GH-action: split release to npm, dockerhub, github

Merge pull request #223 from CycloneDX/gh-release

Author: jkowalleck

.dockerignore

@@ -1,6 +1,14 @@
 .dockerignore
+Dockerfile
+
+## node specifics
 node_modules
 npm-debug.log
-Dockerfile
+
+# repo specifics
 .git
-.gitignore
+.gitignore
+
+# reports
+reports
+CI_REPORTS

.github/workflows/docker.yml

@@ -9,21 +9,51 @@ on:
   pull_request:
   workflow_dispatch:
 
+env:
+  REPORTS_DIR: CI_reports
+  NODE_ACTIVE_LTS: "16"
+
 jobs:
   test:
     name: Build and test docker image
     runs-on: ubuntu-latest
     timeout-minutes: 30
     env:
+      REPORTS_ARTIFACT: 'docker-image-bom'
       DOCKER_TAG: 'cdx-node-module-testing:${{ github.run_id }}.${{ github.run_number }}.${{ github.run_attempt }}'
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
         uses: actions/[email protected]
+      - name: Login to DockerHub
+        run: docker login --username "$DOCKERHUB_USERNAME" --password "$DOCKERHUB_TOKEN"
+        env:
+          DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
+      ## ! no npm build at the moment
       - name: Build Docker image
-        run: docker build -f Dockerfile -t "$DOCKER_TAG" .
-      - name: Test Docker image
-        run: docker run --rm "$DOCKER_TAG" -h
+        run: docker build -t "$DOCKER_TAG" -f Dockerfile .
+      - name: 'Test: fetch own SBOM'
+        run: |
+          mkdir "$REPORTS_DIR"
+          docker run --rm \
+            -v "$PWD/$REPORTS_DIR:/src/$REPORTS_DIR" \
+            "$DOCKER_TAG" \
+              --type 'application' \
+              --output "/src/$REPORTS_DIR/docker-image.bom.xml"
+          docker run --rm \
+            -v "$PWD/$REPORTS_DIR:/src/$REPORTS_DIR" \
+            "$DOCKER_TAG" \
+              --type 'application' \
+              --output "/src/$REPORTS_DIR/docker-image.bom.json"
+      - name: Artifact reports
+        if: ${{ ! cancelled() }}
+        # see https://github.com/actions/upload-artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: ${{ env.REPORTS_ARTIFACT }}
+          path: ${{ env.REPORTS_DIR }}
+          if-no-files-found: error
       - name: Destroy Docker image
         # run regardless of outcome
         if: ${{ always() }}

.github/workflows/nodejs.yml

@@ -11,8 +11,8 @@ on:
 
 
 env:
-  CI: "true"
   REPORTS_DIR: CI_reports
+  NODE_ACTIVE_LTS: "16"
 
 jobs:
   unit-test:
@@ -38,7 +38,7 @@ jobs:
       - name: dir setup
         run: mkdir ${{ env.REPORTS_DIR }}
       - name: Setup Node.js ${{ matrix.node-version }}
-        ## see https://github.com/actions/setup-node
+        # see https://github.com/actions/setup-node
         uses: actions/[email protected]
         with:
           node-version: ${{ matrix.node-version }}
@@ -66,8 +66,7 @@ jobs:
           ## see https://www.npmjs.com/package/jest-junit
           JEST_JUNIT_OUTPUT_DIR: ${{ env.REPORTS_DIR }}/${{ matrix.os }}_${{ matrix.node-version }}
           JEST_JUNIT_OUTPUT_NAME: junit.xml
-      - name: try to buil project
-        run: npm run build --if-present
+      ## ! no npm build at the moment
       - name: Artifact reports
         if: ${{ ! cancelled() }}
         # see https://github.com/actions/upload-artifact
@@ -85,11 +84,11 @@ jobs:
       - name: Checkout
         # see https://github.com/actions/checkout
         uses: actions/[email protected]
-      - name: Setup Node.js ${{ matrix.node-version }}
-        ## see https://github.com/actions/setup-node
+      - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }}
+        # see https://github.com/actions/setup-node
         uses: actions/[email protected]
         with:
-          node-version: '16' ## active LTS
+          node-version: ${{ env.NODE_ACTIVE_LTS }}
           cache: "npm"
           cache-dependency-path: "**/package-lock.json"
       - name: install project

.github/workflows/release.yml

@@ -14,60 +14,169 @@
 # dependency updates.
 #
 # You will also need to specify a value for the related commit message.
+
 name: Release
 
 on:
   workflow_dispatch:
     inputs:
-      versionLevel:
-        description: 'Version level (must be one of major, minor, patch)'
+      newversion:
+        description: 'Version level [ major | minor | patch | premajor | preminor | prepatch ]'
         required: true
       commitMessage:
-        description: 'Release/commit message'
+        description: 'Release/commit message (%s will be replaced with the resulting version number)'
         required: true
 
+env:
+  REPORTS_DIR: CI_reports
+  NODE_ACTIVE_LTS: "16"
+  DOCKERHUB_REPO: cyclonedx/cyclonedx-node
+  ARTIFACT_DOCKER_SBOM: 'docker-image-bom'
+
 jobs:
-  release:
-    name: Release
+  bump:
+    outputs:
+      version:       ${{ steps.bump.outputs.version }}
+      version_plain: ${{ steps.bump.outputs.version_plain }}
+    name: bump and tag release
     runs-on: ubuntu-latest
     timeout-minutes: 30
-
     steps:
-    - uses: actions/[email protected]
-
-    - name: Setup Node.js
-      uses: actions/[email protected]
-      with:
-        node-version: 12.x
+      - name: Checkout code
+        # see https://github.com/actions/checkout
+        uses: actions/[email protected]
+      - name: Configure Git
+        # needed for push back of changes
+        run: |
+          git config --local user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+          git config --local user.name "${GITHUB_ACTOR}"
+      - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }}
+        # see https://github.com/actions/setup-node
+        uses: actions/[email protected]
+        with:
+          node-version: ${{ env.NODE_ACTIVE_LTS }}
+      ## ! no npm build at the moment
+      - name: bump VERSION
+        id: bump
+        run: |
+          VERSION="$(npm version "$NPMV_NEWVERSION" --message "$NPMV_MESSAGE")"
+          echo "::debug::new version = $VERSION"
+          VERSION_PLAIN="${VERSION:1}" # remove 'v' prefix
+          echo "::debug::plain version = $VERSION_PLAIN"
+          echo "::set-output name=version::$VERSION"
+          echo "::set-output name=version_plain::$VERSION_PLAIN"
+        env:
+          NPMV_NEWVERSION: ${{ github.event.inputs.newversion }}
+          NPMV_MESSAGE: ${{ github.event.inputs.commitMessage }}
+      - name: git push back
+        run: git push --follow-tags
 
-    - name: Configure Git
-      run: |
-        git config --local user.email "${GITHUB_ACTOR}@users.noreply.github.com"
-        git config --local user.name "${GITHUB_ACTOR}"
+  publish-NPM:
+    needs:
+      - "bump"
+    name: NPM - publish
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout code
+        # see https://github.com/actions/checkout
+        uses: actions/[email protected]
+        with:
+          ref: ${{ needs.bump.outputs.version }}
+      - name: publish to NPM
+        run: |
+          npm config set "//registry.npmjs.org/:_authToken=$NODE_AUTH_TOKEN"
+          npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
-    - name: Build & Publish
-      id: build
-      run: |
-        echo Version level: ${{ github.event.inputs.versionLevel }}
-        npm ci
-        npm run build --if-present
-        VERSION=$(npm version ${{ github.event.inputs.versionLevel }} --message "${{ github.event.inputs.commitMessage }}")
-        VERSION=${VERSION:1} # remove 'v' prefix
-        echo "##[set-output name=version;]$VERSION"
-        git push --follow-tags
-        npm config set //registry.npmjs.org/:_authToken=$NODE_AUTH_TOKEN
-        npm publish --access public
-      env:
-        NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  release-DockerHub:
+    needs:
+      - "bump"
+    name: DockerHub - build & publish
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    env:
+      DI_VERSION: ${{ needs.bump.outputs.version_plain }}
+    steps:
+      - name: Checkout code
+        # see https://github.com/actions/checkout
+        uses: actions/[email protected]
+        with:
+          ref: ${{ needs.bump.outputs.version }}
+      - name: Login to DockerHub
+        run: docker login --username "$DOCKERHUB_USERNAME" --password "$DOCKERHUB_TOKEN"
+        env:
+          DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: build Docker image
+        run: > 
+          docker build 
+          -t "$DOCKERHUB_REPO:$DI_VERSION"
+          -t "$DOCKERHUB_REPO:latest"
+          -f Dockerfile .
+      - name: fetch own SBOM
+        run: |
+          mkdir "$REPORTS_DIR"
+          docker run --rm \
+            -v "$PWD/$REPORTS_DIR:/src/$REPORTS_DIR" \
+            "$DOCKERHUB_REPO:$DI_VERSION" \
+              --type 'application' \
+              --output "/src/$REPORTS_DIR/docker-image.bom.xml"
+          docker run --rm \
+            -v "$PWD/$REPORTS_DIR:/src/$REPORTS_DIR" \
+            "$DOCKERHUB_REPO:$DI_VERSION" \
+              --type 'application' \
+              --output "/src/$REPORTS_DIR/docker-image.bom.json"
+      - name: Artifact reports
+        if: ${{ ! cancelled() }}
+        # see https://github.com/actions/upload-artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: ${{ env.ARTIFACT_DOCKER_SBOM }}
+          path: ${{ env.REPORTS_DIR }}
+          if-no-files-found: error
+      - name: publish Docker image
+        run: docker push "$DOCKERHUB_REPO:$DI_VERSION"
+      - name: publish latest Docker image
+        if: ${{ ! startsWith(github.event.inputs.newversion, 'pre') }}
+        run: docker push "$DOCKERHUB_REPO:latest"
+      - name: Destroy Docker image
+        # run regardless of outcome
+        if: ${{ always() }}
+        run: > 
+          docker rmi -f
+          "$DOCKERHUB_REPO:$DI_VERSION"
+          "$DOCKERHUB_REPO:latest"
 
-    - name: Publish Docker image to Docker Hub
-      env:
-        DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
-        DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
-      run: |
-        REPO=cyclonedx/cyclonedx-node
-        VERSION=${{ steps.build.outputs.version }}
-        docker login --username $DOCKERHUB_USERNAME --password "$DOCKERHUB_TOKEN"
-        docker build -f Dockerfile -t $REPO:$VERSION -t $REPO:latest .
-        docker push $REPO:latest
-        docker push $REPO:$VERSION
+  release-GH:
+    needs:
+      - "bump"
+      - "publish-NPM"
+      - "release-DockerHub"
+    name: GitHub - release
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    env:
+      ASSETS_DIR: release_assets
+    steps:
+      - name: create assets dir
+        run: mkdir "$ASSETS_DIR"
+      - name: download docker image sboms
+        # see https://github.com/actions/download-artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: ${{ env.ARTIFACT_DOCKER_SBOM }}
+          path: ${{ env.ASSETS_DIR }}/${{ env.ARTIFACT_DOCKER_SBOM }}
+      - name: Create Release
+        id: release
+        # see https://github.com/softprops/action-gh-release
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ needs.bump.outputs.version }}
+          name:     ${{ needs.bump.outputs.version_plain }}
+          prerelease: ${{ startsWith(github.event.inputs.newversion, 'pre') }}
+          files: |
+            ${{ env.ASSETS_DIR }}/${{ env.ARTIFACT_DOCKER_SBOM }}/*.bom.*