v11.35.0 #150
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Build & Release mondoo Meta-Package" | |
on: | |
release: | |
types: [released] | |
workflow_dispatch: | |
inputs: | |
version: | |
description: 'Version that should be released' | |
required: true | |
default: '1.2.3' | |
jobs: | |
build-mondoo-payloads: | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.version.outputs.version }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Version from Workflow Dispatch | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV | |
- name: Version from Release Tag | |
if: github.event_name == 'release' | |
run: | | |
echo "VERSION=${{ github.event.release.tag_name }}" >> $GITHUB_ENV | |
- name: Unify and Validate Version | |
id: version | |
run: | | |
VERSION=$(echo $VERSION | sed 's/^v//') | |
if [[ ! $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
echo "Invalid version: $VERSION" | |
exit 1 | |
fi | |
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | |
echo "VERSION=$VERSION" >> $GITHUB_ENV | |
- name: Create destination folder | |
run: | | |
cd helper | |
mkdir packages | |
- name: Install RPM tools | |
run: | | |
sudo apt update && sudo apt install -y rpm gpg | |
- name: Authenticate with GCloud | |
uses: 'google-github-actions/auth@v2' | |
with: | |
credentials_json: '${{ secrets.GCP_CREDENTIALS }}' | |
- name: Setup GCloud SDK | |
uses: 'google-github-actions/setup-gcloud@v2' | |
- name: Download Signing Keys | |
env: | |
KEY_PATH: ${{ runner.temp }} | |
run: | | |
gcloud --project=mondoo-base-infra secrets versions access latest --secret=gpg-package-signing-cert-public-2023 --out-file=${KEY_PATH}/public.gpg | |
gpg --import ${KEY_PATH}/public.gpg | |
gcloud --project=mondoo-base-infra secrets versions access latest --secret=gpg-package-signing-cert-private-2023 --out-file=${KEY_PATH}/private.gpg | |
gpg --import --allow-secret-key-import ${KEY_PATH}/private.gpg | |
- name: Check GPG Keys | |
run: | | |
gpg --list-keys | |
gpg --list-secret-keys | |
- name: Build Packages | |
run: | | |
cd helper && make | |
- name: Sign RPMs | |
run: | | |
cd helper/ | |
rpmsign --define='%_gpg_name Mondoo Inc' --addsign ./packages/*rpm | |
- name: Generate Checksums | |
run: | | |
cd helper/packages | |
sha256sum *linux* > checksums.linux.txt | |
- name: Upload files to releases.mondoo.com | |
run: | | |
gsutil cp -r helper/packages/* gs://releases-us.mondoo.io/mondoo/${VERSION}/ | |
- name: Upload files to GitHub Release Page | |
uses: softprops/action-gh-release@v2 | |
with: | |
tag_name: v${{ steps.version.outputs.version }} | |
files: helper/packages/* | |
- name: Reindex folder on releaser.mondoo.com | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ secrets.REPO_API_TOKEN }} | |
repository: "mondoohq/releasr" | |
event-type: reindex | |
client-payload: '{ | |
"reindex-path": "mondoo/${{ steps.version.outputs.version }}", | |
"bucket": "releases-us.mondoo.io" | |
}' | |
- name: Create Artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: mondoo-${{ steps.version.outputs.version }} | |
path: helper/packages/ | |
retention-days: 7 | |
update-downstream: | |
runs-on: ubuntu-latest | |
needs: build-mondoo-payloads | |
## Matrix task, repeats steps for each repo | |
strategy: | |
matrix: | |
repo: ["mondoohq/repobuilder"] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Repository Dispatch (Workflow Dispatch) | |
uses: peter-evans/repository-dispatch@v3 | |
if: github.event_name == 'workflow_dispatch' | |
with: | |
token: ${{ secrets.REPO_API_TOKEN }} | |
repository: ${{ matrix.repo }} | |
event-type: update | |
client-payload: '{"version": "${{ needs.build-mondoo-payloads.outputs.version }}"}' | |
- name: Repository Dispatch (Release) | |
uses: peter-evans/repository-dispatch@v3 | |
if: github.event_name == 'release' | |
with: | |
token: ${{ secrets.REPO_API_TOKEN }} | |
repository: ${{ matrix.repo }} | |
event-type: update | |
client-payload: '{"version": "${{ needs.build-mondoo-payloads.outputs.version }}"}' |