Skip to content
goreleaser-scheduled

goreleaser-scheduled #1873

Sign in to view logs

goreleaser-scheduled

goreleaser-scheduled #1873

Workflow file for this run

.github/workflows/release-nightly.yml at b7d18d7
name: goreleaser-scheduled
on:
schedule:
- cron: "0 2 * * *"
workflow_dispatch:
jobs:
pre_release_job:
runs-on: ubuntu-latest
outputs:
changes: ${{ steps.lasttag.outputs.newchanges }}
sha8: ${{ steps.shorthash.outputs.sha8 }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Check if there are new commits since last nightly
id: lasttag
run: echo "::set-output name=newchanges::$(bash ./.github/scripts/is-changed-since-last-nightly.sh)"
- name: Set short hash
id: shorthash
run: echo "::set-output name=sha8::$(echo ${GITHUB_SHA} | cut -c1-8)"
goreleaser:
needs: pre_release_job
if: ${{ needs.pre_release_job.outputs.changes == 'yes' }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2
if: always()
with:
github-token: ${{ secrets.KICS_BOT_PAT }}
webhook-uri: ${{ secrets.MSTEAMS_WEBHOOK_URL }}
card-layout-start: cozy
card-layout-exit: complete
show-on-start: true
show-on-exit: true
custom-facts: |
- name: Nightly Release Commit
value: ${{ needs.pre_release_job.outputs.sha8 }}
custom-actions: |
- name: View CI Logs
value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }}"
- name: View HEAD Commit
value: https://github.com/Checkmarx/kics/commit/${{ github.sha }}
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.26.x
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
with:
version: v0.160.0
args: release --rm-dist --snapshot --skip-validate --config="./release/.goreleaser-nightly.yml"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
DESCRIPTIONS_URL: ${{ secrets.DESCRIPTIONS_URL }}
- name: delete release
uses: dev-drprasad/delete-tag-and-release@82600feb9527126eca69833f07bafe53279bd9b4 # v1.1
with:
delete_release: true # default: false
tag_name: nightly # tag name to delete
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create Release
id: create_release
uses: actions/create-release@v1.1.4
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: nightly
release_name: nightly-${{ needs.pre_release_job.outputs.sha8 }}
draft: false
prerelease: true
- name: Display assets
run: |
ls -l /home/runner/work/kics/kics/dist
- name: Upload Release Asset Linux
id: upload-release-asset-linux
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_linux_x64.tar.gz
asset_name: kics_nightly-release_linux_amd64.tar.gz
asset_content_type: application/gzip
- name: Upload Release Asset Darwin
id: upload-release-asset-darwin
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_darwin_x64.tar.gz
asset_name: kics_nightly-release_darwin_amd64.tar.gz
asset_content_type: application/gzip
- name: Upload Release Asset Windows
id: upload-release-asset-windows
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_windows_x64.zip
asset_name: kics_nightly-release_windows_amd64.zip
asset_content_type: application/zip
- name: Upload Release Asset Checksum
id: upload-release-asset-checksums
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: /home/runner/work/kics/kics/dist/kics_nightly_checksums.txt
asset_name: kics_nightly-release_checksums.txt
asset_content_type: text/plain
push_to_registry:
name: Push Docker image to Docker Hub
needs: pre_release_job
if: ${{ needs.pre_release_job.outputs.changes == 'yes' }}
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2
if: always()
with:
github-token: ${{ secrets.KICS_BOT_PAT }}
webhook-uri: ${{ secrets.MSTEAMS_WEBHOOK_URL }}
card-layout-start: cozy
card-layout-exit: complete
show-on-start: true
show-on-exit: true
custom-facts: |
- name: Nightly Release Commit
value: ${{ needs.pre_release_job.outputs.sha8 }}
custom-actions: |
- name: View CI Logs
value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }}"
- name: View HEAD Commit
value: https://github.com/Checkmarx/kics/commit/${{ github.sha }}
- name: Set up QEMU
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2
with:
image: tonistiigi/binfmt:latest
platforms: linux/amd64,linux/arm64
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Login to DockerHub
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Get current date
run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
- name: Docker meta
id: meta
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: "checkmarx/kics"
labels: |
org.opencontainers.image.title=KICS
org.opencontainers.image.version=nightly-${{ needs.pre_release_job.outputs.sha8 }}
org.opencontainers.image.vendor=Checkmarx
org.opencontainers.image.authors=KICS
org.opencontainers.image.description=Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
org.opencontainers.image.documentation=https://docs.kics.io
org.opencontainers.image.url=https://github.com/Checkmarx/kics
org.opencontainers.image.source=https://github.com/Checkmarx/kics
org.opencontainers.image.licenses=Apache-2.0
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.created=${{ env.CREATED_AT }}
- name: Push main to Docker Hub
id: build_main
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: checkmarx/kics:nightly
build-args: |
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }}
COMMIT=${{ github.sha }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push alpine to Docker Hub
id: build_alpine
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: .
file: ./docker/Dockerfile.alpine
push: true
platforms: linux/amd64,linux/arm64
tags: checkmarx/kics:nightly-alpine
build-args: |
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }}
COMMIT=${{ github.sha }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push debian to Docker Hub
id: build_debian
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: .
file: ./docker/Dockerfile.debian
push: true
platforms: linux/amd64,linux/arm64
tags: checkmarx/kics:nightly-debian
build-args: |
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }}
COMMIT=${{ github.sha }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push ubi8 to Docker Hub
id: build_ubi8
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: .
file: ./docker/Dockerfile.ubi8
push: true
tags: checkmarx/kics:nightly-ubi8
platforms: linux/amd64
build-args: |
VERSION=nightly-${{ needs.pre_release_job.outputs.sha8 }}
COMMIT=${{ github.sha }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
labels: ${{ steps.meta.outputs.labels }}
- name: Create Pull Request
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
with:
title: "docs(kicsbot): update images digest"
token: ${{ secrets.KICS_BOT_PAT }}
commit-message: "docs(kicsbot): update images digest"
delete-branch: true
branch: feature/kicsbot-update-queries-docs
body: |
**Automated Changes**
Updating docker images digests
Triggered by SHA: _${{ github.sha }}_
labels: documentation