upgrade ndc-http v0.9.1 #17
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release container definition | |
| on: | |
| push: | |
| tags: | |
| - "*" | |
| env: | |
| DOCKER_REGISTRY: ghcr.io | |
| DOCKER_IMAGE_NAME: hasura/ndc-stripe | |
| jobs: | |
| tests: | |
| uses: ./.github/workflows/test.yaml | |
| release-image: | |
| name: Release ndc-stripe image | |
| runs-on: ubuntu-latest | |
| needs: [tests] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up containerd | |
| uses: crazy-max/ghaction-setup-containerd@v3 | |
| - name: Fix containerd socket permissions | |
| run: | | |
| sudo chgrp docker /run/containerd/containerd.sock | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.DOCKER_REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get version from tag | |
| id: get-version | |
| run: | | |
| if [[ "$GITHUB_REF_TYPE" == 'tag' ]]; then | |
| echo "tagged_version=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT | |
| else | |
| echo "tagged_version=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT | |
| fi | |
| shell: bash | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: docker-metadata | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE_NAME }} | |
| - name: Build image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: false | |
| tags: ${{ steps.docker-metadata.outputs.tags }} | |
| labels: ${{ steps.docker-metadata.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64 | |
| # Export the image to a tar so it can be imported into containerd so gokakashi can scan it | |
| outputs: type=oci,dest=/tmp/image.tar | |
| - name: Import docker image into containerd store | |
| run: | | |
| ctr images import --base-name ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE_NAME }} --digests --all-platforms /tmp/image.tar | |
| - name: Get first docker tag for gokakashi | |
| id: first-docker-tag | |
| run: | | |
| FIRST_TAG=$(echo "${{ steps.docker-metadata.outputs.tags }}" | head -n 1) | |
| echo "First docker tag: $FIRST_TAG" | |
| echo "tag=$FIRST_TAG" >> $GITHUB_OUTPUT | |
| - name: Scan docker image with gokakashi | |
| uses: shinobistack/gokakashi-action@v0.1.1 | |
| with: | |
| image: ${{ steps.first-docker-tag.outputs.tag }} | |
| labels: agentKey=${{ github.run_id }} | |
| policy: ci-platform | |
| server: https://gokakashi-server.hasura-app.io | |
| token: ${{ secrets.GOKAKASHI_API_TOKEN }} | |
| cf_client_id: ${{ secrets.CF_ACCESS_CLIENT_ID }} | |
| cf_client_secret: ${{ secrets.CF_ACCESS_CLIENT_SECRET }} | |
| interval: 10 | |
| retries: 8 | |
| - name: Upload Trivy report as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: trivy-report | |
| path: /tmp/trivy-report-*.json | |
| - name: Push image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| tags: ${{ steps.docker-metadata.outputs.tags }} | |
| labels: ${{ steps.docker-metadata.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64 | |
| - name: Build connector definition | |
| run: | | |
| ./scripts/build-manifest.sh | |
| env: | |
| VERSION: ${{ steps.get-version.outputs.tagged_version }} | |
| - name: create a draft release | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| draft: true | |
| tag: ${{ steps.get-version.outputs.tagged_version }} | |
| artifacts: release/* |