diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index adf19c7a0..212c3f490 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,6 +1,6 @@ +name: build run-name: Build steps for ${{ github.sha }} on ${{ github.ref_name }} - on: workflow_call: outputs: @@ -14,29 +14,29 @@ jobs: outputs: rock: ${{ steps.set.outputs.rock }} steps: - - name: Checkout repository - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v3 + + - uses: canonical/craft-actions/rockcraft-pack@main + id: rockcraft + - name: Set rock output + id: set + run: echo "rock=${{ steps.rockcraft.outputs.rock }}" >> "$GITHUB_OUTPUT" - - uses: canonical/craft-actions/rockcraft-pack@main - id: rockcraft - - name: Set rock output - id: set - run: echo "rock=${{ steps.rockcraft.outputs.rock }}" >> "$GITHUB_OUTPUT" - - - uses: actions/upload-artifact@v3 - with: - path: ${{ steps.rockcraft.outputs.rock }} - name: ${{ steps.rockcraft.outputs.rock }} + - uses: actions/upload-artifact@v3 + with: + path: ${{ steps.rockcraft.outputs.rock }} + name: ${{ steps.rockcraft.outputs.rock }} - - name: Install Syft - run: | - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin - - name: Create SBOM - run: syft $(realpath ${{ steps.rockcraft.outputs.rock }}) -o spdx-json=identity_platform_login_ui.sbom.json + - name: Install Syft + run: | + curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin - - name: Upload SBOM - uses: actions/upload-artifact@v3 - with: - name: identity-platform-login-ui-sbom - path: "identity_platform_login_ui.sbom.json" + - name: Create SBOM + run: syft $(realpath ${{ steps.rockcraft.outputs.rock }}) -o spdx-json=identity_platform_login_ui.sbom.json + - name: Upload SBOM + uses: actions/upload-artifact@v3 + with: + name: identity-platform-login-ui-sbom + path: "identity_platform_login_ui.sbom.json" diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 5f24104f1..92967876a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -2,31 +2,31 @@ name: ci run-name: CI for ${{ github.sha }} on ${{ github.ref_name }} on: - workflow_dispatch: - push: - branches: - - "main" - - "release-**" - tags: - - "v**" - pull_request: - branches: - - "*" + workflow_dispatch: + push: + branches: + - "main" + - "release-**" + tags: + - "v**" + pull_request: + branches: + - "*" jobs: unit-test: uses: ./.github/workflows/unittest.yaml build: uses: ./.github/workflows/build.yaml - publish: + publish: if: ${{ (github.ref == 'refs/heads/main') || (github.ref_type == 'tag') }} - needs: [build, unit-test] + needs: [ build, unit-test ] uses: ./.github/workflows/publish.yaml with: - rock: ${{ needs.build.outputs.rock }} + rock: ${{ needs.build.outputs.rock }} scan: if: ${{ (github.ref == 'refs/heads/main') || (github.ref_type == 'tag') }} needs: publish uses: ./.github/workflows/scan.yaml with: - image: ${{ needs.publish.outputs.image }} + image: ${{ needs.publish.outputs.image }} diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index 6509f64f1..cd8d2f5ec 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -7,10 +7,10 @@ name: "CodeQL" on: push: - branches: [main] + branches: [ main ] pull_request: # The branches below must be a subset of the branches above - branches: [main] + branches: [ main ] schedule: - cron: '0 19 * * 4' @@ -24,48 +24,48 @@ jobs: matrix: # Override automatic language detection by changing the below list # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] - language: ['go'] + language: [ 'go' ] # Learn more... # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 + - name: Checkout repository + uses: actions/checkout@v3 + with: + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + fetch-depth: 2 - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} + # If this run was triggered by a pull request event, then checkout + # the head of the pull request instead of the merge commit. + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language - #- run: | - # make bootstrap - # make release + #- run: | + # make bootstrap + # make release - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 \ No newline at end of file + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index a09f0fbd7..d2c592741 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -1,5 +1,5 @@ -name: container publish -run-name: Publish container from ${{ inputs.rock }} to ghcr.io/canonical/identity-platform-login-ui +name: image publish +run-name: Publish ROCK image from ${{ inputs.rock }} to ghcr.io/canonical/identity-platform-login-ui on: workflow_call: @@ -19,32 +19,47 @@ jobs: outputs: image: ${{ steps.set.outputs.image }} steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Download Artifact - uses: actions/download-artifact@v3 - with: - name: ${{ inputs.rock }} - - - name: Install Skopeo - run: sudo snap install --devmode --channel edge skopeo - - - name: Upload ROCK to ghcr.io with latest - id: latest - if: github.ref_type == 'branch' - run: | - sudo skopeo --insecure-policy copy oci-archive:$(realpath ./"${{ inputs.rock }}") docker://ghcr.io/canonical/identity-platform-login-ui:"${{ github.sha }}" --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" - sudo skopeo --insecure-policy copy oci-archive:$(realpath ./"${{ inputs.rock }}") docker://ghcr.io/canonical/identity-platform-login-ui:latest --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" - echo "image=ghcr.io/canonical/identity-platform-login-ui:${{ github.sha }}" >> "$GITHUB_ENV" - - name: Upload ROCK to ghcr.io with stable - id: stable - if: github.ref_type == 'tag' - run: | - sudo skopeo --insecure-policy copy oci-archive:$(realpath ./"${{ inputs.rock }}") docker://ghcr.io/canonical/identity-platform-login-ui:"${{ github.ref_name }}" --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" - sudo skopeo --insecure-policy copy oci-archive:$(realpath ./"${{ inputs.rock }}") docker://ghcr.io/canonical/identity-platform-login-ui:stable --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" - echo "image=ghcr.io/canonical/identity-platform-login-ui:${{ github.ref_name }}" >> "$GITHUB_ENV" - - name: Set output of image - id: set - run: echo "image=$image" >> "$GITHUB_OUTPUT" - + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Download Artifact + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.rock }} + + - name: Install Skopeo + run: sudo snap install --devmode --channel edge skopeo + + - name: Upload ROCK to ghcr.io in latest channel + id: latest + if: ${{ github.ref_type }} == "branch" + run: | + versions=(latest "${{ github.sha }}") + + for version in "${versions[@]}"; do + sudo skopeo --insecure-copy \ + --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" \ + oci-archive:$(realpath ./"${{ inputs.rock }}") \ + docker://ghcr.io/canonical/identity-platform-login-ui:"${version}" + done + + echo "image=ghcr.io/canonical/identity-platform-login-ui:${{ github.sha }}" >> "$GITHUB_ENV" + + - name: Upload ROCK to ghcr.io in stable channel + id: stable + if: ${{ github.ref_type }} == "tag" + run: | + versions=(stable "${{ github.ref_name }}") + + for version in "${versions[@]}"; do + sudo skopeo --insecure-copy \ + --dest-creds "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}" \ + oci-archive:$(realpath ./"${{ inputs.rock }}") \ + docker://ghcr.io/canonical/identity-platform-login-ui:"${version}" + done + + echo "image=ghcr.io/canonical/identity-platform-login-ui:${{ github.ref_name }}" >> "$GITHUB_ENV" + + - name: Set output of image + id: set + run: echo "image=$image" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index fc5afc03e..ec5abe808 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -4,9 +4,8 @@ on: workflow_dispatch: push: branches: - - main - - "release-**" - + - main + - "release-**" jobs: release-please: @@ -19,10 +18,12 @@ jobs: default-branch: main pull-request-title-pattern: "ci: release ${version}" token: ${{ secrets.PAT_TOKEN }} + extra-files: | + rockcraft.yaml id: release - uses: actions/checkout@v3 - name: Workaround for https://github.com/googleapis/release-please/issues/922 - if: ${{ steps.release.outputs.pr != '' }} + if: ${{ steps.release.outputs.pr != '' }} run: | echo "Closing and reopening PR to trigger checks" gh pr close ${{ fromJSON(steps.release.outputs.pr).number }} || true @@ -30,4 +31,3 @@ jobs: gh pr merge --auto --merge ${{ fromJSON(steps.release.outputs.pr).number }} || true env: GITHUB_TOKEN: ${{ secrets.PAT_TOKEN }} - \ No newline at end of file diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index ae84b1242..d85e60b0d 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -12,14 +12,14 @@ jobs: scan: runs-on: ubuntu-latest steps: - - name: Scan image with Trivy - uses: aquasecurity/trivy-action@master - with: - image-ref: ${{ inputs.image }} - format: 'sarif' - output: 'trivy-results.sarif' + - name: Scan image with Trivy + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ inputs.image }} + format: 'sarif' + output: 'trivy-results.sarif' - - name: Upload scan results to GitHub - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'trivy-results.sarif' \ No newline at end of file + - name: Upload scan results to GitHub + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/unittest.yaml b/.github/workflows/unittest.yaml index dc49e2fab..c5be0763b 100644 --- a/.github/workflows/unittest.yaml +++ b/.github/workflows/unittest.yaml @@ -1,3 +1,4 @@ +name: unit test run-name: Unit test steps for ${{ github.sha }} on ${{ github.ref_name }} on: @@ -14,18 +15,19 @@ jobs: - uses: actions/setup-node@v3 with: node-version: 18 - + - name: Build js UI run: make npm-build - + - name: Build Go code run: make test - uses: codecov/codecov-action@v3 with: - files: ./coverage.out + files: ./coverage.out + - name: Upload Go test results uses: actions/upload-artifact@v3 with: name: Go-results - path: test.json \ No newline at end of file + path: test.json diff --git a/rockcraft.yaml b/rockcraft.yaml index 9c43a209d..81187f04f 100644 --- a/rockcraft.yaml +++ b/rockcraft.yaml @@ -2,7 +2,7 @@ name: identity-platform-login-ui base: bare build-base: ubuntu:22.04 -version: '0.1' +version: '0.6.1' # x-release-please-version summary: Canonical Identity platform login UI description: | This is the Canonical Identity platform login UI used for connecting