anti
8124424e96
Some checks failed
CI / Lint (ruff) (push) Failing after 18s
CI / SAST (bandit) (push) Successful in 18s
CI / Dependency audit (pip-audit) (push) Successful in 27s
CI / Test (Standard) (3.11) (push) Has been skipped
CI / Test (Standard) (3.12) (push) Has been skipped
CI / Test (Live) (3.11) (push) Has been skipped
CI / Test (Fuzz) (3.11) (push) Has been skipped
CI / Merge dev → testing (push) Has been skipped
CI / Prepare Merge to Main (push) Has been skipped
CI / Finalize Merge to Main (push) Has been skipped
136 lines
3.7 KiB
YAML
136 lines
3.7 KiB
YAML
name: Release
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
paths-ignore:
|
|
- "**/*.md"
|
|
- "docs/**"
|
|
|
|
env:
|
|
REGISTRY: git.resacachile.cl
|
|
OWNER: anti
|
|
|
|
jobs:
|
|
tag:
|
|
name: Auto-tag release
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
version: ${{ steps.version.outputs.version }}
|
|
tag_created: ${{ steps.tag.outputs.created }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
token: ${{ secrets.DECNET_PR_TOKEN }}
|
|
|
|
- name: Configure git
|
|
run: |
|
|
git config user.name "DECNET CI"
|
|
git config user.email "ci@decnet.local"
|
|
|
|
- name: Bump version and Tag
|
|
id: version
|
|
run: |
|
|
# Calculate next version (v0.x)
|
|
LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0")
|
|
NEXT_VER=$(python3 -c "
|
|
tag = '$LATEST_TAG'.lstrip('v')
|
|
parts = tag.split('.')
|
|
major = int(parts[0]) if parts[0] else 0
|
|
minor = int(parts[1]) if len(parts) > 1 else 0
|
|
print(f'{major}.{minor + 1}')
|
|
")
|
|
|
|
echo "Next version: $NEXT_VER (calculated from $LATEST_TAG)"
|
|
|
|
# Update pyproject.toml
|
|
sed -i "s/^version = \".*\"/version = \"$NEXT_VER\"/" pyproject.toml
|
|
|
|
git add pyproject.toml
|
|
git commit -m "chore: auto-release v$NEXT_VER [skip ci]" || echo "No changes to commit"
|
|
CHANGELOG=$(git log ${LATEST_TAG}..HEAD --oneline --no-decorate --no-merges)
|
|
git tag -a "v$NEXT_VER" -m "Auto-release v$NEXT_VER
|
|
|
|
Changes since $LATEST_TAG:
|
|
$CHANGELOG"
|
|
git push origin main --follow-tags
|
|
|
|
echo "version=$NEXT_VER" >> $GITHUB_OUTPUT
|
|
echo "created=true" >> $GITHUB_OUTPUT
|
|
|
|
docker:
|
|
name: Build, scan & push ${{ matrix.service }}
|
|
runs-on: ubuntu-latest
|
|
needs: tag
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
service:
|
|
- conpot
|
|
- docker_api
|
|
- elasticsearch
|
|
- ftp
|
|
- http
|
|
- imap
|
|
- k8s
|
|
- ldap
|
|
- llmnr
|
|
- mongodb
|
|
- mqtt
|
|
- mssql
|
|
- mysql
|
|
- pop3
|
|
- postgres
|
|
- rdp
|
|
- redis
|
|
- sip
|
|
- smb
|
|
- smtp
|
|
- snmp
|
|
- ssh
|
|
- telnet
|
|
- tftp
|
|
- vnc
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Log in to Gitea container registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ secrets.REGISTRY_USER }}
|
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
|
|
|
- name: Build image locally
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: templates/${{ matrix.service }}
|
|
load: true
|
|
push: false
|
|
tags: decnet-${{ matrix.service }}:scan
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|
|
- name: Install Trivy
|
|
run: |
|
|
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
|
|
|
|
- name: Scan with Trivy
|
|
run: |
|
|
trivy image --exit-code 1 --severity CRITICAL --ignore-unfixed decnet-${{ matrix.service }}:scan
|
|
|
|
- name: Push image
|
|
if: success()
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: templates/${{ matrix.service }}
|
|
push: true
|
|
tags: |
|
|
${{ env.REGISTRY }}/${{ env.OWNER }}/decnet-${{ matrix.service }}:latest
|
|
${{ env.REGISTRY }}/${{ env.OWNER }}/decnet-${{ matrix.service }}:v${{ needs.tag.outputs.version }}
|
|
cache-from: type=gha
|