fix: update list plugins #433
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will build a golang project | |
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go | |
| name: Go | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| buildDex: | |
| type: choice | |
| description: "build dex image" | |
| options: | |
| - "true" | |
| - "false" | |
| default: "false" | |
| buildPostgres: | |
| type: choice | |
| description: "build postgres images " | |
| options: | |
| - "true" | |
| - "false" | |
| default: "false" | |
| servicesList: | |
| type: string | |
| description: "List of services to build" | |
| required: false | |
| default: "all" | |
| deployTo: | |
| type: choice | |
| description: "Environment to deploy to" | |
| options: | |
| - "dev" | |
| - "prod" | |
| default: "dev" | |
| push: | |
| branches: ["main","dev"] | |
| pull_request: | |
| branches: ["main","dev"] | |
| jobs: | |
| tag: | |
| runs-on: ubuntu-latest | |
| environment: golang | |
| outputs: | |
| latest_tag: ${{ steps.set_latest_tag.outputs.latest_tag }} | |
| if: github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') && ( ! contains(github.event.head_commit.message, 'ui-changes') ) | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Tag version | |
| id: tag_version | |
| uses: mathieudutour/github-tag-action@v6.1 | |
| with: | |
| github_token: ${{ secrets.GH_ACCESS_TOKEN }} | |
| fetch_all_tags: true | |
| release_branches: main | |
| tag_prefix: v | |
| - name: Set latest tag output | |
| id: set_latest_tag | |
| run: | | |
| if [[ -z "${{ steps.tag_version.outputs.new_tag }}" ]]; then | |
| echo "latest_tag=${{ steps.tag_version.outputs.previous_tag }}" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "latest_tag=${{ steps.tag_version.outputs.new_tag }}" >> "$GITHUB_OUTPUT" | |
| fi | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - tag | |
| environment: golang | |
| outputs: | |
| cloudql-service: ${{ steps.build_services.outputs.cloudql-service }} | |
| auth-service: ${{ steps.build_services.outputs.auth-service }} | |
| checkup-job: ${{ steps.build_services.outputs.checkup-job }} | |
| compliance-report-job: ${{ steps.build_services.outputs.compliance-report-job }} | |
| compliance-service: ${{ steps.build_services.outputs.compliance-service }} | |
| compliance-summarizer-job: ${{ steps.build_services.outputs.compliance-summarizer-job }} | |
| scheduler-service: ${{ steps.build_services.outputs.scheduler-service }} | |
| core-service: ${{ steps.build_services.outputs.core-service }} | |
| post-install-job: ${{ steps.build_services.outputs.post-install-job }} | |
| swagger-ui: ${{ steps.build_services.outputs.swagger-ui }} | |
| cloudql: ${{ steps.build_services.outputs.cloudql }} | |
| integration-service: ${{ steps.build_services.outputs.integration-service }} | |
| es-sink-service: ${{ steps.build_services.outputs.es-sink-service }} | |
| query-runner-job: ${{ steps.build_services.outputs.query-runner-job }} | |
| query-validator-job: ${{ steps.build_services.outputs.query-validator-job }} | |
| cloudql-init-job: ${{ steps.build_services.outputs.cloudql-init-job }} | |
| task-service: ${{ steps.build_services.outputs.task-service }} | |
| rego-service: ${{ steps.build_services.outputs.rego-service }} | |
| env: | |
| SERVICE_LIST: ${{ github.event.inputs.servicesList }} | |
| GH_ACCESS_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }} | |
| steps: | |
| - name: Install musl cc | |
| uses: awalsh128/cache-apt-pkgs-action@v1.4.3 | |
| with: | |
| packages: musl-tools musl-dev musl | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 5 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: "./go.mod" | |
| cache: false | |
| - name: Go Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Configure Git | |
| run: git config --global url.https://$GH_ACCESS_TOKEN@github.com/opengovern.insteadOf https://github.com/opengovern | |
| - name: Build services | |
| id: build_services | |
| run: | | |
| set -x | |
| ./scripts/list_services > ./service-list | |
| cat ./service-list | |
| cat ./service-list | sed 's/\s\+/\n/g' | sed 's/^\<steampipe\>$//g' | sed '/^$/d' > ./build_services | |
| cat ./build_services | |
| mkdir -p ./build | |
| if [ ! -z "$(cat ./build_services)" ]; then | |
| for f in $(cat ./build_services); do | |
| CC=/usr/bin/musl-gcc GOPRIVATE="github.com/opengovern" GOOS=linux GOARCH=amd64 go build -v -ldflags "-linkmode external -extldflags '-static' -s -w" -tags musl -o ./build/ ./cmd/$f; | |
| done | |
| chmod +x ./build/* | |
| fi | |
| for f in $(cat ./service-list); do echo "$f=true" >> "$GITHUB_OUTPUT"; done | |
| - name: Pack build | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| tar -czvf build.tar.gz build | |
| - name: Upload artifact | |
| if: github.event_name != 'pull_request' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build | |
| path: build.tar.gz | |
| retention-days: 1 | |
| deploy-cloudql: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-cloudql-base | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.cloudql == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/cloudql-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/CloudQLServiceDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-cloudql-base: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-cloudql-plugin | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: (needs.build.outputs.cloudql == 'true' || needs.build.outputs.steampipe == 'true') && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/cloudql-plugin-base:0.0.1 | |
| ghcr.io/${{ github.repository_owner }}/cloudql-plugin-base:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/CloudQLBaseDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-auth-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.auth-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/auth-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/AuthServiceDockerfile | |
| context: . | |
| deploy-task-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.task-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/task-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/TaskServiceDockerfile | |
| context: . | |
| deploy-cloudql-init-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.cloudql-init-job == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/cloudql-init-job:0.0.1 | |
| ghcr.io/${{ github.repository_owner }}/cloudql-init-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/CloudQLInitJobDockerfile | |
| context: . | |
| deploy-checkup-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.checkup-job == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/checkup-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/CheckupJobDockerfile | |
| context: . | |
| deploy-compliance-report-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-cloudql-plugin | |
| - deploy-cloudql | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: (needs.build.outputs.cloudql == 'true' || needs.build.outputs.compliance-report-job == 'true') && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/compliance-report-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/ComplianceReportJobDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| # deploy-rego-service: | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - build | |
| # - tag | |
| # - deploy-cloudql-plugin | |
| # - deploy-cloudql | |
| # permissions: | |
| # id-token: write | |
| # contents: read | |
| # environment: docker | |
| # if: (needs.build.outputs.cloudql == 'true' || needs.build.outputs.rego-service == 'true') && github.event_name != 'pull_request' | |
| # steps: | |
| # - name: Checkout code | |
| # uses: actions/checkout@v4 | |
| # - name: Download artifact | |
| # uses: actions/download-artifact@v4 | |
| # with: | |
| # name: build | |
| # path: . | |
| # - name: Unpack artifact | |
| # run: | | |
| # tar -xvf build.tar.gz | |
| # - name: Log in to the Container registry | |
| # uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| # with: | |
| # registry: ghcr.io | |
| # username: ${{ github.actor }} | |
| # password: ${{ secrets.GHCR_PAT }} | |
| # - name: Build and push Docker images | |
| # uses: docker/build-push-action@v4 | |
| # with: | |
| # push: true | |
| # tags: | | |
| # ghcr.io/${{ github.repository_owner }}/rego-service:${{ needs.tag.outputs.latest_tag }} | |
| # file: docker/RegoServiceDockerfile | |
| # build-args: | | |
| # PLUGIN_REGISTRY=ghcr.io/opengovern | |
| # context: . | |
| deploy-compliance-summarizer-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.compliance-summarizer-job == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/compliance-summarizer-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/ComplianceSummarizerJobDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-compliance-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.compliance-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/compliance-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/ComplianceServiceDockerfile | |
| context: . | |
| deploy-scheduler-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.scheduler-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/scheduler-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/SchedulerServiceDockerfile | |
| context: . | |
| deploy-integration-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.integration-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/integration:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/IntegrationServiceDockerfile | |
| context: . | |
| deploy-es-sink-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.es-sink-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/es-sink:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/EsSinkServiceDockerfile | |
| context: . | |
| deploy-core-service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.core-service == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/core-service:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/CoreServiceDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-post-install-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.post-install-job == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/post-install-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/PostInstallJobDockerfile | |
| context: . | |
| deploy-swagger-ui: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.swagger-ui == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/swagger-ui:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/SwaggerUIDockerfile | |
| context: . | |
| deploy-cloudql-plugin: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: (needs.build.outputs.cloudql == 'true' || | |
| needs.build.outputs.cloudql-service == 'true' || | |
| needs.build.outputs.compliance-report-job == 'true') && github.event_name != 'pull_request' | |
| steps: | |
| - name: Check if we need to actually push | |
| id: check_if_push | |
| run: | | |
| if [[ -z "${{ needs.build.outputs.cloudql }}" ]]; then | |
| echo "do_build=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "do_build=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Checkout code | |
| if: steps.check_if_push.outputs.do_build == 'true' | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| if: steps.check_if_push.outputs.do_build == 'true' | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| if: steps.check_if_push.outputs.do_build == 'true' | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| if: steps.check_if_push.outputs.do_build == 'true' | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/cloudql:0.0.1 | |
| ghcr.io/${{ github.repository_owner }}/cloudql:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/CloudQLDockerfile | |
| context: . | |
| deploy-query-runner-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-cloudql-plugin | |
| - deploy-cloudql | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.query-runner-job == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/query-runner-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/QueryRunnerJobDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-query-validator-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-cloudql-plugin | |
| - deploy-cloudql | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.query-validator-job == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/query-validator-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/QueryValidatorJobDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-audit-job: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - tag | |
| - deploy-cloudql-plugin | |
| - deploy-cloudql | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| if: needs.build.outputs.query-validator-job == 'true' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build | |
| path: . | |
| - name: Unpack artifact | |
| run: | | |
| tar -xvf build.tar.gz | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/audit-job:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/AuditJobDockerfile | |
| build-args: | | |
| PLUGIN_REGISTRY=ghcr.io/opengovern | |
| context: . | |
| deploy-dex-login: | |
| runs-on: ubuntu-latest | |
| if: github.event.inputs.buildDex == 'true' | |
| needs: | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/dex-login:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/DexLoginDockerfile | |
| context: . | |
| deploy-postgres: | |
| runs-on: ubuntu-latest | |
| if: github.event.inputs.buildPostgres == 'true' | |
| needs: | |
| - tag | |
| permissions: | |
| id-token: write | |
| contents: read | |
| environment: docker | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository_owner }}/postgres:${{ needs.tag.outputs.latest_tag }} | |
| file: docker/PostgresDockerfile | |
| context: . |