mirror of
https://github.com/mattermost/mattermost.git
synced 2026-02-03 20:40:00 -05:00
3c47f2055b
Some checks are pending
API / build (push) Waiting to run
Server CI / Compute Go Version (push) Waiting to run
Server CI / Check mocks (push) Blocked by required conditions
Server CI / Check go mod tidy (push) Blocked by required conditions
Server CI / check-style (push) Blocked by required conditions
Server CI / Check serialization methods for hot structs (push) Blocked by required conditions
Server CI / Vet API (push) Blocked by required conditions
Server CI / Check migration files (push) Blocked by required conditions
Server CI / Generate email templates (push) Blocked by required conditions
Server CI / Check store layers (push) Blocked by required conditions
Server CI / Check mmctl docs (push) Blocked by required conditions
Server CI / Postgres with binary parameters (push) Blocked by required conditions
Server CI / Postgres (push) Blocked by required conditions
Server CI / Postgres (FIPS) (push) Blocked by required conditions
Server CI / Generate Test Coverage (push) Blocked by required conditions
Server CI / Run mmctl tests (push) Blocked by required conditions
Server CI / Run mmctl tests (FIPS) (push) Blocked by required conditions
Server CI / Build mattermost server app (push) Blocked by required conditions
Web App CI / check-lint (push) Waiting to run
Web App CI / check-i18n (push) Waiting to run
Web App CI / check-types (push) Waiting to run
Web App CI / test (push) Waiting to run
Web App CI / build (push) Waiting to run
* s/Server CI (PR|Master)/Server CI/ * whitespace changes * fixup! s/Server CI (PR|Master)/Server CI/ * Check workflow event type instead of name for PR reporting Address code review feedback by checking github.event.workflow_run.event instead of github.event.workflow_run.name since Server CI now runs for both PRs and master branches. --------- Co-authored-by: Mattermost Build <build@mattermost.com>
182 lines
7.5 KiB
YAML
182 lines
7.5 KiB
YAML
name: Server CI Artifacts
|
|
|
|
on:
|
|
workflow_run:
|
|
workflows:
|
|
- "Server CI"
|
|
types:
|
|
- completed
|
|
|
|
env:
|
|
COSIGN_VERSION: 2.2.0
|
|
|
|
jobs:
|
|
## We only need the condition on the first job
|
|
## This will run only when a pull request is created with server changes
|
|
update-initial-status:
|
|
if: github.repository_owner == 'mattermost' && github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: mattermost/actions/delivery/update-commit-status@d5174b860704729f4c14ef8489ae075742bfa08a
|
|
env:
|
|
GITHUB_TOKEN: ${{ github.token }}
|
|
with:
|
|
repository_full_name: ${{ github.repository }}
|
|
commit_sha: ${{ github.event.workflow_run.head_sha }}
|
|
context: Server CI/Artifacts Build
|
|
description: Artifacts upload and build for mattermost team platform
|
|
status: pending
|
|
|
|
upload-artifacts:
|
|
runs-on: ubuntu-22.04
|
|
needs:
|
|
- update-initial-status
|
|
steps:
|
|
- name: cd/configure-aws-credentials
|
|
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
|
|
with:
|
|
aws-region: us-east-1
|
|
aws-access-key-id: ${{ secrets.PR_BUILDS_BUCKET_AWS_ACCESS_KEY_ID }}
|
|
aws-secret-access-key: ${{ secrets.PR_BUILDS_BUCKET_AWS_SECRET_ACCESS_KEY }}
|
|
|
|
- name: cd/download-artifacts-from-PR-workflow
|
|
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
|
with:
|
|
run-id: ${{ github.event.workflow_run.id }}
|
|
github-token: ${{ github.token }}
|
|
name: server-dist-artifact
|
|
path: server/dist
|
|
|
|
- name: cd/generate-packages-file-list
|
|
working-directory: ./server/dist
|
|
run: |
|
|
echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"
|
|
ls | grep -E "*.(tar.gz|zip)$" >> "${GITHUB_ENV}"
|
|
echo "EOF" >> "${GITHUB_ENV}"
|
|
|
|
- name: cd/upload-artifacts-to-s3
|
|
run: aws s3 sync server/dist/ s3://pr-builds.mattermost.com/mattermost/commit/${{ github.event.workflow_run.head_sha }}/ --cache-control no-cache --no-progress --acl public-read
|
|
|
|
- name: cd/generate-summary
|
|
run: |
|
|
echo "### Download links for Mattermost team package" >> "${GITHUB_STEP_SUMMARY}"
|
|
echo " " >> "${GITHUB_STEP_SUMMARY}"
|
|
echo "Mattermost Repo SHA: \`${{ github.event.workflow_run.head_sha }}\`" >> "${GITHUB_STEP_SUMMARY}"
|
|
echo "|Download Link|" >> "${GITHUB_STEP_SUMMARY}"
|
|
echo "| --- |" >> "${GITHUB_STEP_SUMMARY}"
|
|
for package in ${PACKAGES_FILE_LIST}
|
|
do
|
|
echo "|[${package}](https://pr-builds.mattermost.com/mattermost/commit/${{ github.event.workflow_run.head_sha }}/${package})|" >> "${GITHUB_STEP_SUMMARY}"
|
|
done
|
|
|
|
build-docker:
|
|
runs-on: ubuntu-22.04
|
|
needs:
|
|
- upload-artifacts
|
|
outputs:
|
|
TAG: ${{ steps.set_tag.outputs.TAG }}
|
|
steps:
|
|
- name: cd/docker-login
|
|
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
|
|
with:
|
|
username: mattermostdev
|
|
password: ${{ secrets.DOCKERHUB_DEV_TOKEN }}
|
|
|
|
- name: cd/setup-cosign
|
|
uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
|
|
with:
|
|
cosign-release: v${{ env.COSIGN_VERSION }}
|
|
|
|
- name: cd/download-artifacts-from-PR-workflow
|
|
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
|
with:
|
|
run-id: ${{ github.event.workflow_run.id }}
|
|
github-token: ${{ github.token }}
|
|
name: server-build-artifact
|
|
path: server/build/
|
|
|
|
- name: cd/setup-docker-buildx
|
|
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
|
|
|
|
- name: cd/set-docker-tag
|
|
id: set_tag
|
|
run: |
|
|
echo "TAG=$(echo '${{ github.event.workflow_run.head_sha }}' | cut -c1-7)" >> $GITHUB_OUTPUT
|
|
|
|
- name: cd/docker-build-and-push
|
|
id: docker
|
|
env:
|
|
MM_PACKAGE: https://pr-builds.mattermost.com/mattermost/commit/${{ github.event.workflow_run.head_sha }}/mattermost-team-linux-amd64.tar.gz
|
|
TAG: ${{ steps.set_tag.outputs.TAG }}
|
|
run: |
|
|
cd server/build
|
|
docker buildx build --no-cache --platform linux/amd64 --push --build-arg MM_PACKAGE=${MM_PACKAGE} -t mattermostdevelopment/mm-te-test:${TAG} -t mattermostdevelopment/mattermost-team-edition:${TAG} .
|
|
echo "DOCKERHUB_IMAGE_DIGEST=$(cosign triangulate mattermostdevelopment/mattermost-team-edition:${TAG} | cut -d: -f2 | sed 's/\.sig$//' | tr '-' ':')" >> "${GITHUB_OUTPUT}"
|
|
|
|
- name: cd/generate-summary
|
|
env:
|
|
TAG: ${{ steps.set_tag.outputs.TAG }}
|
|
run: |
|
|
echo "### Docker Image for Mattermost team package" >> "${GITHUB_STEP_SUMMARY}"
|
|
echo " " >> "${GITHUB_STEP_SUMMARY}"
|
|
echo "Mattermost Repo SHA: \`${{ github.event.workflow_run.head_sha }}\`" >> "${GITHUB_STEP_SUMMARY}"
|
|
echo " " >> "${GITHUB_STEP_SUMMARY}"
|
|
echo "Docker Image: \`mattermostdevelopment/mattermost-team-edition:${TAG}\`" >> "${GITHUB_STEP_SUMMARY}"
|
|
echo "Image Digest: \`${{ steps.docker.outputs.DOCKERHUB_IMAGE_DIGEST }}\`" >> "${GITHUB_STEP_SUMMARY}"
|
|
echo "Secure Image: \`mattermostdevelopment/mattermost-team-edition:${TAG}@${{ steps.docker.outputs.DOCKERHUB_IMAGE_DIGEST }}\`" >> "${GITHUB_STEP_SUMMARY}"
|
|
|
|
scan-docker-image:
|
|
runs-on: ubuntu-22.04
|
|
needs:
|
|
- build-docker
|
|
env:
|
|
POLICY: "DevOps Vulnerabilities Policy"
|
|
steps:
|
|
- name: cd/setup-wizcli
|
|
run: |
|
|
curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64
|
|
chmod +x wizcli
|
|
./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET"
|
|
env:
|
|
WIZ_CLIENT_ID: ${{ secrets.WIZ_DEVOPS_CLIENT_ID }}
|
|
WIZ_CLIENT_SECRET: ${{ secrets.WIZ_DEVOPS_CLIENT_SECRET }}
|
|
|
|
- name: cd/download-container-image
|
|
run: |
|
|
docker pull mattermostdevelopment/mattermost-team-edition:${{ needs.build-docker.outputs.TAG }}
|
|
|
|
- name: cd/scan-image
|
|
run: |
|
|
./wizcli docker scan --image mattermostdevelopment/mattermost-team-edition:${{ needs.build-docker.outputs.TAG }} --policy "$POLICY"
|
|
|
|
update-failure-final-status:
|
|
if: (failure() || cancelled()) && github.event.workflow_run.event == 'pull_request'
|
|
runs-on: ubuntu-22.04
|
|
needs:
|
|
- build-docker
|
|
steps:
|
|
- uses: mattermost/actions/delivery/update-commit-status@d5174b860704729f4c14ef8489ae075742bfa08a
|
|
env:
|
|
GITHUB_TOKEN: ${{ github.token }}
|
|
with:
|
|
repository_full_name: ${{ github.repository }}
|
|
commit_sha: ${{ github.event.workflow_run.head_sha }}
|
|
context: Server CI/Artifacts Build
|
|
description: Artifacts upload and build for mattermost team platform
|
|
status: failure
|
|
|
|
update-success-final-status:
|
|
if: success() && github.event.workflow_run.event == 'pull_request'
|
|
runs-on: ubuntu-22.04
|
|
needs:
|
|
- build-docker
|
|
steps:
|
|
- uses: mattermost/actions/delivery/update-commit-status@d5174b860704729f4c14ef8489ae075742bfa08a
|
|
env:
|
|
GITHUB_TOKEN: ${{ github.token }}
|
|
with:
|
|
repository_full_name: ${{ github.repository }}
|
|
commit_sha: ${{ github.event.workflow_run.head_sha }}
|
|
context: Server CI/Artifacts Build
|
|
description: Artifacts upload and build for mattermost team platform
|
|
status: success
|