Update dotnet-framework and dotnet-core agents #1238
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Build" | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| - backport/** | |
| jobs: | |
| # | |
| # Building Stage | |
| # | |
| build: | |
| strategy: | |
| matrix: | |
| variant: | |
| - dotnet-core | |
| - dotnet-framework | |
| - java | |
| - nodejs | |
| - php | |
| - python | |
| - flex | |
| - dummy | |
| runs-on: ubuntu-latest | |
| outputs: | |
| artifact-image-dotnet-core: ${{ steps.detect-artifact.outputs.artifact-image-dotnet-core }} | |
| artifact-version-dotnet-core: ${{ steps.detect-artifact.outputs.artifact-version-dotnet-core }} | |
| artifact-image-dotnet-framework: ${{ steps.detect-artifact.outputs.artifact-image-dotnet-framework }} | |
| artifact-version-dotnet-framework: ${{ steps.detect-artifact.outputs.artifact-version-dotnet-framework }} | |
| artifact-image-java: ${{ steps.detect-artifact.outputs.artifact-image-java }} | |
| artifact-version-java: ${{ steps.detect-artifact.outputs.artifact-version-java }} | |
| artifact-image-nodejs: ${{ steps.detect-artifact.outputs.artifact-image-nodejs }} | |
| artifact-version-nodejs: ${{ steps.detect-artifact.outputs.artifact-version-nodejs }} | |
| artifact-image-php: ${{ steps.detect-artifact.outputs.artifact-image-php }} | |
| artifact-version-php: ${{ steps.detect-artifact.outputs.artifact-version-php }} | |
| artifact-image-python: ${{ steps.detect-artifact.outputs.artifact-image-python }} | |
| artifact-version-python: ${{ steps.detect-artifact.outputs.artifact-version-python }} | |
| artifact-image-flex: ${{ steps.detect-artifact.outputs.artifact-image-flex }} | |
| artifact-version-flex: ${{ steps.detect-artifact.outputs.artifact-version-flex }} | |
| artifact-image-dummy: ${{ steps.detect-artifact.outputs.artifact-image-dummy }} | |
| artifact-version-dummy: ${{ steps.detect-artifact.outputs.artifact-version-dummy }} | |
| env: | |
| AGENT_TYPE: ${{ matrix.variant }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Load Manifest | |
| id: load-manifest | |
| run: | | |
| $manifest = Get-Content './src/${{ env.AGENT_TYPE }}/manifest.json' | ConvertFrom-Json | |
| "version=$($manifest.version)" >> $env:GITHUB_OUTPUT | |
| "image-name-suffix=$($manifest.imageNameSuffix)" >> $env:GITHUB_OUTPUT | |
| "docker-file=$($manifest.dockerFile)" >> $env:GITHUB_OUTPUT | |
| "context=$($manifest.context)" >> $env:GITHUB_OUTPUT | |
| "platforms=$($manifest.platforms)" >> $env:GITHUB_OUTPUT | |
| "image-name=ghcr.io/contrast-security-oss/agent-operator-images/agent-$($manifest.imageNameSuffix)" >> $env:GITHUB_OUTPUT | |
| shell: pwsh | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 | |
| with: | |
| platforms: arm64 | |
| - name: Setup Buildx | |
| uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 | |
| with: | |
| install: true | |
| version: latest | |
| - name: Docker Meta | |
| id: meta | |
| uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 | |
| with: | |
| images: ${{ steps.load-manifest.outputs.image-name }} | |
| tags: | | |
| type=raw,value=trunk-artifact,enable=${{ github.ref == 'refs/heads/master' }} | |
| type=raw,value=backport-artifact,enable=${{ startsWith(github.ref, 'refs/heads/backport/') }} | |
| type=raw,value=pr-artifact,enable=${{ github.event_name == 'pull_request' }} | |
| - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 | |
| id: build | |
| with: | |
| file: ${{ steps.load-manifest.outputs.docker-file }} | |
| context: ${{ steps.load-manifest.outputs.context }} | |
| platforms: ${{ steps.load-manifest.outputs.platforms }} | |
| push: ${{ !(github.event_name == 'pull_request' && github.actor == 'dependabot[bot]') }} # dependabot cant push on pr's | |
| cache-from: ${{ github.actor != 'dependabot[bot]' && format('type=registry,ref={0}:cache', steps.load-manifest.outputs.image-name) || ''}} | |
| cache-to: ${{ github.actor != 'dependabot[bot]' && format('type=registry,ref={0}:cache,mode=max', steps.load-manifest.outputs.image-name) || ''}} | |
| build-args: | | |
| VERSION=${{ steps.load-manifest.outputs.version }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: | | |
| org.opencontainers.image.title=agent-operator-images | |
| org.opencontainers.image.description=Images of agents for the agent-operator. | |
| org.opencontainers.image.url=https://github.com/Contrast-Security-OSS/agent-operator-images | |
| org.opencontainers.image.source=https://github.com/Contrast-Security-OSS/agent-operator-images | |
| org.opencontainers.image.version=${{ steps.load-manifest.outputs.version }} | |
| - name: Detect Artifact | |
| id: detect-artifact | |
| if: ${{ !(github.event_name == 'pull_request' && github.actor == 'dependabot[bot]') }} | |
| run: | | |
| $artifactImage = '${{ steps.load-manifest.outputs.image-name }}@${{ steps.build.outputs.digest }}' | |
| "artifact-image-${{ env.AGENT_TYPE }}=$artifactImage" >> $env:GITHUB_OUTPUT | |
| "artifact-version-${{ env.AGENT_TYPE }}=${{ steps.load-manifest.outputs.version }}" >> $env:GITHUB_OUTPUT | |
| shell: pwsh | |
| test: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| strategy: | |
| matrix: | |
| variants: | |
| - type: dotnet-core | |
| digest: ${{ needs.build.outputs.artifact-image-dotnet-core }} | |
| version: ${{ needs.build.outputs.artifact-version-dotnet-core }} | |
| - type: dotnet-framework | |
| digest: ${{ needs.build.outputs.artifact-image-dotnet-framework }} | |
| version: ${{ needs.build.outputs.artifact-version-dotnet-framework }} | |
| - type: java | |
| digest: ${{ needs.build.outputs.artifact-image-java }} | |
| version: ${{ needs.build.outputs.artifact-version-java }} | |
| - type: nodejs | |
| digest: ${{ needs.build.outputs.artifact-image-nodejs }} | |
| version: ${{ needs.build.outputs.artifact-version-nodejs }} | |
| - type: php | |
| digest: ${{ needs.build.outputs.artifact-image-php }} | |
| version: ${{ needs.build.outputs.artifact-version-php }} | |
| - type: python | |
| digest: ${{ needs.build.outputs.artifact-image-python }} | |
| version: ${{ needs.build.outputs.artifact-version-python }} | |
| - type: flex | |
| digest: ${{ needs.build.outputs.artifact-image-flex }} | |
| version: ${{ needs.build.outputs.artifact-version-flex }} | |
| - type: dummy | |
| digest: ${{ needs.build.outputs.artifact-image-dummy }} | |
| version: ${{ needs.build.outputs.artifact-version-dummy }} | |
| if: ${{ !(github.event_name == 'pull_request' && github.actor == 'dependabot[bot]') }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Login (Github) | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Test | |
| run: | | |
| docker pull '${{ matrix.variants.digest }}' | |
| ./validate-image.ps1 -Type '${{ matrix.variants.type }}' -Image '${{ matrix.variants.digest }}' | |
| shell: pwsh | |
| # Currently just used for pr's. | |
| build-succeeded: | |
| needs: | |
| - build | |
| - test | |
| runs-on: ubuntu-latest | |
| if: ${{ always() && github.event_name == 'pull_request' && github.actor != 'dependabot[bot]' }} | |
| steps: | |
| - name: Ensure Build Success | |
| if: ${{ needs.test.result != 'success' }} | |
| run: exit 1 | |
| - name: Create Digest Comment | |
| uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| with: | |
| issue-number: ${{ github.event.pull_request.number }} | |
| body: | | |
| Images built: | |
| ``` | |
| dotnet-core: ${{ needs.build.outputs.artifact-image-dotnet-core }} | |
| dotnet-framework: ${{ needs.build.outputs.artifact-image-dotnet-framework }} | |
| java: ${{ needs.build.outputs.artifact-image-java }} | |
| nodejs: ${{ needs.build.outputs.artifact-image-nodejs }} | |
| php: ${{ needs.build.outputs.artifact-image-php }} | |
| python: ${{ needs.build.outputs.artifact-image-python }} | |
| flex: ${{ needs.build.outputs.artifact-image-flex }} | |
| ``` | |
| # | |
| # Release Internal Stage | |
| # | |
| release-internal: | |
| runs-on: ubuntu-latest | |
| environment: internal | |
| needs: | |
| - build | |
| - test | |
| strategy: | |
| matrix: | |
| variants: | |
| - type: dotnet-core | |
| digest: ${{ needs.build.outputs.artifact-image-dotnet-core }} | |
| version: ${{ needs.build.outputs.artifact-version-dotnet-core }} | |
| - type: dotnet-framework | |
| digest: ${{ needs.build.outputs.artifact-image-dotnet-framework }} | |
| version: ${{ needs.build.outputs.artifact-version-dotnet-framework }} | |
| - type: java | |
| digest: ${{ needs.build.outputs.artifact-image-java }} | |
| version: ${{ needs.build.outputs.artifact-version-java }} | |
| - type: nodejs | |
| digest: ${{ needs.build.outputs.artifact-image-nodejs }} | |
| version: ${{ needs.build.outputs.artifact-version-nodejs }} | |
| - type: php | |
| digest: ${{ needs.build.outputs.artifact-image-php }} | |
| version: ${{ needs.build.outputs.artifact-version-php }} | |
| - type: python | |
| digest: ${{ needs.build.outputs.artifact-image-python }} | |
| version: ${{ needs.build.outputs.artifact-version-python }} | |
| - type: flex | |
| digest: ${{ needs.build.outputs.artifact-image-flex }} | |
| version: ${{ needs.build.outputs.artifact-version-flex }} | |
| - type: dummy | |
| digest: ${{ needs.build.outputs.artifact-image-dummy }} | |
| version: ${{ needs.build.outputs.artifact-version-dummy }} | |
| concurrency: | |
| group: internal-${{ matrix.variants.type }} | |
| if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/backport/') }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Login (Github) | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker Meta | |
| id: meta | |
| uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 | |
| with: | |
| images: ghcr.io/contrast-security-oss/agent-operator-images/agent-${{ matrix.variants.type }} | |
| tags: | | |
| type=semver,pattern={{version}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }} | |
| type=semver,pattern={{major}}.{{minor}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }} | |
| type=semver,pattern={{major}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }} | |
| type=raw,value=${{ matrix.variants.version }} | |
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }} | |
| - name: Tag for Release | |
| uses: akhilerm/tag-push-action@f35ff2cb99d407368b5c727adbcc14a2ed81d509 # v2.2.0 | |
| with: | |
| src: ${{ matrix.variants.digest }} | |
| dst: | | |
| ${{ steps.meta.outputs.tags }} | |
| # | |
| # Release Public Stage | |
| # | |
| release-public: | |
| runs-on: ubuntu-latest | |
| environment: public | |
| needs: | |
| - build | |
| - release-internal | |
| strategy: | |
| matrix: | |
| variants: | |
| - type: dotnet-core | |
| digest: ${{ needs.build.outputs.artifact-image-dotnet-core }} | |
| version: ${{ needs.build.outputs.artifact-version-dotnet-core }} | |
| - type: dotnet-framework | |
| digest: ${{ needs.build.outputs.artifact-image-dotnet-framework }} | |
| version: ${{ needs.build.outputs.artifact-version-dotnet-framework }} | |
| - type: java | |
| digest: ${{ needs.build.outputs.artifact-image-java }} | |
| version: ${{ needs.build.outputs.artifact-version-java }} | |
| - type: nodejs | |
| digest: ${{ needs.build.outputs.artifact-image-nodejs }} | |
| version: ${{ needs.build.outputs.artifact-version-nodejs }} | |
| - type: php | |
| digest: ${{ needs.build.outputs.artifact-image-php }} | |
| version: ${{ needs.build.outputs.artifact-version-php }} | |
| - type: python | |
| digest: ${{ needs.build.outputs.artifact-image-python }} | |
| version: ${{ needs.build.outputs.artifact-version-python }} | |
| - type: flex | |
| digest: ${{ needs.build.outputs.artifact-image-flex }} | |
| version: ${{ needs.build.outputs.artifact-version-flex }} | |
| - type: dummy | |
| digest: ${{ needs.build.outputs.artifact-image-dummy }} | |
| version: ${{ needs.build.outputs.artifact-version-dummy }} | |
| concurrency: | |
| group: public-${{ matrix.variants.type }} | |
| if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/backport/') }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Login (Github) | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Login (Dockerhub) | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PAT }} | |
| - name: Login (Quay) | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| - name: Docker Meta | |
| id: meta | |
| uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 | |
| with: | |
| images: | | |
| docker.io/contrast/agent-${{ matrix.variants.type }} | |
| quay.io/contrast/agent-${{ matrix.variants.type }} | |
| tags: | | |
| type=semver,pattern={{version}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }} | |
| type=semver,pattern={{major}}.{{minor}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }} | |
| type=semver,pattern={{major}},value=${{ matrix.variants.version }},enable=${{ github.ref == 'refs/heads/master' }} | |
| type=raw,value=${{ matrix.variants.version }} | |
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }} | |
| - name: Tag for Release | |
| uses: akhilerm/tag-push-action@f35ff2cb99d407368b5c727adbcc14a2ed81d509 # v2.2.0 | |
| with: | |
| src: ${{ matrix.variants.digest }} | |
| dst: | | |
| ${{ steps.meta.outputs.tags }} |