Skip to content

.github: Add Scorecard workflow (#40) #13

.github: Add Scorecard workflow (#40)

.github: Add Scorecard workflow (#40) #13

Workflow file for this run

#############################################################################
# Copyright (c) 2022 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##############################################################################
name: Master Branch Job
on:
push:
branches:
- main
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
Master:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
ref: "${{ github.event.pull_request.head.ref }}"
repository: "${{ github.event.pull_request.head.repo.full_name}}"
token: "${{ secrets.HICN_ACTIONS_TOKEN }}"
fetch-depth: 0
- name: run
id: run
run: |
echo $GITHUB_SHA
if git describe --tags --exact-match $GITHUB_SHA; then
echo ::set-output name=istag::'true'
else
echo ::set-output name=istag::'false'
fi
git describe --tags --exact-match $GITHUB_SHA | true
PROMOTE=$(echo "${{ github.event.head_commit.message }}" | \
grep -e "#promote" | \
awk '$0 ~ /#promote/ { print "promote" }')
PROMOTE_LEVEL=$(echo "${{ github.event.head_commit.message }}" | \
grep -E "#promote MAJOR|MINOR|PATCH" | \
awk -F '#promote' '{print $2}' | \
awk -F ' ' '{print $1}')
echo ::set-output name=promote::$PROMOTE
echo ::set-output name=promote-level::$PROMOTE_LEVEL
- name: 'Get Previous tag'
id: previoustag
uses: "WyriHaximus/github-action-get-previous-tag@v1"
with:
fallback: v0.0.0
- name: Create bump and changelog
id: cz
if: "!startsWith(github.event.head_commit.message, 'bump:') && steps.run.outputs.promote == 'promote' && steps.run.outputs.promote-level != ''"
uses: commitizen-tools/commitizen-action@master
with:
github_token: ${{ secrets.HICN_ACTIONS_TOKEN }}
increment: ${{ steps.run.outputs.promote-level }}
push: true
changelog: true
- name: Print Version
if: "!startsWith(github.event.head_commit.message, 'bump:') && steps.run.outputs.promote == 'promote' && steps.run.outputs.promote-level != ''"
run: echo "Bumped to version ${{ steps.cz.outputs.version }}"
- name: Build and push aar libraries
if: "startsWith(github.event.head_commit.message, 'bump:') && steps.run.outputs.istag == 'true'"
uses: elgohr/Publish-Docker-Github-Action@v5
env:
BASE_IMAGE: ghcr.io/${{github.repository}}/android-hicn:latest
GITHUB_USERNAME: ${{ secrets.HICN_BOT }}
GITHUB_PASSWORD: ${{ secrets.HICN_ACTIONS_TOKEN }}
GITHUB_MVN_REPO: 'https://maven.pkg.github.com/${{github.repository}}'
VERSION: ${{ steps.previoustag.outputs.tag }}
with:
name: ${{github.repository}}/android-build-aar
username: ${{ env.GITHUB_USERNAME }}
password: ${{ env.GITHUB_PASSWORD }}
registry: ghcr.io
dockerfile: android/ci/Dockerfile
buildargs: BASE_IMAGE,GITHUB_USERNAME,GITHUB_PASSWORD,GITHUB_MVN_REPO,VERSION
no_push: true
context: android