diff --git a/.github/workflows/debug.yml b/.github/workflows/debug.yml new file mode 100644 index 0000000..2617acd --- /dev/null +++ b/.github/workflows/debug.yml @@ -0,0 +1,63 @@ +name: Manual SCC Product Version Verification + +on: + workflow_dispatch: + inputs: + product-name: + description: 'Product name to verify' + required: true + type: string + version: + description: 'Version to verify (e.g., v1.2.3 or 1.2.3-rc1)' + required: true + type: string + staging-code: + description: 'SCC staging registration code (optional - if not provided, staging verification is skipped)' + required: false + default: '' + production-code: + description: 'SCC production registration code (optional - if not provided, production verification is skipped)' + required: false + default: '' + fail-on-error: + description: 'Fail the workflow if verification fails' + required: false + type: boolean + default: false + +jobs: + verify: + runs-on: ubuntu-latest + steps: + - name: Mask sensitive registration codes + shell: bash + run: | + if [ -n "${{ inputs.staging-code }}" ]; then + echo "::add-mask::${{ inputs.staging-code }}" + fi + if [ -n "${{ inputs.production-code }}" ]; then + echo "::add-mask::${{ inputs.production-code }}" + fi + + - name: Checkout repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + with: + fetch-depth: 0 + + - name: Download SCC Product Version Verifier + uses: ./actions/download + + - name: Verify Product Version + uses: ./actions/verify + with: + product-name: ${{ inputs.product-name }} + version: ${{ inputs.version }} + staging-code: ${{ inputs.staging-code }} + production-code: ${{ inputs.production-code }} + fail-on-error: ${{ inputs.fail-on-error }} + + - name: Verification Complete + shell: bash + run: | + echo "✅ Verification workflow completed" + echo "Check the step summary for detailed results" \ No newline at end of file diff --git a/.golangci.yml b/.golangci.yml index aae7ba9..31ab01f 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -9,7 +9,7 @@ linters: main: allow: - $gostd - - github.com/rancher-sandbox/scc-product-version-verifier + - github.com/rancherlabs/scc-product-version-verifier - github.com/sirupsen/logrus - github.com/spf13/cobra - github.com/spf13/viper diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 6c67145..28cd802 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -26,9 +26,9 @@ builds: - -extldflags - -static - -s - - -X github.com/rancher-sandbox/scc-product-version-verifier/cmd/version.Version={{.Version}} - - -X github.com/rancher-sandbox/scc-product-version-verifier/cmd/version.GitCommit={{.Commit}} - - -X github.com/rancher-sandbox/scc-product-version-verifier/cmd/version.Date={{.Date}} + - -X github.com/rancherlabs/scc-product-version-verifier/cmd/version.Version={{.Version}} + - -X github.com/rancherlabs/scc-product-version-verifier/cmd/version.GitCommit={{.Commit}} + - -X github.com/rancherlabs/scc-product-version-verifier/cmd/version.Date={{.Date}} diff --git a/README.md b/README.md index db31523..ff842df 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,73 @@ scc-product-version-verifier curl-verify rancher 2.12.3 > The SCC api is case-sensitive for product lookup meaning `SLES` != `sles`. > For SLES look up it must be upper case, for `rancher` lookup it must be lower case. -## Contributing +## GitHub Actions -Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change. +This repository provides reusable GitHub Actions to download and use the verifier in your CI/CD workflows. + +### Download Action + +Downloads and installs the latest version of `scc-product-version-verifier`. + +**Location:** `rancherlabs/scc-product-version-verifier/actions/download` + +**Requirements:** +- Works on Linux runners +- No sudo required (uses GitHub Actions provided gh cli) + +**Outputs:** +- `version`: The installed version of the verifier +- `bin-path`: Installation path of the verifier +- `asset-name`: Name of the downloaded tool + +**Example:** + +```yaml +- name: Setup SCC Product Version Verifier + uses: rancherlabs/scc-product-version-verifier/actions/download@main +``` + +### Verify Action + +Verifies a product version against SCC staging and/or production environments. + +**Location:** `rancherlabs/scc-product-version-verifier/actions/verify` + +**Requirements:** +- `scc-product-version-verifier` must be installed (use the download action first) +- Valid SCC registration code(s) + +**Inputs:** +- `version` (required): Version to verify (will be sanitized to remove `v` prefix and prerelease suffixes) +- `staging-code` (optional): SCC staging registration code +- `production-code` (optional): SCC production registration code +- `product-name` (required): Product name to verify (case-sensitive) +- `fail-on-error` (optional, default: `false`): Fail the workflow if verification fails + +**Outputs:** +- `staging-result`: Staging verification result (`passed`/`failed`/`skipped`) +- `production-result`: Production verification result (`passed`/`failed`/`skipped`) + +**Example:** + +```yaml +- name: Setup Verifier + uses: rancherlabs/scc-product-version-verifier/actions/download@main + +- run: echo "${{ github.workspace }}/bin" >> $GITHUB_PATH + +- name: Verify Product Version + uses: rancherlabs/scc-product-version-verifier/actions/verify@main + with: + version: v2.12.3 + staging-code: ${{ secrets.SCC_STAGING_CODE }} + production-code: ${{ secrets.SCC_PRODUCTION_CODE }} + product-name: rancher + fail-on-error: false +``` + +**Notes:** +- By default, verification failures do NOT fail the workflow (`fail-on-error: false`). Set to `true` to enforce strict verification. +- Version strings are automatically sanitized (e.g., `v2.12.3-rc1` becomes `2.12.3`) +- Product names are case-sensitive (e.g., `SLES` vs `sles`, `rancher` vs `Rancher`) +- Results are written to the GitHub Actions step summary for easy viewing \ No newline at end of file diff --git a/actions/download/action.yaml b/actions/download/action.yaml new file mode 100644 index 0000000..9a05c13 --- /dev/null +++ b/actions/download/action.yaml @@ -0,0 +1,108 @@ +name: 'Setup SCC Product Version Verifier' +description: 'Downloads and prepares the SCC product version verifier CLI tool (Linux only)' +branding: + icon: 'check-circle' + color: 'green' + +inputs: + version: + description: 'Release version to download (e.g., v1.2.3 or "latest")' + required: false + default: 'latest' + token: + description: 'GitHub token for API access' + required: false + default: ${{ github.token }} + output-dir: + description: 'Directory to extract downloaded files to' + required: false + default: './bin' + +outputs: + version: + description: 'The release tag that was downloaded' + value: ${{ steps.release.outputs.tag }} + bin-path: + description: 'Path where binaries were extracted' + value: ${{ steps.download.outputs.bin-path }} + asset-name: + description: 'Name of the downloaded asset' + value: ${{ steps.download.outputs.asset-name }} + +runs: + using: 'composite' + steps: + - name: Verify Linux + shell: bash + run: | + if [ "${{ runner.os }}" != "Linux" ]; then + echo "::error::This action only supports Linux runners" + exit 1 + fi + + - name: Get release information + id: release + shell: bash + env: + GH_TOKEN: ${{ inputs.token }} + REPO: "rancherlabs/scc-product-version-verifier" + run: | + TAG="${{ inputs.version }}" + if [ "$TAG" == "latest" ] || [ -z "$TAG" ]; then + TAG=$(gh release view --repo "$REPO" --json tagName -q .tagName) + fi + echo "tag=$TAG" >> $GITHUB_OUTPUT + + - name: Download and Extract + id: download + shell: bash + env: + GH_TOKEN: ${{ inputs.token }} + REPO: "rancherlabs/scc-product-version-verifier" + BINARY_NAME: "scc-product-version-verifier" + run: | + ARCH="${{ runner.arch }}" + case "$ARCH" in + X64) + ARCH="x86_64" + ;; + ARM64) + ARCH="arm64" + ;; + X86|ARM) + echo "::error::Unsupported runner architecture: $ARCH. This action currently supports only X64 and ARM64 Linux runners." + exit 1 + ;; + *) + echo "::error::Unknown runner architecture: $ARCH" + exit 1 + ;; + esac + TAG="${{ steps.release.outputs.tag }}" + OUT="${{ inputs.output-dir }}" + + mkdir -p "$OUT" + + # 1. Download the archive + gh release download "$TAG" \ + --repo "$REPO" \ + --pattern "*Linux*${ARCH}*.tar.gz" \ + --dir "$OUT" \ + --clobber + + # 2. Extract and identify the archive name for cleanup + ARCHIVE=$(find "$OUT" -maxdepth 1 -type f -name "*.tar.gz" -print -quit) + tar -xzf "$ARCHIVE" -C "$OUT" + rm "$ARCHIVE" + + # 3. Ensure permissions + chmod +x "$OUT/$BINARY_NAME" + + # 4. Set Outputs + echo "asset-name=$BINARY_NAME" >> $GITHUB_OUTPUT + echo "bin-path=$OUT" >> $GITHUB_OUTPUT + + # 5. Add to PATH for immediate use + echo "$(realpath "$OUT")" >> $GITHUB_PATH + + echo "✓ $BINARY_NAME is ready at $OUT/$BINARY_NAME" \ No newline at end of file diff --git a/actions/verify/action.yaml b/actions/verify/action.yaml new file mode 100644 index 0000000..bed2b36 --- /dev/null +++ b/actions/verify/action.yaml @@ -0,0 +1,133 @@ +name: 'SCC Product Version Verify' +description: 'Verifies a product version against SCC staging and production environments' +branding: + icon: 'check-circle' + color: 'green' + +inputs: + version: + description: 'Version to verify (will be sanitized to remove v prefix and prerelease suffixes)' + required: true + staging-code: + description: 'SCC staging registration code (optional - if not provided, staging verification is skipped)' + required: false + default: '' + production-code: + description: 'SCC production registration code (optional - if not provided, production verification is skipped)' + required: false + default: '' + product-name: + description: 'Product name to verify' + required: true + fail-on-error: + description: 'Fail the workflow if verification fails' + required: false + default: 'false' + +outputs: + staging-result: + description: 'Staging verification result (passed/failed/skipped)' + value: ${{ steps.verify-staging.outputs.result }} + production-result: + description: 'Production verification result (passed/failed/skipped)' + value: ${{ steps.verify-production.outputs.result }} + +runs: + using: 'composite' + steps: + - name: Mask sensitive registration codes + shell: bash + run: | + if [ -n "${{ inputs.staging-code }}" ]; then + echo "::add-mask::${{ inputs.staging-code }}" + fi + if [ -n "${{ inputs.production-code }}" ]; then + echo "::add-mask::${{ inputs.production-code }}" + fi + + - name: Check if verifier is installed + shell: bash + run: | + if ! command -v scc-product-version-verifier &> /dev/null; then + echo "Error: scc-product-version-verifier is not installed" + echo "Please use the rancherlabs/scc-product-version-verifier/actions/download action first" + exit 1 + fi + echo "Verifier found at: $(which scc-product-version-verifier)" + + - name: Sanitize version + id: sanitize + shell: bash + run: | + VERSION="${{ inputs.version }}" + # Remove 'v' prefix if present + VERSION="${VERSION#v}" + # Remove any prerelease suffixes (everything after and including -) + SANITIZED_VERSION="${VERSION%%-*}" + echo "sanitized_version=$SANITIZED_VERSION" >> $GITHUB_OUTPUT + echo "Original version: ${{ inputs.version }}" + echo "Sanitized version: $SANITIZED_VERSION" + + - name: Verify with staging code + id: verify-staging + shell: bash + continue-on-error: ${{ inputs.fail-on-error == 'false' }} + env: + SCC_REGCODE: ${{ inputs.staging-code }} + run: | + if [ -z "$SCC_REGCODE" ]; then + echo "result=skipped" >> $GITHUB_OUTPUT + exit 0 + fi + + echo "## 🔍 SCC Staging Verification - ${{ inputs.product-name }}" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "**Product:** ${{ inputs.product-name }}" >> $GITHUB_STEP_SUMMARY + echo "**Version:** ${{ steps.sanitize.outputs.sanitized_version }}" >> $GITHUB_STEP_SUMMARY + echo "**Environment:** Staging (-S flag)" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + + echo "Running staging verification for ${{ inputs.product-name }}..." + if scc-product-version-verifier curl-verify ${{ inputs.product-name }} ${{ steps.sanitize.outputs.sanitized_version }} -S; then + echo "✅ **Result:** Verification PASSED" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "result=passed" >> $GITHUB_OUTPUT + else + echo "⚠️ **Result:** Verification FAILED or returned warning" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "result=failed" >> $GITHUB_OUTPUT + exit 1 + fi + + - name: Verify with production code + id: verify-production + shell: bash + continue-on-error: ${{ inputs.fail-on-error == 'false' }} + env: + SCC_REGCODE: ${{ inputs.production-code }} + run: | + if [ -z "$SCC_REGCODE" ]; then + echo "result=skipped" >> $GITHUB_OUTPUT + exit 0 + fi + + echo "---" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "## 🔍 SCC Production Verification - ${{ inputs.product-name }}" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "**Product:** ${{ inputs.product-name }}" >> $GITHUB_STEP_SUMMARY + echo "**Version:** ${{ steps.sanitize.outputs.sanitized_version }}" >> $GITHUB_STEP_SUMMARY + echo "**Environment:** Production" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + + echo "Running production verification for ${{ inputs.product-name }}..." + if scc-product-version-verifier curl-verify ${{ inputs.product-name }} ${{ steps.sanitize.outputs.sanitized_version }}; then + echo "✅ **Result:** Verification PASSED" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "result=passed" >> $GITHUB_OUTPUT + else + echo "⚠️ **Result:** Verification FAILED or returned warning" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "result=failed" >> $GITHUB_OUTPUT + exit 1 + fi diff --git a/cmd/curl.go b/cmd/curl.go index 35d9d28..e152be7 100644 --- a/cmd/curl.go +++ b/cmd/curl.go @@ -4,7 +4,7 @@ import ( "fmt" "log" - "github.com/rancher-sandbox/scc-product-version-verifier/internal/curler" + "github.com/rancherlabs/scc-product-version-verifier/internal/curler" "github.com/sirupsen/logrus" "github.com/spf13/cobra" "github.com/spf13/viper" diff --git a/cmd/version.go b/cmd/version.go index 735a6ad..77ca105 100644 --- a/cmd/version.go +++ b/cmd/version.go @@ -3,7 +3,7 @@ package cmd import ( "fmt" - "github.com/rancher-sandbox/scc-product-version-verifier/cmd/version" + "github.com/rancherlabs/scc-product-version-verifier/cmd/version" "github.com/spf13/cobra" ) diff --git a/go.mod b/go.mod index 6776c49..08e8e3e 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/rancher-sandbox/scc-product-version-verifier +module github.com/rancherlabs/scc-product-version-verifier go 1.25.0 diff --git a/internal/curler/curler_test.go b/internal/curler/curler_test.go index daf9c72..7b2e708 100644 --- a/internal/curler/curler_test.go +++ b/internal/curler/curler_test.go @@ -6,7 +6,7 @@ import ( "net/http/httptest" "testing" - "github.com/rancher-sandbox/scc-product-version-verifier/internal/curler" + "github.com/rancherlabs/scc-product-version-verifier/internal/curler" ) func TestCurlVerify(t *testing.T) { diff --git a/main.go b/main.go index 982c30d..048f2ee 100644 --- a/main.go +++ b/main.go @@ -1,6 +1,6 @@ package main -import "github.com/rancher-sandbox/scc-product-version-verifier/cmd" +import "github.com/rancherlabs/scc-product-version-verifier/cmd" func main() { cmd.Execute()