Deployment of Docker and release (#13)

COSSAS · Mar 8, 2024 · ec6629a · ec6629a
1 parent cc340f9
commit ec6629a
Show file tree

Hide file tree

Showing 2 changed files with 145 additions and 1 deletion.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,144 @@
+name: release
+
+on:
+  push:
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+\-?*'
+
+jobs:
+  compile:
+    name: Cross compile binaries
+    runs-on: ubuntu-latest
+    container:
+      image: golangci/golangci-lint:latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Make repo safe
+        run: git config --global --add safe.directory /__w/SOARCA/SOARCA
+
+      - name: Install swaggo
+        run:  go install github.com/swaggo/swag/cmd/swag@latest 
+
+      - name: Build with make
+        run: |
+          go install github.com/swaggo/swag/cmd/swag@latest
+          go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
+          make compile
+          make sbom
+
+      - name: 'Upload Artifact'
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ github.sha }}
+          path: bin/*
+          retention-days: 1
+
+  docker-build:
+    needs: compile
+    name: Build docker image and release it to docker hub
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Make repo safe
+        run: git config --global --add safe.directory /__w/SOARCA/SOARCA
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Download bin
+        uses: actions/download-artifact@v4
+        with: 
+          pattern: ${{ github.sha }}
+
+      - name: Move files to bin folder
+        run: |
+          mkdir -p bin 
+          mv ${{ github.sha }}/* ./bin/
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Get version
+        run: |
+          export VERSION=$(git describe --tags --dirty)
+          echo "describe_version=$(git describe --tags --dirty)" >> "$GITHUB_ENV"
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          build-args: |
+            VERSION=${{ env.describe_version }}
+          push: true
+          tags: cossas/soarca:${{ env.describe_version }}
+
+  release-binary:
+    needs: compile
+    name: Create release artifacts
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.21.x'
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Make repo safe
+        run: git config --global --add safe.directory /__w/SOARCA/SOARCA
+
+      - name: Build and sbom swagger
+        run: |
+          go install github.com/swaggo/swag/cmd/swag@latest
+          go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
+          swag init -o swaggerdocs
+          make sbom
+          zip -r bin/sbom.zip bin
+
+      - name: Release soarca binary
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+
+      - name: Upload release sbom
+        uses: actions/github-script@v4
+        with:
+          script: |
+            const fs = require('fs');
+            const tag = context.ref.replace("refs/tags/", "");
+            // Get release for this tag
+            const release = await github.repos.getReleaseByTag({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              tag
+            });
+            // Upload the release asset
+            await github.repos.uploadReleaseAsset({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              release_id: release.data.id,
+              name: "sbom.zip",
+              data: await fs.readFileSync("bin/sbom.zip")
+            });
diff --git a/makefile b/makefile
@@ -42,7 +42,7 @@ compile:
 
 sbom:
 	echo "Generating SBOMs"
-
+	mkdir -p bin
 	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 cyclonedx-gomod app -json -licenses -output bin/${BINARY_NAME}-${VERSION}-linux-amd64.bom.json
 	CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 cyclonedx-gomod app -json -licenses -output bin/${BINARY_NAME}-${VERSION}-darwin-amd64.bom.json
 	CGO_ENABLED=0 GOOS=windows GOARCH=amd64 cyclonedx-gomod app -json -licenses -output bin/${BINARY_NAME}-${VERSION}-windows-amd64.bom.json