Skip to content

Release DongTai-Server #69

Release DongTai-Server

Release DongTai-Server #69

Workflow file for this run

name: Release DongTai-Server
on:
release:
types: [ created, edited ]
workflow_dispatch:
inputs:
agent_version:
required: true
type: string
server_version:
required: true
type: string
jobs:
build:
if: ${{ github.repository_owner == 'HXSecurity' }}
runs-on: ubuntu-latest
permissions:
contents: write
strategy:
max-parallel: 4
matrix:
python-version: [3.7]
steps:
- name: start-build
uses: joelwmale/webhook-action@master
with:
url: ${{ secrets.DONGTAI_WEBHOOK_URL }}
body: '{"msg_type": "interactive","card": {"config": {"wide_screen_mode": true,"enable_forward": true},"elements": [{"tag": "div","text": {"content": "状态:项目${{github.repository}}构建开始\n分支:${{github.ref}}\n流程:${{github.workflow}}\n构建编号:${{github.run_number}}\n触发事件:${{github.event_name}}\n提交人:${{github.actor}}\nSHA-1:${{github.sha}}\n","tag": "lark_md"}}]}}'
- name: Checkout
uses: actions/checkout@v2
- name: Set the value
id: release
run: |
TAG_NAME=${{ github.event.release.tag_name }}
ID=`echo ${TAG_NAME##v}`
if [ -z "${{ inputs.server_version }}" ]
then
echo "variable is empty"
else
ID=${{ inputs.server_version }}
fi
echo "iast_version=$ID" >> $GITHUB_ENV
- name: Generate version file
run: |
bash .github/workflows/version_update.sh "${{ env.iast_version }}"
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DONGTAI_DOCKERHUB_USERNAME }}
password: ${{ secrets.DONGTAI_DOCKERHUB_TOKEN }}
- name: Login to Aliyun Registry
uses: docker/login-action@v1
with:
registry: ${{ secrets.ALIYUN_REGISTRY_HONGKONG }}
username: ${{ secrets.ALIYUN_DOCKERHUB_USER }}
password: ${{ secrets.ALIYUN_DOCKERHUB_PASSWORD }}
- run: |
echo "REPLACE INTO project_version_control (version, component_name, component_version_hash) VALUES('${{ env.iast_version }}', '${{ github.event.repository.name }}', '${GITHUB_SHA}');" >> ./deploy/docker/version.sql
- name: Upload COS java
uses: zkqiang/[email protected]
with:
args: download -rs /agent/java/latest/ ./ --include "*.jar"
secret_id: ${{ secrets.TENSECRET_ID }}
secret_key: ${{ secrets.TENSECRET_KEY }}
bucket: dongtai-helm-charts-1251882848
region: ap-hongkong
- name: Upload COS python
uses: zkqiang/[email protected]
with:
args: download -rs /agent/python/ ./ --include "*.tar.gz"
secret_id: ${{ secrets.TENSECRET_ID }}
secret_key: ${{ secrets.TENSECRET_KEY }}
bucket: dongtai-helm-charts-1251882848
region: ap-hongkong
- name: Upload COS php
uses: zkqiang/[email protected]
with:
args: download -rs /agent/php/ ./ --include "*.tar.gz"
secret_id: ${{ secrets.TENSECRET_ID }}
secret_key: ${{ secrets.TENSECRET_KEY }}
bucket: dongtai-helm-charts-1251882848
region: ap-hongkong
- name: Setup QEMU
uses: docker/setup-qemu-action@v2
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build and push
uses: docker/build-push-action@v3
with:
file: Dockerfile
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: |
dongtai/dongtai-server:latest
dongtai/dongtai-server:${{ env.iast_version }}
- name: finish build
uses: joelwmale/webhook-action@master
with:
url: ${{ secrets.DONGTAI_WEBHOOK_URL }}
body: '{"msg_type": "interactive","card": {"config": {"wide_screen_mode": true,"enable_forward": true},"elements": [{"tag": "div","text": {"content": "状态:项目${{github.repository}}构建成功\n分支:${{github.ref}}\n流程:${{github.workflow}}\n构建编号:${{github.run_number}}\n触发事件:${{github.event_name}}\n提交人:${{github.actor}}\nSHA-1:${{github.sha}}\n","tag": "lark_md"}}]}}'
helm:
if: ${{ github.repository_owner == 'HXSecurity' }}
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set the value
id: release
run: |
TAG_NAME=${{ github.event.release.tag_name }}
ID=`echo ${TAG_NAME##v}`
if [ -z "${{ inputs.server_version }}" ]
then
echo "variable is empty"
else
ID=${{ inputs.server_version }}
fi
echo "iast_version=$ID" >> $GITHUB_ENV
- uses: azure/setup-helm@v1
with:
version: 'latest'
id: install
- name: Get the release version
id: get_version
run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/}
- name: Download existed repo files
run: |
sed -i "s#tag: latest#tag: ${{ env.iast_version }}#g" deploy/kubernetes/helm/values.yaml
mkdir -p /home/runner/work/cos
# - name: Upload COS php
# uses: zkqiang/[email protected]
# with:
# args: download -rs iast/ /home/runner/work/cos --ignore "*.yaml"
# secret_id: ${{ secrets.TENSECRET_ID }}
# secret_key: ${{ secrets.TENSECRET_KEY }}
# bucket: dongtai-helm-charts-1251882848
# region: ap-hongkong
- name: install deploy
run: sudo pip install coscmd
- name: 配置COS
env:
SECRET_ID: ${{ secrets.TENSECRET_ID }}
SECRET_KEY: ${{ secrets.TENSECRET_KEY }}
BUCKET: dongtai-helm-charts-1251882848
REGION: ap-hongkong
run: |
coscmd config -a $SECRET_ID -s $SECRET_KEY -b $BUCKET -r $REGION
coscmd download -rs iast/ /home/runner/work/cos --ignore "*.yaml"
- name: Create helm package
run: |
ls /home/runner/work/cos
helm package deploy/kubernetes/helm -d /home/runner/work/cos --app-version ${{ env.iast_version }} --version ${{ env.iast_version }}
ls /home/runner/work/cos
helm repo index /home/runner/work/cos --url ${{ secrets.DONGTAI_IAST_CHART_REPO_URL }}
- name: Upload COS 2
uses: zkqiang/[email protected]
with:
args: upload -rs /home/runner/work/cos/dongtai-iast-${{ env.iast_version }}.tgz /iast/ && upload -rs /home/runner/work/cos/index.yaml /iast/
secret_id: ${{ secrets.TENSECRET_ID }}
secret_key: ${{ secrets.TENSECRET_KEY }}
bucket: dongtai-helm-charts-1251882848
region: ap-hongkong