Merge pull request #41 from FireTail-io/feat/fire-1839/publish-to-ghcr

gregalia · web-flow · commit 66c8235fd732 · 2023-10-19T13:52:45.000+03:00
feat/fire-1839/publish-to-ghcr
diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml
@@ -1,15 +1,15 @@
-name: Draft Release On Push To Main And Push Prerelease Image To ECR
+name: Draft Release
+run-name: '@${{ github.triggering_actor }}: ${{ github.ref_name }}: ${{ github.event_name }}'
 
 on:
   push:
     branches:
       - main
 
 env:
-  AWS_REGION: us-east-1
-  ECR_REGISTRY: public.ecr.aws/x7v5r9e4
-  ECR_REPOSITORY: firetail-code-repository-scanner
-      
+  REGISTRY: ghcr.io
+  IMAGE_NAME: firetail-code-repository-scanner
+
 jobs:
   draft-release:
     name: Draft Release
@@ -23,34 +23,58 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Draft Release
         id: draft_release
-        uses: release-drafter/release-drafter@569eb7ee3a85817ab916c8f8ff03a5bd96c9c83e
+        uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5.25.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
-        with:
-          aws-region: ${{ env.AWS_REGION }}
-          role-to-assume: ${{ secrets.AWS_ACCOUNT_ROLE_ARN }}
-          role-session-name: git-api-discovery-publish-action-draft
+      - name: Set Image Tags From Release Output
+        run: |
+          cat <<HEREDOC >>${{ github.env }}
+          PRERELEASE_IMAGE_TAG=${{ steps.draft_release.outputs.tag_name }}-prerelease
+          PRERELEASE_LAMBDA_IMAGE_TAG=${{ steps.draft_release.outputs.tag_name }}-lambda-prerelease
+          HEREDOC
 
-      - name: Login to ECR and build, tag & push prerelease images
-        env:
-          PRERELEASE_IMAGE_TAG: ${{ steps.draft_release.outputs.tag_name }}-prerelease
-          PRERELEASE_LAMBDA_IMAGE_TAG: ${{ steps.draft_release.outputs.tag_name }}-lambda-prerelease
+      - name: Log In to the Container Registry
+        run: |
+           docker login ${{ env.REGISTRY }} \
+            --username ${{ github.actor }} \
+            --password-stdin <<<${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and Push Runtime Image
         run: |
-          aws ecr-public get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin public.ecr.aws
-          docker build --target runtime -t $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG -f build_setup/Dockerfile .
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG
-          docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest-prerelease
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest-prerelease
-          docker build --target runtime-lambda -t $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_LAMBDA_IMAGE_TAG -f build_setup/Dockerfile .
-          docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_LAMBDA_IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest-lambda-prerelease
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_LAMBDA_IMAGE_TAG
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest-lambda-prerelease
-          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG" >> $GITHUB_OUTPUT
+          docker build \
+            --target runtime \
+            --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_IMAGE_TAG }} \
+            --file build_setup/Dockerfile \
+            "${PWD}"
+          docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_IMAGE_TAG }} \
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-prerelease
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_IMAGE_TAG }}
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-prerelease
+
+      - name: Build and Push Lambda Image
+        run: |
+          docker build \
+            --target runtime-lambda \
+            --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_LAMBDA_IMAGE_TAG }} \
+            --file build_setup/Dockerfile \
+            "${PWD}"
+          docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_LAMBDA_IMAGE_TAG }} \
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-lambda-prerelease
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_LAMBDA_IMAGE_TAG }}
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-lambda-prerelease
+
+      - name: Summarize Workflow Run
+        run: |
+          cat <<HEREDOC >>${GITHUB_STEP_SUMMARY}
+          ## Successfully Pushed:
+
+          - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_IMAGE_TAG }}
+          - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-prerelease
+          - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.PRERELEASE_LAMBDA_IMAGE_TAG }}
+          - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-lambda-prerelease
+          HEREDOC
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
@@ -1,56 +1,58 @@
-name: Pull Prerelease Image From ECR And Push As Release Image When Draft Release Is Published
-
+name: Publish Release
+run-name: '@${{ github.triggering_actor }}: ${{ github.ref_name }}: ${{ github.event_name }}: ${{ github.event.action }}'
 on:
   release:
     types: [published]
 
 env:
-  AWS_REGION: us-east-1
-  ECR_REGISTRY: public.ecr.aws/x7v5r9e4
-  ECR_REPOSITORY: firetail-code-repository-scanner
+  REGISTRY: ghcr.io
+  IMAGE_NAME: firetail-code-repository-scanner
 
 jobs:
   publish-release:
     name: Publish Release
-
     environment: prod
-
     runs-on: ubuntu-latest
     permissions:
       id-token: write
       contents: read
       pull-requests: write
 
     steps:
-      - name: Get release
-        id: get_release
-        uses: bruceadams/get-release@74c3d60f5a28f358ccf241a00c9021ea16f0569f
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
-        with:
-          aws-region: ${{ env.AWS_REGION }}
-          role-to-assume: ${{ secrets.AWS_ACCOUNT_ROLE_ARN }}
-          role-session-name: git-api-discovery-publish-action-prod
-
-      - name: Pull prerelease images from ECR, retag them as a releases, and push them back to ECR with their new tags
-        id: build-image
-        env:
-          PRERELEASE_IMAGE_TAG: ${{ steps.get_release.outputs.tag_name }}-prerelease
-          PRERELEASE_LAMBDA_IMAGE_TAG: ${{ steps.get_release.outputs.tag_name }}-lambda-prerelease
-          IMAGE_TAG: ${{ steps.get_release.outputs.tag_name }}
-          LAMBDA_IMAGE_TAG: ${{ steps.get_release.outputs.tag_name }}-lambda
+
+      - name: Log In to the Container Registry
+        run: |
+           docker login ${{ env.REGISTRY }} \
+            --username ${{ github.actor }} \
+            --password-stdin <<<${{ secrets.GITHUB_TOKEN }}
+
+      - name: Publish Prelease Lambda Image as Full Release
         run: |
-          aws ecr-public get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin public.ecr.aws
-          docker pull $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG
-          docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-          docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
-          docker pull $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_LAMBDA_IMAGE_TAG
-          docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_LAMBDA_IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$LAMBDA_IMAGE_TAG
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$LAMBDA_IMAGE_TAG
-          docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$PRERELEASE_LAMBDA_IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest-lambda
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest-lambda
-          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+          docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-prerelease
+          docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-prerelease \
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
+          docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-prerelease \
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+
+      - name: Publish Prelease Lambda Image as Full Release
+        run: |
+          docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-lambda-prerelease
+          docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-lambda-prerelease \
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-lambda
+          docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-lambda-prerelease \
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-lambda
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-lambda
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-lambda
+
+      - name: Summarize Workflow Run
+        run: |
+          cat <<HEREDOC >>${GITHUB_STEP_SUMMARY}
+          ## Successfully Pushed:
+
+          - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
+          - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+          - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}-lambda
+          - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-lambda
+          HEREDOC
diff --git a/README.md b/README.md
@@ -2,16 +2,18 @@
 
 This Docker image will discover APIs in your GitHub account by scanning for openapi/swagger specifications in your repositories, as well as generating them via static code analysis. It will create an API per repository, and potentially multiple collections for that API, in the FireTail SaaS Platform.
 
-
-
 ## Quickstart
 
 First, clone this repo and build the scanner's image:
 
 ```bash
 git clone git@github.com:FireTail-io/github-api-discovery.git
 cd github-api-discovery
-docker build --rm -t firetail-io/github-api-discovery:latest -f build_setup/Dockerfile . --target runtime
+docker build \
+  --tag firetail-io/github-api-discovery:latest \
+  --file build_setup/Dockerfile \
+  --target runtime \
+  .
 ```
 
 Make a copy of the provided [config-example.yml](./config-example.yml) and call it `config.yml`, then edit it for your use case.
@@ -31,36 +33,45 @@ Find a full list of environment variables under [Environment Variables](#environ
 Once you have created a classic GitHub personal access token and a FireTail app token, you can run the scanner image:
 
 ```bash
-export GITHUB_TOKEN=YOUR_GITHUB_TOKEN
-export FIRETAIL_APP_TOKEN=YOUR_FIRETAIL_APP_TOKEN
-docker run --rm -e GITHUB_TOKEN=${GITHUB_TOKEN} -e FIRETAIL_APP_TOKEN=${FIRETAIL_APP_TOKEN} --mount type=bind,source="$(pwd)"/config.yml,target=/config.yml,readonly firetail-io/github-api-discovery:latest
+docker run --rm \
+  --env GITHUB_TOKEN=${YOUR_GITHUB_TOKEN} \
+  --env FIRETAIL_APP_TOKEN=${YOUR_FIRETAIL_APP_TOKEN} \
+  --mount type=bind,source="${PWD}"/config.yml,target=/config.yml,readonly \
+  firetail-io/github-api-discovery:latest
 ```
 
-
-
 ## Tests
 
 The tests can be run using the provided Dockerfile:
 
 ```bash
-docker build --rm -t firetail-io/github-api-discovery:test-python -f build_setup/Dockerfile . --target test-python
+docker build --rm \
+  --tag firetail-io/github-api-discovery:test-python \
+  --file build_setup/Dockerfile \
+  --target test-python \
+  .
 ```
 
 Tests for the Golang analyser can also be run separately using the provided Dockerfile to yield a html coverage report:
 
 ```bash
-docker build --rm -t firetail-io/github-api-discovery:test-golang -f build_setup/Dockerfile . --target test-golang
-docker run --rm --entrypoint cat firetail-io/github-api-discovery:test-golang coverage.html > golang-coverage.html
+docker build \
+  --tag firetail-io/github-api-discovery:test-golang \
+  --file build_setup/Dockerfile \
+  --target test-golang \
+  .
+
+docker run --rm \
+  --volume ./coverage:/coverage \
+  firetail-io/github-api-discovery:test-golang \
+  cp coverage.html /coverage/golang-coverage.html
 ```
 
-
-
 ## Environment Variables
 
-| Variable Name        | Description                                                  | Required? | Default                                          |
-| -------------------- | ------------------------------------------------------------ | --------- | ------------------------------------------------ |
-| `GITHUB_TOKEN`       | A classic GitHub personal access token.                      | Yes ✅     | None                                             |
-| `FIRETAIL_APP_TOKEN` | An app token from the Firetail SaaS.                         | Yes ✅     | None                                             |
-| `FIRETAIL_API_URL`   | The URL of the Firetail SaaS' API.                           | No ❌      | `"https://api.saas.eu-west-1.prod.firetail.app"` |
-| `LOGGING_LEVEL`      | The logging level provided to python's [logging](https://docs.python.org/3/library/logging.html#logging-levels) library. | No ❌      | `"INFO"`                                         |
-
+| Variable Name        | Description                                                                                                              | Required? | Default                                          |
+| -------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------- | ------------------------------------------------ |
+| `GITHUB_TOKEN`       | A classic GitHub personal access token.                                                                                  | Yes ✅    | None                                             |
+| `FIRETAIL_APP_TOKEN` | An app token from the Firetail SaaS.                                                                                     | Yes ✅    | None                                             |
+| `FIRETAIL_API_URL`   | The URL of the Firetail SaaS' API.                                                                                       | No ❌     | `"https://api.saas.eu-west-1.prod.firetail.app"` |
+| `LOGGING_LEVEL`      | The logging level provided to python's [logging](https://docs.python.org/3/library/logging.html#logging-levels) library. | No ❌     | `"INFO"`                                         |
