diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..9a7f3f2f --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,144 @@ +name: release + +on: + push: + tags: + - '[0-9]+.[0-9]+.[0-9]+\-?*' + +jobs: + compile: + name: Cross compile binaries + runs-on: ubuntu-latest + container: + image: golangci/golangci-lint:latest + steps: + - name: Checkout Code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Make repo safe + run: git config --global --add safe.directory /__w/SOARCA/SOARCA + + - name: Install swaggo + run: go install github.com/swaggo/swag/cmd/swag@latest + + - name: Build with make + run: | + go install github.com/swaggo/swag/cmd/swag@latest + go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest + make compile + make sbom + + - name: 'Upload Artifact' + uses: actions/upload-artifact@v4 + with: + name: ${{ github.sha }} + path: bin/* + retention-days: 1 + + docker-build: + needs: compile + name: Build docker image and release it to docker hub + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Make repo safe + run: git config --global --add safe.directory /__w/SOARCA/SOARCA + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Download bin + uses: actions/download-artifact@v4 + with: + pattern: ${{ github.sha }} + + - name: Move files to bin folder + run: | + mkdir -p bin + mv ${{ github.sha }}/* ./bin/ + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + + - name: Get version + run: | + export VERSION=$(git describe --tags --dirty) + echo "describe_version=$(git describe --tags --dirty)" >> "$GITHUB_ENV" + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + build-args: | + VERSION=${{ env.describe_version }} + push: true + tags: cossas/soarca:${{ env.describe_version }} + + release-binary: + needs: compile + name: Create release artifacts + runs-on: ubuntu-latest + steps: + - name: Setup Go + uses: actions/setup-go@v4 + with: + go-version: '1.21.x' + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + - name: Checkout Code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Make repo safe + run: git config --global --add safe.directory /__w/SOARCA/SOARCA + + - name: Build and sbom swagger + run: | + go install github.com/swaggo/swag/cmd/swag@latest + go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest + swag init -o swaggerdocs + make sbom + zip -r bin/sbom.zip bin + + - name: Release soarca binary + uses: goreleaser/goreleaser-action@v5 + with: + distribution: goreleaser + version: latest + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} + + - name: Upload release sbom + uses: actions/github-script@v4 + with: + script: | + const fs = require('fs'); + const tag = context.ref.replace("refs/tags/", ""); + // Get release for this tag + const release = await github.repos.getReleaseByTag({ + owner: context.repo.owner, + repo: context.repo.repo, + tag + }); + // Upload the release asset + await github.repos.uploadReleaseAsset({ + owner: context.repo.owner, + repo: context.repo.repo, + release_id: release.data.id, + name: "sbom.zip", + data: await fs.readFileSync("bin/sbom.zip") + }); \ No newline at end of file diff --git a/makefile b/makefile index 33ee41d2..dc75d521 100644 --- a/makefile +++ b/makefile @@ -42,7 +42,7 @@ compile: sbom: echo "Generating SBOMs" - + mkdir -p bin CGO_ENABLED=0 GOOS=linux GOARCH=amd64 cyclonedx-gomod app -json -licenses -output bin/${BINARY_NAME}-${VERSION}-linux-amd64.bom.json CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 cyclonedx-gomod app -json -licenses -output bin/${BINARY_NAME}-${VERSION}-darwin-amd64.bom.json CGO_ENABLED=0 GOOS=windows GOARCH=amd64 cyclonedx-gomod app -json -licenses -output bin/${BINARY_NAME}-${VERSION}-windows-amd64.bom.json