fix: fix unauthorized if flashed before protected page is shown #940
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
branches: | |
- main | |
jobs: | |
semantic-release: | |
runs-on: ubuntu-latest | |
outputs: | |
release-version: ${{ steps.semantic.outputs.release-version }} | |
new-release-published: ${{ steps.semantic.outputs.new-release-published }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
with: | |
token: ${{ secrets.FLANKBOT }} | |
- uses: codfish/semantic-release-action@cbd853afe12037afb1306caca9d6b1ab6a58cf2a # v1.10.0 | |
id: semantic | |
with: | |
additional_packages: | | |
['@semantic-release/git'] | |
env: | |
GITHUB_TOKEN: ${{ secrets.FLANKBOT }} | |
docker: | |
needs: semantic-release | |
runs-on: ubuntu-latest | |
if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: Publish canary-checker-ui to Registry | |
uses: elgohr/Publish-Docker-Github-Action@742a180fa47f3adfb5115902ae4955acc6ad769b # v4 | |
env: | |
APP_DEPLOYMENT: CANARY_CHECKER | |
WITHOUT_AUTH: "true" | |
with: | |
name: flanksource/canary-checker-ui | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
buildargs: APP_DEPLOYMENT,WITHOUT_AUTH | |
snapshot: true | |
tags: "latest,v${{ needs.semantic-release.outputs.release-version }}" | |
- name: Publish incident-manager-ui to Registry | |
uses: elgohr/Publish-Docker-Github-Action@742a180fa47f3adfb5115902ae4955acc6ad769b # v4 | |
env: | |
APP_DEPLOYMENT: "INCIDENT_MANAGER" | |
WITHOUT_AUTH: "false" | |
with: | |
name: flanksource/incident-manager-ui | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
buildargs: APP_DEPLOYMENT,WITHOUT_AUTH | |
snapshot: true | |
tags: "latest,v${{ needs.semantic-release.outputs.release-version }}" | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR Public | |
id: login-ecr-public | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
registry-type: public | |
- name: Publish canary-checker-ui to ECR Public | |
env: | |
REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} | |
REGISTRY_ALIAS: k4y9r6y5 | |
REPOSITORY: canary-checker-ui | |
IMAGE_TAG: "v${{ needs.semantic-release.outputs.release-version }}" | |
APP_DEPLOYMENT: CANARY_CHECKER | |
WITHOUT_AUTH: "true" | |
run: | | |
docker build --build-arg APP_DEPLOYMENT --build-arg WITHOUT_AUTH -t $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG . | |
docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG | |
- name: Publish incident-manager-ui to ECR Public | |
env: | |
REGISTRY: ${{ steps.login-ecr-public.outputs.registry }} | |
REGISTRY_ALIAS: k4y9r6y5 | |
REPOSITORY: incident-manager-ui | |
IMAGE_TAG: "v${{ needs.semantic-release.outputs.release-version }}" | |
APP_DEPLOYMENT: "INCIDENT_MANAGER" | |
WITHOUT_AUTH: "false" | |
run: | | |
docker build --build-arg APP_DEPLOYMENT --build-arg WITHOUT_AUTH -t $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG . | |
docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG | |
helm: | |
runs-on: ubuntu-latest | |
needs: [semantic-release, docker] | |
if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: Download yq | |
run: | | |
wget -nv -nc -O yq https://github.com/mikefarah/yq/releases/download/v4.20.2/yq_linux_amd64 | |
chmod +x yq | |
- name: Update chart version | |
run: ./yq -i e '.version = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml | |
- name: Update app version | |
run: ./yq -i e '.appVersion = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml | |
- name: Update image tags | |
run: ./yq -i e '.image.tag = "v${{ needs.semantic-release.outputs.release-version }}"' chart/values.yaml | |
- name: Set up Helm | |
uses: azure/setup-helm@18bc76811624f360dbd7f18c2d4ecb32c7b87bab # v1.1 | |
with: | |
version: v3.8.0 | |
- name: Package Helm chart | |
run: | | |
helm package ./chart | |
- name: Clone charts repo | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
with: | |
repository: "${{ github.repository_owner }}/charts" | |
path: charts | |
token: "${{ secrets.FLANKBOT }}" | |
- name: Update chart repo | |
run: | | |
cd charts | |
cp ../flanksource-ui-*.tgz ./ | |
helm repo index --merge index.yaml . | |
- name: Push changes to chart repo | |
uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4.16.0 | |
with: | |
commit_message: "Release ${{ needs.semantic-release.outputs.release-version }} of ${{ github.repository }}" | |
branch: gh-pages | |
repository: ./charts | |
update-canary-checker: | |
runs-on: ubuntu-latest | |
needs: [docker, helm, semantic-release] | |
if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
with: | |
repository: "${{ github.repository_owner }}/canary-checker" | |
token: ${{ secrets.FLANKBOT }} | |
path: ./canary-checker | |
- name: Install yq | |
run: | | |
wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - |\ | |
tar xz && sudo mv ${BINARY} /usr/bin/yq | |
env: | |
VERSION: v4.25.1 | |
BINARY: yq_linux_amd64 | |
- name: Update flanksource-ui version in canary-checker | |
run: | | |
cd canary-checker | |
yq eval-all -i '(.dependencies[] | select(.name == "flanksource-ui")) ref $d | $d.version = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml | |
- name: Create pull request | |
uses: peter-evans/create-pull-request@v6 | |
with: | |
commit-message: "chore: update flanksource-ui to ${{ needs.semantic-release.outputs.release-version }}" | |
token: ${{ secrets.FLANKBOT }} | |
title: "chore: update flanksource-ui to ${{ needs.semantic-release.outputs.release-version }}" | |
branch: "update-flanksource-ui" | |
path: ./canary-checker | |
update-incident-commander: | |
runs-on: ubuntu-latest | |
needs: [docker, helm, semantic-release] | |
if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
with: | |
repository: "${{ github.repository_owner }}/incident-commander-chart" | |
token: ${{ secrets.FLANKBOT }} | |
path: ./incident-commander-chart | |
- name: Install yq | |
run: | | |
wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - |\ | |
tar xz && sudo mv ${BINARY} /usr/bin/yq | |
env: | |
VERSION: v4.25.1 | |
BINARY: yq_linux_amd64 | |
- name: Update flanksource-ui version in Incident-commander | |
run: | | |
cd incident-commander-chart | |
yq eval-all -i '(.dependencies[] | select(.name == "flanksource-ui")) ref $d | $d.version = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml | |
- name: Push changes to chart repo | |
uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4.16.0 | |
with: | |
commit_message: "chore: update flanksource-ui chart dependency to ${{ needs.semantic-release.outputs.release-version }}" | |
repository: ./incident-commander-chart |