chore: bump version to 1.41.0 #90
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish GHCR Container | |
| # Publish a multi-platform container when a version is tagged | |
| on: | |
| workflow_dispatch: | |
| push: | |
| tags: | |
| - "v*.*.*" | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME_BASE: scanoss/scanoss-py-base | |
| IMAGE_NAME: scanoss/scanoss-py | |
| IMAGE_JENKINS: scanoss/scanoss-py-jenkins | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| # This is used to complete the identity challenge with sigstore/fulcio when running outside of PRs. | |
| id-token: write | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| # Setup and build python package | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.9.x' | |
| - name: Install Dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements-dev.txt | |
| - name: Build package | |
| run: make dist | |
| # Add support for more platforms with QEMU | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| # Workaround: https://github.com/docker/build-push-action/issues/461 | |
| # uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf | |
| - name: Setup Docker buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # Login against a Docker registry except on PR | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Extract metadata (tags, labels) for Docker | |
| - name: Extract Docker metadata - no entrypoint | |
| id: meta-ne | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME_BASE }}" | |
| # Build and push Docker image with Buildx (don't push on PR) | |
| - name: Build and push Docker image - Base (no entrypoint) | |
| id: build-and-push-ne | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta-ne.outputs.tags }} | |
| labels: ${{ steps.meta-ne.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| provenance: false | |
| target: no_entry_point | |
| # Extract metadata (tags, labels) for Docker | |
| - name: Extract Docker metadata - jenkins | |
| id: meta-je | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: "${{ env.REGISTRY }}/${{ env.IMAGE_JENKINS }}" | |
| # Build and push Docker image with Buildx (don't push on PR) | |
| - name: Build and push Docker image - Jenkins | |
| id: build-and-push-je | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta-je.outputs.tags }} | |
| labels: ${{ steps.meta-je.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| provenance: false | |
| target: jenkins | |
| # Extract metadata (tags, labels) for Docker | |
| - name: Extract Docker metadata - entrypoint | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" | |
| # Build and push Docker image with Buildx (don't push on PR) | |
| - name: Build and push Docker image - EP (entrypoint) | |
| id: build-and-push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| provenance: false | |
| target: with_entry_point | |
| # Test the docker image | |
| - name: Test Published Image | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
| docker run ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} version | |
| docker run ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} utils fast | |
| docker run -e SCANOSS_API_KEY="${{ secrets.SC_API_KEY }}" -v "$(pwd)":"/scanoss" ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} scan -o results.json tests | |
| id_count=$(cat results.json | grep '"id":' | wc -l) | |
| echo "ID Count: $id_count" | |
| if [[ $id_count -lt 1 ]]; then | |
| echo "Error: Scan test did not produce any results. Failing" | |
| exit 1 | |
| fi | |
| # Install the cosign tool except on PR | |
| # - name: Install cosign | |
| # if: github.event_name != 'pull_request' | |
| # uses: sigstore/cosign-installer@v2 | |
| # | |
| # - name: Check Cosign Version | |
| # run: cosign version | |
| # | |
| # - name: Sign Docker Image | |
| # if: ${{ github.event_name != 'pull_request' }} | |
| # env: | |
| # TAGS: ${{ steps.meta.outputs.tags }} | |
| # COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}} | |
| # COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} | |
| # run: cosign sign --key env://COSIGN_PRIVATE_KEY --no-tlog-upload=true ${TAGS} | |
| # - name: Sign the images with GitHub OIDC Token | |
| # run: cosign sign ${TAGS} | |
| # env: | |
| # TAGS: ${{ steps.meta.outputs.tags }} | |
| # COSIGN_EXPERIMENTAL: true | |