Publish official Docker container #135
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- release/** | |
- develop | |
- feature/** | |
pull_request: | |
types: [opened, synchronize, reopened] | |
branches: | |
- release/** | |
- develop | |
- feature/** | |
merge_group: | |
workflow_dispatch: | |
inputs: | |
linkcheck_fail_on_error: | |
description: 'a boolean flag that determines if bad links found by the link checker fail fast and stop a complete build' | |
required: false | |
default: true | |
type: boolean | |
linkcheck_create_issue: | |
description: 'create new GitHub issue if broken links found' | |
required: false | |
default: false | |
type: boolean | |
name: Build and Test | |
env: | |
HOME_REPO: aj-stein-gsa/oscal-cli | |
IMAGE_NAME: aj-stein-gsa/oscal-cli-extended | |
REGISTRY: ghcr.io | |
# Docs: github.com/docker/metadata-action/?tab=readme-ov-file#typesha | |
DOCKER_METADATA_PR_HEAD_SHA: true | |
# https://github.com/docker/metadata-action?tab=readme-ov-file#annotations | |
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index | |
INPUT_FAIL_ON_ERROR: ${{ github.event.inputs.linkcheck_fail_on_error || 'true' }} | |
INPUT_ISSUE_ON_ERROR: ${{ github.event.inputs.linkcheck_create_issue || 'false' }} | |
MAVEN_VERSION: 3.9.8 | |
JAVA_DISTRO: 'temurin' | |
JAVA_VERSION_FILE: .java-version | |
jobs: | |
build-code: | |
name: Code | |
runs-on: ubuntu-20.04 | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 | |
with: | |
submodules: recursive | |
filter: tree:0 | |
# ------------------------- | |
# Java Environment Setup | |
# ------------------------- | |
- name: Set up Maven | |
uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 | |
with: | |
maven-version: ${{ env.MAVEN_VERSION }} | |
- name: Set up JDK | |
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 | |
with: | |
java-version-file: ${{ env.JAVA_VERSION_FILE }} | |
distribution: ${{ env.JAVA_DISTRO }} | |
cache: 'maven' | |
- name: Initialize CodeQL | |
if: github.event_name == 'push' | |
uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b | |
with: | |
languages: java | |
# ------------------------- | |
# Maven Build | |
# ------------------------- | |
- name: Build and Test Code | |
run: | | |
mvn -B -e -Prelease package | |
- name: Perform CodeQL Analysis | |
if: github.event_name == 'push' | |
uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b | |
with: | |
upload: ${{ github.ref_name == 'develop' && 'always' || 'never' }} | |
- if: github.repository == env.HOME_REPO | |
name: Container image QEMU setup for cross-arch builds | |
id: image_setup_qemu | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf | |
- if: github.repository == env.HOME_REPO | |
name: Container image buildx setup for cross-arch builds | |
id: image_setup_buildx | |
with: | |
platforms: linux/amd64,linux/arm64 | |
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db | |
- if: github.repository == env.HOME_REPO | |
name: Container image login | |
id: image_login | |
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- if: github.repository == env.HOME_REPO | |
name: Container image metadata and tag generation | |
id: image_metadata | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 | |
with: | |
images: | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
tags: | | |
type=sha,prefix=,suffix=,format=long | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
# flavor: | | |
# latest=true | |
annotations: | |
maintainers="Metaschema Community Admin <[email protected]>" | |
org.opencontainers.image.authors="Metaschema Community Admin <[email protected]>" | |
org.opencontainers.image.documentation="https://metaschema.dev" | |
org.opencontainers.image.source="https://github.com/metaschema-framework/oscal-cli" | |
org.opencontainers.image.vendor="Metaschema Community" | |
org.opencontainers.image.title="oscal-cli-extended" | |
org.opencontainers.image.description="Metaschema-powered CLI tool for processing OSCAL"" | |
org.opencontainers.image.licenses="CC0-1.0" | |
- if: github.repository == env.HOME_REPO && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/feature')) | |
name: Container image registry push | |
id: image_registry_push | |
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | |
with: | |
context: git-content | |
build-args: | | |
CONTAINER_BUILD=no | |
push: true | |
tags: ${{ steps.image_metadata.outputs.tags }} | |
labels: ${{ steps.image_metadata.outputs.annotations }} | |
platforms: linux/amd64,linux/arm64 | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- if: github.repository == env.HOME_REPO && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/feature')) | |
name: Container image push attestations | |
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c | |
with: | |
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} | |
subject-digest: ${{ steps.image_registry_push.outputs.digest }} | |
push-to-registry: false | |
build-website: | |
name: Website | |
runs-on: ubuntu-20.04 | |
permissions: | |
actions: read | |
contents: write | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 | |
with: | |
submodules: recursive | |
filter: tree:0 | |
# ------------------------- | |
# Java Environment Setup | |
# ------------------------- | |
- name: Set up Maven | |
uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 | |
with: | |
maven-version: ${{ env.MAVEN_VERSION }} | |
- name: Set up JDK | |
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 | |
with: | |
java-version-file: ${{ env.JAVA_VERSION_FILE }} | |
distribution: ${{ env.JAVA_DISTRO }} | |
cache: 'maven' | |
# ------------------------- | |
# Maven Build | |
# ------------------------- | |
- name: Build and Test Website | |
run: | | |
mvn -B -e -Prelease install site site:stage -Dmaven.test.skip=true | |
- name: Zip Artifacts for Upload | |
run: | | |
zip ${{ runner.temp }}/website.zip -r target/staging | |
- name: Upload generated site | |
uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 | |
with: | |
name: website | |
path: | | |
${{ runner.temp }}/website.zip | |
retention-days: 5 | |
- id: linkchecker | |
name: Link Checker | |
uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621 | |
with: | |
args: --verbose --no-progress --accept 200,206,429 './target/staging/**/*.html' --remap "https://github.com/metaschema-framework/oscal-cli/tree/develop/ file://${GITHUB_WORKSPACE}/" --remap "https://oscal-cli.metaschema.dev/ file://${GITHUB_WORKSPACE}/target/staging/" --exclude-mail | |
format: markdown | |
output: html-link-report.md | |
debug: true | |
fail: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
continue-on-error: true | |
- name: Upload link check report | |
uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 | |
with: | |
name: html-link-report | |
path: html-link-report.md | |
retention-days: 5 | |
- name: Create issue if bad links detected | |
if: ${{ !cancelled() && env.lychee_exit_code != 0 && env.INPUT_ISSUE_ON_ERROR == 'true' }} | |
uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd | |
with: | |
title: Scheduled Check of Website Content Found Bad Hyperlinks | |
content-filepath: ./lychee/out.md | |
labels: | | |
bug | |
documentation | |
- name: Fail on link check error | |
if: ${{ !cancelled() && env.lychee_exit_code != 0 && env.INPUT_FAIL_ON_ERROR == 'true' }} | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea | |
with: | |
script: | | |
core.setFailed('Link checker detected broken or invalid links, read attached report.') |