276c5da9f5
* Add zap scanning for DocumentServer * Set branch name as ref for manual trigger * Use master as default zap action branch * Move zap action to master branch * Fix token variable name * Small cosmetic fix * Modify zap action trigger condition Run zap scanner only when documentserver edition hit community and branch hit in `release/` or `hotfix/`
174 lines
5.3 KiB
YAML
174 lines
5.3 KiB
YAML
### This workflow setup instance then build and push images ###
|
|
name: 4testing multiarch-build
|
|
run-name: >-
|
|
Build #${{ inputs.build }} [
|
|
${{ inputs.amd64 && 'AMD64' || '-' }}
|
|
${{ inputs.arm64 && 'ARM64' || '-' }}
|
|
] [
|
|
${{ inputs.community && 'CE' || '-' }}
|
|
${{ inputs.developer && 'DE' || '-' }}
|
|
${{ inputs.enterprise && 'EE' || '-' }}
|
|
]
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
build:
|
|
description: 'Build number (ex. 45)'
|
|
type: string
|
|
required: true
|
|
amd64:
|
|
type: boolean
|
|
description: 'Build AMD64'
|
|
default: true
|
|
arm64:
|
|
type: boolean
|
|
description: 'Build ARM64'
|
|
default: true
|
|
community:
|
|
type: boolean
|
|
description: 'Build Community Edition'
|
|
default: true
|
|
enterprise:
|
|
type: boolean
|
|
description: 'Build Enterprise Edition'
|
|
default: true
|
|
developer:
|
|
type: boolean
|
|
description: 'Build Developer Edition'
|
|
default: true
|
|
|
|
env:
|
|
COMPANY_NAME: "onlyoffice"
|
|
PRODUCT_NAME: "documentserver"
|
|
|
|
jobs:
|
|
prepare:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- id: matrix
|
|
run: |
|
|
set -ex
|
|
|
|
BRANCH_NAME=${GITHUB_REF#refs/heads/}
|
|
if ! [[ $BRANCH_NAME == develop || $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then
|
|
echo "Wrong branch."
|
|
exit 1
|
|
fi
|
|
|
|
[ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64")
|
|
[ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64")
|
|
if [ -z ${PLATFORMS} ]; then
|
|
echo "None of the platforms are selected."
|
|
exit 1
|
|
fi
|
|
|
|
[ ${{ github.event.inputs.community }} = true ] && EDITIONS+=("community")
|
|
[ ${{ github.event.inputs.enterprise }} = true ] && EDITIONS+=("enterprise")
|
|
[ ${{ github.event.inputs.developer }} = true ] && EDITIONS+=("developer")
|
|
if [ -z ${EDITIONS} ]; then
|
|
echo "None of the editions are selected."
|
|
exit 1
|
|
fi
|
|
echo "editions=$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')" >> $GITHUB_OUTPUT
|
|
outputs:
|
|
editions: ${{ steps.matrix.outputs.editions }}
|
|
|
|
build:
|
|
name: "Build ${{ matrix.image }}-${{ matrix.edition }}"
|
|
runs-on: ubuntu-latest
|
|
needs: prepare
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
image: ["documentserver"]
|
|
edition: ${{ fromJSON(needs.prepare.outputs.editions) }}
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v2
|
|
|
|
- name: Set up Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@v2
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v2
|
|
with:
|
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
|
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
|
|
|
|
- name: Build 4testing
|
|
id: build-ds
|
|
run: |
|
|
set -eux
|
|
|
|
### ==>> At this step build variable declaration ###
|
|
|
|
case ${{ matrix.edition }} in
|
|
community)
|
|
PRODUCT_EDITION=""
|
|
;;
|
|
enterprise)
|
|
PRODUCT_EDITION="-ee"
|
|
;;
|
|
developer)
|
|
PRODUCT_EDITION="-de"
|
|
;;
|
|
esac
|
|
|
|
[ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64")
|
|
[ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64")
|
|
PLATFORM=$(echo ${PLATFORMS[*]/#/linux/} | tr ' ' ',')
|
|
|
|
BRANCH_NAME=${GITHUB_REF#refs/heads/}
|
|
if [ $BRANCH_NAME = develop ]; then
|
|
BUILD_CHANNEL=nightly
|
|
PRODUCT_VERSION=99.99.99
|
|
elif [[ $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then
|
|
BUILD_CHANNEL=test
|
|
PRODUCT_VERSION=${BRANCH_NAME#*/v}
|
|
fi
|
|
BUILD_NUMBER=${{ github.event.inputs.build }}
|
|
|
|
export PRODUCT_EDITION
|
|
export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER}
|
|
export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}
|
|
export BUILD_CHANNEL
|
|
export PLATFORM
|
|
export DOCKERFILE=Dockerfile
|
|
export PREFIX_NAME=4testing-
|
|
export TAG=${PRODUCT_VERSION}.${BUILD_NUMBER}
|
|
|
|
### ==>> Build and push images at this step ###
|
|
|
|
docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push
|
|
echo "DONE: Build success"
|
|
|
|
### Set output for Zap scanner
|
|
### NOTE: Output will be used only in release/hotfix branches
|
|
|
|
echo "version=${TAG}" >> "$GITHUB_OUTPUT"
|
|
echo "branch=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
|
|
shell: bash
|
|
|
|
# Run scanner only when edition is community
|
|
# and branch hit release/ or hotfix/
|
|
- name: Trigger zap manualy
|
|
if: >-
|
|
matrix.edition == '' &&
|
|
(startsWith(steps.build-ds.outputs.branch, 'release/') ||
|
|
startsWith(steps.build-ds.outputs.branch, 'hotfix/'))
|
|
env:
|
|
VERSION: ${{ steps.build-ds.outputs.version }}
|
|
BRANCH: ${{ steps.build-ds.outputs.branch }}
|
|
GITHUB_TOKEN: ${{ secrets.TOKEN }}
|
|
run: |
|
|
gh workflow run zap-ds.yaml \
|
|
--repo ${{ github.repository }} \
|
|
-f branch=${BRANCH} \
|
|
-f version=${VERSION}
|
|
shell: bash
|
|
|