forked from lf-edge/edge-home-orchestration-go
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Taras Drozdovskyi <[email protected]>
- Loading branch information
1 parent
2744f38
commit 4706d13
Showing
1 changed file
with
293 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,48 +8,305 @@ permissions: | |
| contents: read | ||
|
|
||
| jobs: | ||
| publish: | ||
| runs-on: ubuntu-20.04 | ||
| # publish: | ||
| # runs-on: ubuntu-20.04 | ||
| # steps: | ||
| # - name: Check out the repo | ||
| # uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | ||
|
|
||
| # - name: Setup Golang | ||
| # uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 | ||
| # with: | ||
| # go-version: '1.19' | ||
|
|
||
| # - name: Set up QEMU | ||
| # uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 | ||
|
|
||
| # - name: Extract metadata (tags, labels) for Docker | ||
| # id: meta | ||
| # uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 | ||
| # with: | ||
| # images: lfedge/edge-home-orchestration-go | ||
| # tags: | | ||
| # type=semver,pattern={{version}} | ||
|
|
||
| # - name: Set up Docker Buildx | ||
| # uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 | ||
|
|
||
| # - name: Log in to Docker Hub | ||
| # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d | ||
| # with: | ||
| # username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| # password: ${{ secrets.DOCKERHUB_PASSWORD }} | ||
|
|
||
| # - name: Copy Dockerfile | ||
| # run: | | ||
| # make distclean | ||
| # cp configs/defdockerfiles/ubuntu_multistage Dockerfile | ||
|
|
||
| # - name: Build and push | ||
| # uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 | ||
| # with: | ||
| # context: . | ||
| # build-args: TARGETVERSION=v${{ steps.meta.outputs.version }} | ||
| # platforms: linux/amd64,linux/arm64,linux/arm/v7 | ||
| # push: true | ||
| # tags: ${{ steps.meta.outputs.tags }} | ||
| # labels: ${{ steps.meta.outputs.labels }} | ||
|
|
||
| # Create Release | ||
| create-release: | ||
| permissions: | ||
| contents: write # for marvinpinto/action-automatic-releases to generate pre-release | ||
| # needs: [build] | ||
| name: Create Release | ||
| runs-on: "ubuntu-latest" | ||
|
|
||
| steps: | ||
| - name: Check out the repo | ||
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - name: Setup Golang | ||
| uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 | ||
| - uses: marvinpinto/action-automatic-releases@d68defdd11f9dcc7f52f35c1b7c236ee7513bcc1 | ||
| with: | ||
| go-version: '1.19' | ||
| repo_token: "${{ secrets.GITHUB_TOKEN }}" | ||
| prerelease: false | ||
| title: "Edge-Orchestration ${{ github.ref_name }}" | ||
|
|
||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 | ||
| # Generate Provenance | ||
| provenance: | ||
| needs: [create-release] | ||
| name: Generate Provenance | ||
| permissions: | ||
| actions: read # To read the workflow path. | ||
| id-token: write # To sign the provenance. | ||
| contents: write # To add assets to a release. | ||
|
|
||
| - name: Extract metadata (tags, labels) for Docker | ||
| id: meta | ||
| uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 | ||
| with: | ||
| images: lfedge/edge-home-orchestration-go | ||
| tags: | | ||
| type=semver,pattern={{version}} | ||
| uses: robinraju/[email protected] | ||
| with: | ||
| repository: "owner/repo" | ||
| latest: true | ||
| tarBall: true | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 | ||
| name: Generate subject | ||
| id: hash | ||
| run: | | ||
| echo "hashes=$(sha256sum edge-home-orchestration-go-1.2.1.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT" | ||
| - name: Log in to Docker Hub | ||
| uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | ||
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | ||
| with: | ||
| base64-subjects: "$hashes" #"${{ needs.build.outputs.hashes }}" | ||
| upload-assets: true # Optional: Upload to a new release | ||
|
|
||
| - name: Copy Dockerfile | ||
| run: | | ||
| make distclean | ||
| cp configs/defdockerfiles/ubuntu_multistage Dockerfile | ||
|
|
||
| - name: Build and push | ||
| uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 | ||
| with: | ||
| context: . | ||
| build-args: TARGETVERSION=v${{ steps.meta.outputs.version }} | ||
| platforms: linux/amd64,linux/arm64,linux/arm/v7 | ||
| push: true | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| # # // | ||
| # jobs: | ||
| # # Build LPVS | ||
| # build: | ||
| # runs-on: ubuntu-latest | ||
| # name: Build LPVS | ||
| # outputs: | ||
| # artifacts: ${{ steps.build.outputs.artifacts }} | ||
| # hashes: ${{ steps.hash.outputs.hashes }} | ||
| # version: ${{ steps.lpvs_version.outputs.version }} | ||
|
|
||
| # steps: | ||
| # - name: Harden Runner | ||
| # uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | ||
| # with: | ||
| # egress-policy: audit | ||
|
|
||
| # - name: Checkout repository | ||
| # uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 | ||
|
|
||
| # - name: Set up JDK 17 | ||
| # uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 | ||
| # with: | ||
| # java-version: '17' | ||
| # distribution: 'temurin' | ||
| # cache: maven | ||
|
|
||
| # - name: Build using maven | ||
| # id: build | ||
| # run: | | ||
| # # Your normal build workflow targets here | ||
| # # mvn clean package | ||
| # mvn -B package --file pom.xml | ||
|
|
||
| # # Save the location of the maven output files for easier reference | ||
| # ARTIFACT_PATTERN=./target/$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)-$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)*.jar | ||
| # echo "artifact_pattern=$ARTIFACT_PATTERN" >> "$GITHUB_OUTPUT" | ||
|
|
||
| # - name: Generate subject | ||
| # id: hash | ||
| # run: | | ||
| # echo "hashes=$(sha256sum ${{ steps.build.outputs.artifact_pattern }} | base64 -w0)" >> "$GITHUB_OUTPUT" | ||
|
|
||
| # - name: Get LPVS version | ||
| # id: lpvs_version | ||
| # run: | | ||
| # VERSION=${{ github.ref_name }} | ||
| # echo "version=lpvs-${VERSION:1}.jar" >> "$GITHUB_OUTPUT" | ||
|
|
||
| # - name: Upload build artifacts | ||
| # uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # tag=v3 | ||
| # with: | ||
| # name: ${{ steps.lpvs_version.outputs.version }} | ||
| # path: ./target/${{ steps.lpvs_version.outputs.version }} | ||
| # if-no-files-found: error | ||
|
|
||
| # # Create Release | ||
| # create-release: | ||
| # permissions: | ||
| # contents: write # for marvinpinto/action-automatic-releases to generate pre-release | ||
| # needs: [build] | ||
| # name: Create Release | ||
| # runs-on: "ubuntu-latest" | ||
|
|
||
| # steps: | ||
| # - name: Harden Runner | ||
| # uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | ||
| # with: | ||
| # egress-policy: audit | ||
|
|
||
| # - uses: marvinpinto/action-automatic-releases@d68defdd11f9dcc7f52f35c1b7c236ee7513bcc1 | ||
| # with: | ||
| # repo_token: "${{ secrets.GITHUB_TOKEN }}" | ||
| # prerelease: false | ||
| # title: "LPVS ${{ github.ref_name }}" | ||
|
|
||
| # # Generate Provenance | ||
| # provenance: | ||
| # needs: [build, create-release] | ||
| # name: Generate Provenance | ||
| # permissions: | ||
| # actions: read # To read the workflow path. | ||
| # id-token: write # To sign the provenance. | ||
| # contents: write # To add assets to a release. | ||
| # uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | ||
| # with: | ||
| # base64-subjects: "${{ needs.build.outputs.hashes }}" | ||
| # upload-assets: true # Optional: Upload to a new release | ||
|
|
||
| # # Upload Assets | ||
| # release: | ||
| # permissions: | ||
| # contents: write # for softprops/action-gh-release to create GitHub release | ||
| # needs: [build, create-release, provenance] | ||
| # name: Upload Assets | ||
| # runs-on: ubuntu-latest | ||
| # if: startsWith(github.ref, 'refs/tags/') | ||
| # steps: | ||
| # - name: Harden Runner | ||
| # uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | ||
| # with: | ||
| # egress-policy: audit | ||
|
|
||
| # - name: Download ${{ needs.build.outputs.version }} | ||
| # uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # tag=v2.1.0 | ||
| # with: | ||
| # name: ${{ needs.build.outputs.version }} | ||
|
|
||
| # - name: Upload assets | ||
| # uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # v0.1.14 | ||
| # with: | ||
| # files: | | ||
| # ${{ needs.build.outputs.version }} | ||
|
|
||
| # # Generate and Publish Javadoc | ||
| # generate-and-publish-javadoc: | ||
| # name: Generate and Publish Javadoc | ||
| # runs-on: ubuntu-latest | ||
|
|
||
| # permissions: | ||
| # contents: write | ||
| # pages: write | ||
|
|
||
| # steps: | ||
| # - name: Harden Runner | ||
| # uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | ||
| # with: | ||
| # egress-policy: audit | ||
|
|
||
| # - name: Checkout code | ||
| # uses: actions/checkout@d0651293c4a5a52e711f25b41b05b2212f385d28 | ||
|
|
||
| # - name: Set up JDK | ||
| # uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 | ||
| # with: | ||
| # java-version: '17' | ||
| # distribution: 'temurin' | ||
| # cache: maven | ||
|
|
||
| # - name: Build and generate Javadoc | ||
| # run: | | ||
| # mvn clean install javadoc:javadoc | ||
| # env: | ||
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| # - name: Deploy to GitHub Pages | ||
| # uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 | ||
| # with: | ||
| # github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| # publish_dir: ./target/site/apidocs | ||
|
|
||
| # # Publish package to GitHub Packages | ||
| # publish_package: | ||
| # name: Publish package to GitHub Packages | ||
| # runs-on: ubuntu-latest | ||
| # permissions: | ||
| # contents: read | ||
| # packages: write | ||
| # steps: | ||
| # - name: Harden Runner | ||
| # uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | ||
| # with: | ||
| # egress-policy: audit | ||
|
|
||
| # - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | ||
| # - uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 | ||
| # with: | ||
| # java-version: '17' | ||
| # distribution: 'temurin' | ||
| # - name: Publish package | ||
| # run: mvn --batch-mode deploy | ||
| # env: | ||
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| # # Publish Docker Image to ghcr.io | ||
| # publish_docker_image: | ||
| # name: Publish Docker Image to ghcr.io | ||
| # runs-on: ubuntu-latest | ||
| # permissions: | ||
| # contents: read | ||
| # packages: write | ||
| # steps: | ||
| # - name: Harden Runner | ||
| # uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | ||
| # with: | ||
| # egress-policy: audit | ||
|
|
||
| # - name: Check out the repo | ||
| # uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 | ||
|
|
||
| # - name: Log in to the Container registry | ||
| # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d | ||
| # with: | ||
| # registry: ghcr.io | ||
| # username: ${{ github.actor }} | ||
| # password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| # - name: Extract metadata (tags, labels) for Docker | ||
| # id: meta | ||
| # uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 | ||
| # with: | ||
| # images: ghcr.io/${{ github.repository }} | ||
|
|
||
| # - name: Build and push Docker image | ||
| # uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 | ||
| # with: | ||
| # context: . | ||
| # push: true | ||
| # tags: ${{ steps.meta.outputs.tags }} | ||
| # labels: ${{ steps.meta.outputs.labels }} | ||