-
Notifications
You must be signed in to change notification settings - Fork 364
93 lines (80 loc) · 2.99 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
name: release
on:
push:
env:
IMAGE_NAME: "splunk/attack_range"
jobs:
#This will prevent anything below from running if we're not
#on a tag, but for good measure and verbosity we will
#still check that each of these steps only runs against
#a tag.
validate-tag-if-present:
runs-on: ubuntu-latest
steps:
- name: TAGGED, Validate that the tag is in the correct format
run: |
echo "The GITHUB_REF: $GITHUB_REF"
#First check to see if the release is a tag
if [[ $GITHUB_REF =~ refs/tags/* ]]; then
#Yes, this is a tag, so we need to test to make sure that the tag
#is in the correct format (like v1.10.20)
if [[ $GITHUB_REF =~ refs/tags/v[0-9]+.[0-9]+.[0-9]+ ]]; then
echo "PASS: Tagged release with good format"
exit 0
else
echo "FAIL: Tagged release with bad format"
exit 1
fi
else
echo "PASS: Not a tagged release"
exit 0
fi
publish-github-release:
runs-on: ubuntu-latest
needs: [validate-tag-if-present]
if: startsWith(github.ref, 'refs/tags/v')
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
ref: 'develop'
#Rename the build artifacts artifacts appropriately
- name: Set tag
id: vars
run: echo ::set-output name=tag::${GITHUB_REF#refs/*/}
- name: Prepare Release for Publishing on github
run: |
cd ..
tar -zcvf attack-range-${{ steps.vars.outputs.tag }}.tar.gz attack_range
sha256sum attack-range-${{ steps.vars.outputs.tag }}.tar.gz > checksum-${{ steps.vars.outputs.tag }}.txt
#Upload all of the release artifacts that we have created using the third party
#action recommended bu Github
- name: Upload Release Artifacts
uses: softprops/action-gh-release@v2
with:
files: |
../attack-range-${{ steps.vars.outputs.tag }}.tar.gz
../checksum-%{{ steps.vars.outputs.tag }}.txt
#We can trivially combine these next two steps. In the original
#test, these were two different steps -
#build-docker-image and publish-docker-image
build-and-publish-docker-image:
runs-on: ubuntu-latest
needs: [validate-tag-if-present, publish-github-release]
if: startsWith(github.ref, 'refs/tags/v')
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
ref: 'develop'
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Setup Docker Build and Push
uses: docker/build-push-action@v6
with:
push: true
context: docker/ #do the build in the docker directory, not current working directory
tags: ${{ env.IMAGE_NAME }}:latest