-
-
Notifications
You must be signed in to change notification settings - Fork 2
135 lines (117 loc) · 5.3 KB
/
cloudsec.c7n-mailer.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: cloudsec.c7n-mailer
# This workflow is triggered on pushes to the repository.
on:
push:
paths:
- c7n-mailer/**
- .github/workflows/cloudsec.c7n-mailer.yaml
workflow_dispatch:
inputs:
push:
description: Push to docker registry
required: true
default: false
type: boolean
env:
WORKSPACE: c7n-mailer
DOCKER_REPO: cloudkats
DOCKER_IMAGE: c7n-mailer
GREP_VERSION: "PACKAGE_VERSION="
jobs:
buildonpush:
name: BuildOnPush
runs-on: ubuntu-latest
if: >-
github.event_name == 'workflow_dispatch' && github.event.inputs.push == 'true'
|| github.event_name == 'push' && (github.event.created == false && github.event.forced == false)
steps:
- uses: actions/checkout@v3
- uses: brpaz/[email protected]
env:
XDG_CONFIG_HOME: ${{ env.WORKSPACE }}/hadolint.yaml
with:
dockerfile: ${{ env.WORKSPACE }}/Dockerfile
- name: Login to Registry
run: |
echo "${DOCKER_PASSWORD}" | docker login -u ${DOCKER_USERNAME} --password-stdin
env:
DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
- name: prepare
id: prep
working-directory: ${{ env.WORKSPACE }}
run: |
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Strip "v" prefix from tag name
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
IMAGE_ID="${DOCKER_REPO}/${DOCKER_IMAGE}"
echo "::set-output name=ACTION_RUN_URL::https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}"
echo "::set-output name=ACTION_WORKFLOW_URL::https://github.com/${{github.repository}}/actions/workflows/${{github.action}}.yml"
echo "::set-output name=DOCKER_VERSION::$(cat Dockerfile | grep "$GREP_VERSION" | tr "=" " " | awk '{print $3}')"
echo ::set-output name=version::${VERSION}
echo ::set-output name=tag_date::$(date -u +'%Y-%m')
echo ::set-output name=sha::${GITHUB_SHA::8}
echo ::set-output name=image_id::${IMAGE_ID}
- name: build & push docker image
working-directory: ${{ env.WORKSPACE }}
env:
IMAGE_ID: ${{ steps.prep.outputs.image_id }}
IMAGE: ${{ env.DOCKER_IMAGE }}
TAG_VERSION_DATE: ${{ steps.prep.outputs.tag_date }}
TAG_VERSION_SHA: ${{ steps.prep.outputs.sha }}
TAG_VERSION: ${{ steps.prep.outputs.version }}
CREATED: ${{ steps.prep.outputs.tag_date }}
BUILD_URL: ${{ steps.prep.outputs.action_run_url }}
IMAGE_VERSION: ${{ steps.prep.outputs.docker_version }}
run: |
../bin/build.sh
../bin/push.sh
- name: docker hub description
uses: peter-evans/[email protected]
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
repository: ${{ env.DOCKER_REPO }}/${{ env.DOCKER_IMAGE }}
readme-filepath: ${{ env.WORKSPACE }}/README.md
short-description: "Unoficial Docker image with a mailer implementation for Custodian. Outbound mail delivery is still somewhat organization-specific"
build-on-merge-request:
name: build-on-merge-request
runs-on: ubuntu-latest
if: >-
github.event_name == 'workflow_dispatch' && github.event.inputs.push == 'false'
|| github.event_name == 'push' && (github.event.created == true || github.event.forced == true)
steps:
- uses: actions/checkout@v3
- uses: brpaz/[email protected]
env:
XDG_CONFIG_HOME: ${{ env.WORKSPACE }}/hadolint.yaml
with:
dockerfile: ${{ env.WORKSPACE }}/Dockerfile
- name: prepare
id: prep
working-directory: ${{ env.WORKSPACE }}
run: |
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Strip "v" prefix from tag name
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
IMAGE_ID="${DOCKER_REPO}/${DOCKER_IMAGE}"
echo "::set-output name=ACTION_RUN_URL::https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}"
echo "::set-output name=ACTION_WORKFLOW_URL::https://github.com/${{github.repository}}/actions/workflows/${{github.action}}.yml"
echo "::set-output name=DOCKER_VERSION::$(cat Dockerfile | grep "$GREP_VERSION" | tr "=" " " | awk '{print $3}')"
echo ::set-output name=version::${VERSION}
echo ::set-output name=tag_date::$(date -u +'%Y-%m')
echo ::set-output name=sha::${GITHUB_SHA::8}
echo ::set-output name=image_id::${IMAGE_ID}
- name: build
working-directory: ${{ env.WORKSPACE }}
env:
IMAGE_ID: ${{ steps.prep.outputs.image_id }}
IMAGE: ${{ env.DOCKER_IMAGE }}
TAG_VERSION_DATE: ${{ steps.prep.outputs.tag_date }}
TAG_VERSION_SHA: ${{ steps.prep.outputs.sha }}
TAG_VERSION: ${{ steps.prep.outputs.version }}
CREATED: ${{ steps.prep.outputs.tag_date }}
BUILD_URL: ${{ steps.prep.outputs.action_run_url }}
IMAGE_VERSION: ${{ steps.prep.outputs.docker_version }}
run: |
../bin/build.sh