-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtaskfile.yaml
More file actions
executable file
·95 lines (83 loc) · 2.52 KB
/
taskfile.yaml
File metadata and controls
executable file
·95 lines (83 loc) · 2.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
version: "3"
vars:
owner: "taha2samy"
registry: "ghcr.io"
repo_of_registry: "java"
repo_of_code: "openjdk"
repo_url: "https://github.com/{{.owner}}/{{.repo_of_code}}"
includes:
scan-compliance: tasks/Taskfile.scan-compliance.yml
gh: tasks/taskfile.github.yml
docs: tasks/Taskfile.doc.yml
output:
group:
begin: '::group::{{.TASK}}'
end: '::endgroup::'
tasks:
pin-workflow:
desc: "Pin GitHub Actions workflow versions to SHAs"
cmds:
- pipenv run python scripts/github_action_ver_to_sha.py
silent: true
sync:
desc: "Fetch and resolve all dependencies (Java, Images, Packages) and update context.json"
cmds:
- pipenv run python scripts/resolve_dependencies.py
silent: true
render:
desc: "Generate unified Dockerfiles and security configurations from templates"
cmds:
- pipenv run python render.py
silent: true
build:
desc: "Build all docker images using the generated versions"
cmds:
- docker buildx bake
silent: false
check-java:
desc: "Test Adoptium API metadata fetching"
cmds:
- pipenv run python scripts/java_fetcher.py
silent: true
check-wolfi:
desc: "Test Wolfi OS package version resolving"
cmds:
- pipenv run python scripts/package_fetcher.py
silent: true
check-images:
desc: "Test Docker image digest resolution"
cmds:
- pipenv run python scripts/image_fetcher.py
silent: true
workflow:
desc: "Execute full automation pipeline: Resolve then Render"
cmds:
- task: resolve
- task: render
generate-report:
desc: "Generate a JSON report with the image digests for a specific version"
vars:
VERSION: '{{.VERSION | default "unknown"}}'
JDK_SHA: '{{.JDK_SHA | default "null"}}'
JRE_SHA: '{{.JRE_SHA | default "null"}}'
DISTRO_SHA: '{{.DISTRO_SHA | default "null"}}'
cmds:
- mkdir -p reports/{{.VERSION}}
- sudo apt install jq -y
- |
jq -n \
--arg version "{{.VERSION}}" \
--arg jdk "{{.JDK_SHA}}" \
--arg jre "{{.JRE_SHA}}" \
--arg distro "{{.DISTRO_SHA}}" \
'{
"java_version": $version,
"build_timestamp": (now | strflocaltime("%Y-%m-%dT%H:%M:%SZ")),
"digests": {
"jdk": $jdk,
"jre": $jre,
"distroless": $distro
}
}' > reports/{{.VERSION}}/main-{{.VERSION}}.json
- echo "✅ Report generated at reports/{{.VERSION}}/main-{{.VERSION}}.json"
silent: true