-
Notifications
You must be signed in to change notification settings - Fork 67
97 lines (89 loc) · 3.46 KB
/
_build+publish-pds-solution.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# SPDX-License-Identifier: MIT
name: Build and publish one single PDS solution
on:
workflow_dispatch:
inputs:
pds-solution:
description: pds solution to build (e.g. gosec ; see sechub-pds-solutions/)
required: true
pds-version:
description: pds-base version to use (e.g. 1.0.0)
required: true
workflow_call:
inputs:
pds-solution:
required: true
type: string
pds-version:
required: true
type: string
permissions:
packages: write
env:
ACTIONS_SECHUB_REGISTRY: ghcr.io/mercedes-benz/sechub
ACTIONS_HELM_REGISTRY: "oci://ghcr.io/mercedes-benz/sechub/helm-charts"
jobs:
build-pds-solution:
name: Build and publish pds-${{ inputs.pds-solution }}
runs-on: ubuntu-latest
steps:
- name: "Show Inputs"
run: |
echo "pds-solution '${{ inputs.pds-solution }}'"
echo "pds-version '${{ inputs.pds-version }}'"
- name: Checkout git repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Docker login to ghcr.io
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
# Build pds solution container image + push to ghcr
- name: Build pds-${{ inputs.pds-solution }} container image + push to ghcr
shell: bash
run: |
PDS_SOLUTION="${{ inputs.pds-solution }}"
PDS_VERSION="${{ inputs.pds-version }}"
if [ ! -d "sechub-pds-solutions/$PDS_SOLUTION" ] ; then
echo "Fatal: No directory named \"$PDS_SOLUTION\" found in sechub-pds-solutions/"
exit 1
fi
cd "sechub-pds-solutions/${PDS_SOLUTION}"
test -f ./env && source ./env
export CHECKMARX_WRAPPER_VERSION
export CLOC_VERSION
export FINDSECURITYBUGS_VERSION
export SPOTBUGS_VERSION
export GITLEAKS_VERSION
export GOSEC_VERSION
export KICS_VERSION
export OWASPZAP_VERSION
export OWASPZAP_SHA256SUM
export OWASPZAP_WRAPPER_VERSION
export PREPARE_WRAPPER_VERSION
export PMD_VERSION
export SCANCODE_VERSION
export SECRETVALIDATION_WRAPPER_VERSION
export SPDX_TOOL_VERSION
export TERN_VERSION
export XRAY_WRAPPER_VERSION
export DOCKER_REGISTRY="${ACTIONS_SECHUB_REGISTRY}/pds-${PDS_SOLUTION}"
export VERSION_TAG=`./09-compute-image-tag.sh ${PDS_VERSION}`
export BASE_IMAGE="${ACTIONS_SECHUB_REGISTRY}/pds-base:${PDS_VERSION}"
echo "# Building image $DOCKER_REGISTRY:$VERSION_TAG from $BASE_IMAGE"
./10-create-image.sh "$DOCKER_REGISTRY" "$VERSION_TAG" "$BASE_IMAGE"
./20-push-image.sh "$DOCKER_REGISTRY" "$VERSION_TAG" yes
- name: Build pds-${{ inputs.pds-solution }} Helm chart + push to ghcr
shell: bash
run: |
PDS_SOLUTION="${{ inputs.pds-solution }}"
HELM_DIR="sechub-pds-solutions/${PDS_SOLUTION}/helm"
if [ ! -d "$HELM_DIR" ] ; then
echo "No directory named \"$HELM_DIR\" found - skipping Helm chart creation"
exit 0
fi
cd "$HELM_DIR"
echo "# Building Helm chart for pds-${PDS_SOLUTION}"
helm package pds-${PDS_SOLUTION}
helm push pds-${PDS_SOLUTION}-*.tgz $ACTIONS_HELM_REGISTRY