immediate parents so that if this is
+          # a pull request then we can checkout the head.
+          fetch-depth: 2
 
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
+      # If this run was triggered by a pull request event, then checkout
+      # the head of the pull request instead of the merge commit.
+      - run: git checkout HEAD^2
+        if: ${{ github.event_name == 'pull_request' }}
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file. 
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
 
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
 
-    #- run: |
-    #   make bootstrap
-    #   make release
+      #- run: |
+      #   make bootstrap
+      #   make release
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/publish.yaml

@@ -1,5 +1,5 @@
-name: container publish
-run-name: Publish container from ${{ inputs.rock }} to ghcr.io/canonical/identity-platform-login-ui
+name: image publish
+run-name: Publish ROCK image from ${{ inputs.rock }} to ghcr.io/canonical/identity-platform-login-ui
 
 on:
   workflow_call:
@@ -19,32 +19,47 @@ jobs:
     outputs:
       image: ${{ steps.set.outputs.image }}
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-
-    - name: Download Artifact
-      uses: actions/download-artifact@v3
-      with:
-        name: ${{ inputs.rock }}
-
-    - name: Install Skopeo
-      run: sudo snap install --devmode --channel edge skopeo
-
-    - name: Upload ROCK to ghcr.io with latest
-      id: latest
-      if: github.ref_type == 'branch'
-      run: |
-        sudo skopeo --insecure-policy copy oci-archive:$(realpath ./"${{ inputs.rock }}") docker://ghcr.io/canonical/identity-platform-login-ui:"${{ github.sha }}" --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" 
-        sudo skopeo --insecure-policy copy oci-archive:$(realpath ./"${{ inputs.rock }}") docker://ghcr.io/canonical/identity-platform-login-ui:latest --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}"
-        echo "image=ghcr.io/canonical/identity-platform-login-ui:${{ github.sha }}" >> "$GITHUB_ENV"
-    - name: Upload ROCK to ghcr.io with stable
-      id: stable
-      if: github.ref_type == 'tag'
-      run: |
-        sudo skopeo --insecure-policy copy oci-archive:$(realpath ./"${{ inputs.rock }}") docker://ghcr.io/canonical/identity-platform-login-ui:"${{ github.ref_name }}" --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" 
-        sudo skopeo --insecure-policy copy oci-archive:$(realpath ./"${{ inputs.rock }}") docker://ghcr.io/canonical/identity-platform-login-ui:stable --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}"
-        echo "image=ghcr.io/canonical/identity-platform-login-ui:${{ github.ref_name }}" >> "$GITHUB_ENV"
-    - name: Set output of image
-      id: set
-      run: echo "image=$image" >> "$GITHUB_OUTPUT"
-
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Download Artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: ${{ inputs.rock }}
+
+      - name: Install Skopeo
+        run: sudo snap install --devmode --channel edge skopeo
+
+      - name: Upload ROCK to ghcr.io in latest channel
+        id: latest
+        if: ${{ github.ref_type }} == "branch"
+        run: |
+          versions=(latest "${{ github.sha }}")
+
+          for version in "${versions[@]}"; do
+            sudo skopeo --insecure-copy \
+              --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" \
+              oci-archive:$(realpath ./"${{ inputs.rock }}") \
+              docker://ghcr.io/canonical/identity-platform-login-ui:"${version}"
+          done
+
+          echo "image=ghcr.io/canonical/identity-platform-login-ui:${{ github.sha }}" >> "$GITHUB_ENV"
+
+      - name: Upload ROCK to ghcr.io in stable channel
+        id: stable
+        if: ${{ github.ref_type }} == "tag"
+        run: |
+          versions=(stable "${{ github.ref_name }}")
+
+          for version in "${versions[@]}"; do
+            sudo skopeo --insecure-copy \
+              --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" \
+              oci-archive:$(realpath ./"${{ inputs.rock }}") \
+              docker://ghcr.io/canonical/identity-platform-login-ui:"${version}"
+          done
+
+          echo "image=ghcr.io/canonical/identity-platform-login-ui:${{ github.ref_name }}" >> "$GITHUB_ENV"
+
+      - name: Set output of image
+        id: set
+        run: echo "image=$image" >> "$GITHUB_OUTPUT"

.github/workflows/release.yaml

@@ -4,9 +4,8 @@ on:
   workflow_dispatch:
   push:
     branches:
-    - main
-    - "release-**" 
-
+      - main
+      - "release-**"
 
 jobs:
   release-please:
@@ -19,15 +18,16 @@ jobs:
           default-branch: main
           pull-request-title-pattern: "ci: release ${version}"
           token: ${{ secrets.PAT_TOKEN }}
+          extra-files: |
+            rockcraft.yaml
         id: release
       - uses: actions/checkout@v3
       - name: Workaround for https://github.com/googleapis/release-please/issues/922
-        if: ${{ steps.release.outputs.pr != '' }}    
+        if: ${{ steps.release.outputs.pr != '' }}
         run: |
           echo "Closing and reopening PR to trigger checks"
           gh pr close ${{ fromJSON(steps.release.outputs.pr).number }} || true
           gh pr reopen ${{ fromJSON(steps.release.outputs.pr).number }} || true
           gh pr merge --auto --merge ${{ fromJSON(steps.release.outputs.pr).number }} || true
         env:
           GITHUB_TOKEN: ${{ secrets.PAT_TOKEN }}
-

.github/workflows/scan.yaml

@@ -12,14 +12,14 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-    - name: Scan image with Trivy
-      uses: aquasecurity/trivy-action@master
-      with:
-        image-ref: ${{ inputs.image }}
-        format: 'sarif'
-        output: 'trivy-results.sarif'
+      - name: Scan image with Trivy
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ inputs.image }}
+          format: 'sarif'
+          output: 'trivy-results.sarif'
 
-    - name: Upload scan results to GitHub
-      uses: github/codeql-action/upload-sarif@v2
-      with:
-        sarif_file: 'trivy-results.sarif'
+      - name: Upload scan results to GitHub
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'

.github/workflows/unittest.yaml

@@ -1,3 +1,4 @@
+name: unit test
 run-name: Unit test steps for ${{ github.sha }} on ${{ github.ref_name }}
 
 on:
@@ -14,18 +15,19 @@ jobs:
       - uses: actions/setup-node@v3
         with:
           node-version: 18
-      
+
       - name: Build js UI
         run: make npm-build
-      
+
       - name: Build Go code
         run: make test
 
       - uses: codecov/codecov-action@v3
         with:
-          files: ./coverage.out        
+          files: ./coverage.out
+
       - name: Upload Go test results
         uses: actions/upload-artifact@v3
         with:
           name: Go-results
-          path: test.json
+          path: test.json

rockcraft.yaml

@@ -2,7 +2,7 @@ name: identity-platform-login-ui
 
 base: bare
 build-base: ubuntu:22.04
-version: '0.1'
+version: '0.6.1' # x-release-please-version
 summary: Canonical Identity platform login UI
 description: |
   This is the Canonical Identity platform login UI used for connecting