chore: bump duty to v1.0.1132 (#1806) #1152
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: write | |
| id-token: write | |
| jobs: | |
| semantic-release: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| release-version: ${{ steps.semantic.outputs.release-version }} | |
| new-release-published: ${{ steps.semantic.outputs.new-release-published }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: codfish/semantic-release-action@6c65402abb31a48c3f7396d7d099da015be67c2b # v4.0.1 | |
| id: semantic | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| binary: | |
| runs-on: ubuntu-latest | |
| needs: semantic-release | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| node-version: "16" | |
| - name: Install Go | |
| uses: buildjet/setup-go@555ce355a95ff01018ffcf8fbbd9c44654db8374 # v5 | |
| with: | |
| go-version: v1.25.x | |
| - uses: buildjet/cache@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| .bin | |
| key: cache-${{ hashFiles('**/go.sum') }}-${{ hashFiles('.bin/*') }} | |
| restore-keys: | | |
| cache- | |
| - run: make release | |
| env: | |
| VERSION: v${{ needs.semantic-release.outputs.release-version }} | |
| - name: Upload binaries to release | |
| uses: svenstaro/upload-release-action@81c65b7cd4de9b2570615ce3aad67a41de5b1a13 # 2.11.2 | |
| with: | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| file: ./.release/* | |
| tag: v${{ needs.semantic-release.outputs.release-version }} | |
| overwrite: true | |
| file_glob: true | |
| docker: | |
| needs: semantic-release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 | |
| with: | |
| egress-policy: audit | |
| - name: Free up disk space | |
| run: | | |
| initial_space=$(df / | grep / | awk '{print $4}') | |
| docker system prune -af | |
| rm -rf /usr/share/dotnet | |
| rm -rf /opt/ghc | |
| rm -rf /usr/local/share/boost | |
| rm -rf $AGENT_TOOLSDIRECTORY | |
| rm -rf /opt/hostedtoolcache | |
| final_space=$(df / | grep / | awk '{print $4}') | |
| difference=$((final_space - initial_space)) | |
| echo "Disk space difference (in KB): $difference" | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Publish to DockerHub Registry | |
| uses: elgohr/Publish-Docker-Github-Action@1d95820b6952cab6e48a2454ff6ca9804bf65f31 # v5 | |
| with: | |
| name: flanksource/config-db | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| snapshot: true | |
| dockerfile: build/Dockerfile | |
| tags: "latest,v${{ needs.semantic-release.outputs.release-version }}" | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5 | |
| with: | |
| aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Login to Amazon ECR Public | |
| id: login-ecr-public | |
| uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2 | |
| with: | |
| registry-type: public | |
| - name: Publish to ECR Public | |
| env: | |
| REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} | |
| REGISTRY_ALIAS: k4y9r6y5 | |
| REPOSITORY: config-db | |
| IMAGE_TAG: "v${{ needs.semantic-release.outputs.release-version }}" | |
| run: | | |
| docker build -t $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG -f build/Dockerfile . | |
| docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG | |
| helm: | |
| runs-on: ubuntu-latest | |
| needs: [semantic-release, docker] | |
| if: needs.semantic-release.outputs.new-release-published == 'true' | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Set version | |
| # Always use git tags as semantic release can fail due to rate limit | |
| run: | | |
| git fetch --prune --unshallow | |
| echo "RELEASE_VERSION=$(git describe --abbrev=0 --tags | sed -e 's/^v//')" >> $GITHUB_ENV | |
| - name: Update chart version | |
| uses: mikefarah/yq@0ecdce24e83f0fa127940334be98c86b07b0c488 # v4.45.1 | |
| with: | |
| cmd: yq -i e '.version = "${{ env.RELEASE_VERSION }}"' chart/Chart.yaml | |
| - name: Update app version | |
| uses: mikefarah/yq@0ecdce24e83f0fa127940334be98c86b07b0c488 # v4.45.1 | |
| with: | |
| cmd: yq -i e '.appVersion = "${{ env.RELEASE_VERSION }}"' chart/values.yaml | |
| - name: Update image tags | |
| uses: mikefarah/yq@0ecdce24e83f0fa127940334be98c86b07b0c488 # v4.45.1 | |
| with: | |
| cmd: yq -i e '.image.tag = "v${{ env.RELEASE_VERSION }}"' chart/values.yaml | |
| - name: Set up Helm | |
| uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 | |
| with: | |
| version: v3.8.0 | |
| - name: Package Helm chart | |
| run: | | |
| helm package ./chart | |
| - name: Clone charts repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| repository: "${{ github.repository_owner }}/charts" | |
| path: charts | |
| token: "${{ secrets.FLANKBOT }}" | |
| - name: Update chart repo | |
| run: | | |
| cd charts | |
| cp ../config-db-*.tgz ./ | |
| helm repo index --merge index.yaml . | |
| - name: Push changes to chart repo | |
| uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0 | |
| with: | |
| commit_message: "Release ${{ needs.semantic-release.outputs.release-version }} of ${{ github.repository }}" | |
| branch: gh-pages | |
| repository: ./charts | |
| update-incident-commander: | |
| runs-on: ubuntu-latest | |
| needs: [helm, semantic-release] | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| repository: "${{ github.repository_owner }}/incident-commander-chart" | |
| token: ${{ secrets.FLANKBOT }} | |
| path: ./incident-commander-chart | |
| - name: Update config-db version in chart/Chart.yaml | |
| uses: mikefarah/yq@0ecdce24e83f0fa127940334be98c86b07b0c488 # v4.45.1 | |
| with: | |
| cmd: yq eval-all -i '(.dependencies[] | select(.name == "config-db")) ref $d | $d.version = "${{ needs.semantic-release.outputs.release-version }}"' incident-commander-chart/chart/Chart.yaml | |
| - name: Update config-db version in agent-chart/Chart.yaml | |
| uses: mikefarah/yq@0ecdce24e83f0fa127940334be98c86b07b0c488 # v4.45.1 | |
| with: | |
| cmd: yq eval-all -i '(.dependencies[] | select(.name == "config-db")) ref $d | $d.version = "${{ needs.semantic-release.outputs.release-version }}"' incident-commander-chart/agent-chart/Chart.yaml | |
| - name: Push changes to chart repo | |
| uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0 | |
| with: | |
| commit_message: "chore: update config-db chart dependency to ${{ needs.semantic-release.outputs.release-version }}" | |
| repository: ./incident-commander-chart |