release: chore - add new release workflow using magefiles

Signed-off-by: Ian Cardoso <ian.cardoso@zup.com.br>

Author: iancardosozup

.github/workflows/new-release.yml

@@ -85,13 +85,13 @@ jobs:
           HORUSEC_REPOSITORY_NAME: ${{ github.event.repository.name }}
 
       - name: Checkout release candidate branch
-        run: cd deployments/mage/ && mage -v checkoutReleaseBranch ${{ steps.updated-version.outputs.releaseVersion }}
+        run: cd deployments/mage/ && mage -v checkoutReleaseBranch ${{ steps.updated-version.outputs.nextReleaseBranchName }}
 
       - name: Update versions on package.json
-        run: cd deployments/mage/ && mage -v updatePackageJson ${{ steps.updated-version.outputs.strippedVersion }}
+        run: cd deployments/mage/ && mage -v updatePackageJson ${{ steps.updated-version.outputs.nextReleaseVersionStripped }}
 
       - name: Update versions on rest of the project
-        run:  cd deployments/mage/ && mage -v updateHorusecVersionInProject ${{ steps.updated-version.outputs.actualVersion }} ${{ steps.updated-version.outputs.releaseVersion }}  |
+        run:  cd deployments/mage/ && mage -v updateHorusecVersionInProject ${{ steps.updated-version.outputs.actualReleaseVersion }} ${{ steps.updated-version.outputs.nextReleaseVersion }}  |
 
       - name: Commit changes
         uses: EndBug/add-and-commit@v7.4.0
@@ -103,7 +103,7 @@ jobs:
           committer_name: Horusec
           committer_email: horusec@zup.com.br
       - name: Create local tag
-        run: cd deployments/mage/ && mage -v createLocalTag ${{ steps.updated-version.outputs.releaseVersion }}
+        run: cd deployments/mage/ && mage -v createLocalTag ${{ steps.updated-version.outputs.nextReleaseVersion }}
 
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
@@ -115,16 +115,16 @@ jobs:
           COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
-          GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.releaseVersion }}
+          GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.nextReleaseVersion }}
 
       - name: "Docker meta"
         uses: docker/metadata-action@v3
         id: meta
         env:
-          RELEASE_VERSION: ${{ steps.updated-version.outputs.version }}
+          RELEASE_VERSION: ${{ steps.updated-version.outputs.nextReleaseVersion }}
         with:
           images: |
-            horuszup/horusec-manager
+            osodracnai/horusec-manager
           tags: |
             type=semver,prefix=v,pattern={{version}},value=${{ env.RELEASE_VERSION }}
             type=semver,prefix=v,pattern={{major}}.{{minor}},value=${{ env.RELEASE_VERSION }}
@@ -140,7 +140,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
       - name: Sign image
         run: |
-          cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-manager:latest
+          cosign sign -key $COSIGN_KEY_LOCATION osodracnai/horusec-manager:latest
         env:
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
 
@@ -153,19 +153,15 @@ jobs:
         id: cherry-pick
         run: |
           mage CherryPick
-      - name: Push updates
-        run: cd deployments/mage/ && mage -v gitPushAll
-
-
       # This step utilizes an action to create a pull request with the branch that was cherry picked on the last step
       # into the main branch. As the last commit, this also needs to run only when the release workflow is started from a
       # branch that isn't the main branch. Others workflows should be skipped cause of the skip ci in the pull request title.
       - name: Create Pull Request
         if: github.ref != 'refs/heads/main'
         uses: repo-sync/pull-request@v2
         with:
-          source_branch: "${{ steps.cherry-pick.outputs.branchName }}"
+          source_branch: "${{ steps.cherry-pick.outputs.cherryPickBranchName }}"
           destination_branch: "main"
           pr_title: "versioning:release - [skip ci] automatic pull request updating versioning files"
-          pr_body: "This is a automatic pull request that contains changes to files that need to be updated with the new release version. Where the commit ${{ steps.cherry-pick.outputs.commitSha }} was cherry picked from the release branch, which already contains all the necessary changes."
+          pr_body: "This is a automatic pull request that contains changes to files that need to be updated with the new release version. Where the commit ${{ steps.cherry-pick.outputs.commitShaToPick }} was cherry picked from the release branch, which already contains all the necessary changes."
           github_token: ${{ secrets.HORUSEC_PUSH_TOKEN }}

.github/workflows/release-beta.yml

@@ -0,0 +1,151 @@
+# Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: release-beta
+
+on:
+  workflow_dispatch:
+    inputs:
+      releaseType:
+        description: 'Release type: M (Major); m (Minor); p (Path)'
+        required: true
+
+permissions: read-all
+jobs:
+  beta:
+    permissions:
+      contents: write
+      packages: write
+    env:
+      COSIGN_KEY_LOCATION: /tmp/cosign.key
+      COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Set up nodejs
+        uses: actions/setup-node@v2
+        with:
+          node-version: 12
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.17
+
+      - name: Docker Login
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Cosign Installer
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v1.2.0'
+
+      - name: Install Mage
+        run: |
+          cd deployments/mage/ && go run mage.go -compile ../../mage
+
+      - name: Git config
+        run: |
+          ./mage -v defaultGitConfig
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v4
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+
+      - name: Install cosign private key
+        run: |
+          ./mage -v writeCosignKeyToFile
+        env:
+          COSIGN_KEY: ${{secrets.COSIGN_KEY}}
+
+      - name: Version increment
+        id: updated-version
+        run: |
+          ./mage -v upVersions ${{ github.event.inputs.releaseType }}
+        env:
+          HORUSEC_REPOSITORY_ORG: ${{ github.repository_owner }}
+          HORUSEC_REPOSITORY_NAME: ${{ github.event.repository.name }}
+
+      - name: Checkout release candidate branch
+        run: |
+          ./mage -v checkoutReleaseBranch ${{ steps.updated-version.outputs.nextReleaseBranchName }}
+
+      - name: Create local tag
+        run: |
+          ./mage -v createLocalTag ${{ steps.updated-version.outputs.nextBetaVersion }}
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --rm-dist --skip-publish
+        env:
+          COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
+          GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.nextBetaVersion }}
+
+      - name: Push go projects to dockerhub
+        run: |
+          ./mage -v dockerPushPlatformGoProjects ${{ steps.updated-version.outputs.nextBetaVersion }}
+
+      - name: Sign go projects in dockerhub
+        env:
+          COSIGN_KEY: ${{secrets.COSIGN_KEY}}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
+        run: |
+          ./mage -v dockerSignPlatformGoProjects ${{ steps.updated-version.outputs.nextBetaVersion }}
+
+      - name: "Docker meta"
+        uses: docker/metadata-action@v3
+        id: meta
+        env:
+          RELEASE_VERSION: ${{ steps.updated-version.outputs.nextBetaVersion }}
+        with:
+          images: |
+            osodracnai/horusec-manager
+          tags: |
+            type=semver,prefix=v,pattern={{version}},value=${{ env.RELEASE_VERSION }}
+            type=semver,prefix=v,pattern={{major}}.{{minor}},value=${{ env.RELEASE_VERSION }}
+            type=semver,prefix=v,pattern={{major}},value=${{ env.RELEASE_VERSION }}
+
+      - name: "Build and push manager"
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          context: ./manager
+          file: ./manager/deployments/dockerfiles/Dockerfile
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Sign image
+        run: |
+          cosign sign -key $COSIGN_KEY_LOCATION osodracnai/horusec-manager:${{ steps.updated-version.outputs.nextBetaVersion }}
+        env:
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
+
+      - name: Push updates
+        run: |
+          ./mage -v gitPushAll

.github/workflows/release-rc.yml

@@ -58,10 +58,12 @@ jobs:
           cosign-release: 'v1.2.0'
 
       - name: Install Mage
-        run: go install github.com/magefile/mage@07afc7d24f4d6d6442305d49552f04fbda5ccb3e
+        run: |
+          cd deployments/mage/ && go run mage.go -compile ../../mage
 
       - name: Git config
-        run: cd deployments/mage/ && mage -v defaultGitConfig
+        run: |
+          ./mage -v defaultGitConfig
 
       - name: Import GPG key
         uses: crazy-max/ghaction-import-gpg@v4
@@ -72,59 +74,58 @@ jobs:
           git_commit_gpgsign: true
 
       - name: Install cosign private key
-        run: cd deployments/mage/ && mage -v writeCosignKeyToFile
+        run: |
+          ./mage -v writeCosignKeyToFile
         env:
           COSIGN_KEY: ${{secrets.COSIGN_KEY}}
 
       - name: Version increment
         id: updated-version
         run: |
-          cd deployments/mage/ && mage -v upVersions ${{ github.event.inputs.releaseType }}
+          ./mage -v upVersions ${{ github.event.inputs.releaseType }}
         env:
           HORUSEC_REPOSITORY_ORG: ${{ github.repository_owner }}
           HORUSEC_REPOSITORY_NAME: ${{ github.event.repository.name }}
 
       - name: Checkout release candidate branch
-        run: cd deployments/mage/ && mage -v checkoutRcBranch ${{ steps.updated-version.outputs.rcVersion }}
-
-#      - name: Update versions on package.json
-#        run: cd deployments/mage/ && mage -v updatePackageJson ${{ steps.updated-version.outputs.strippedVersion }}
-
-#      - name: Update versions on rest of the project
-#        run:  cd deployments/mage/ && mage -v updateHorusecVersionInProject ${{ steps.updated-version.outputs.actualVersion }} ${{ steps.updated-version.outputs.rcVersion }}  |
-
-#      - name: Commit changes
-#        uses: EndBug/add-and-commit@v7.4.0
-#        with:
-#          push: false
-#          signoff: true
-#          author_name: Horusec
-#          author_email: horusec@zup.com.br
-#          committer_name: Horusec
-#          committer_email: horusec@zup.com.br
+        run: |
+          ./mage -v checkoutReleaseBranch ${{ steps.updated-version.outputs.nextReleaseBranchName }}
+
       - name: Create local tag
-        run: cd deployments/mage/ && mage -v createLocalTag ${{ steps.updated-version.outputs.rcVersion }}
+        run: |
+          ./mage -v createLocalTag ${{ steps.updated-version.outputs.nextRcVersion }}
 
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:
           distribution: goreleaser
           version: latest
-          args: release --rm-dist
+          args: release --rm-dist --skip-publish
         env:
           COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
-          GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.rcVersion }}
+          GORELEASER_CURRENT_TAG: ${{ steps.updated-version.outputs.nextRcVersion }}
+
+      - name: Push go projects to dockerhub
+        run: |
+          ./mage -v dockerPushPlatformGoProjects ${{ steps.updated-version.outputs.nextRcVersion }}
+
+      - name: Sign go projects in dockerhub
+        env:
+          COSIGN_KEY: ${{secrets.COSIGN_KEY}}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
+        run: |
+          ./mage -v dockerSignPlatformGoProjects ${{ steps.updated-version.outputs.nextRcVersion }}
 
       - name: "Docker meta"
         uses: docker/metadata-action@v3
         id: meta
         env:
-          RELEASE_VERSION: ${{ steps.updated-version.outputs.version }}
+          RELEASE_VERSION: ${{ steps.updated-version.outputs.nextRcVersion }}
         with:
           images: |
-            horuszup/horusec-manager
+            osodracnai/horusec-manager
           tags: |
             type=semver,prefix=v,pattern={{version}},value=${{ env.RELEASE_VERSION }}
             type=semver,prefix=v,pattern={{major}}.{{minor}},value=${{ env.RELEASE_VERSION }}
@@ -138,34 +139,13 @@ jobs:
           file: ./manager/deployments/dockerfiles/Dockerfile
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+
       - name: Sign image
         run: |
-          cosign sign -key $COSIGN_KEY_LOCATION horuszup/horusec-manager:latest
+          cosign sign -key $COSIGN_KEY_LOCATION osodracnai/horusec-manager:${{ steps.updated-version.outputs.nextRcVersion }}
         env:
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
 
-#      # This step gets the sha of last commit made, witch is the updating versioning files commit, after that creates a
-#      # branch from the origin main and cherry pick this commit on it. This process need to occur only when the release
-#      # workflow is started from a branch that isn't the main branch, for example a release branch.
-#      # When the workflow it's triggered to run on main, the commit it's going to be made directly to the main branch.
-#      - name: Cherry pick
-#        if: github.ref != 'refs/heads/main'
-#        id: cherry-pick
-#        run: |
-#          mage CherryPick
-#      - name: Push updates
-#        run: cd deployments/mage/ && mage -v gitPushAll
-#
-#
-#      # This step utilizes an action to create a pull request with the branch that was cherry picked on the last step
-#      # into the main branch. As the last commit, this also needs to run only when the release workflow is started from a
-#      # branch that isn't the main branch. Others workflows should be skipped cause of the skip ci in the pull request title.
-#      - name: Create Pull Request
-#        if: github.ref != 'refs/heads/main'
-#        uses: repo-sync/pull-request@v2
-#        with:
-#          source_branch: "${{ steps.cherry-pick.outputs.branchName }}"
-#          destination_branch: "main"
-#          pr_title: "versioning:release - [skip ci] automatic pull request updating versioning files"
-#          pr_body: "This is a automatic pull request that contains changes to files that need to be updated with the new release version. Where the commit ${{ steps.cherry-pick.outputs.commitSha }} was cherry picked from the release branch, which already contains all the necessary changes."
-#          github_token: ${{ secrets.HORUSEC_PUSH_TOKEN }}
+      - name: Push updates
+        run: |
+          ./mage -v gitPushAll

.gitignore

@@ -20,3 +20,4 @@ vendor
 **/e2e/cypress/src/screenshots/**
 **/e2e/cypress/src/videos/**
 dist/
+mage