Skip to content
CI

CI #2222

Sign in to view logs

CI

CI #2222

Workflow file for this run

.github/workflows/main.yml at 7f34a9c
name: CI
on:
push:
branches: [main]
workflow_dispatch:
schedule:
- cron: "0 7 * * *"
permissions:
contents: write
issues: read
#pull-requests: write # to be able to comment on released pull requests
jobs:
build:
if: github.repository == 'devsecopsmaturitymodel/DevSecOps-MaturityModel'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false # This is important if you have branch protection rules!
- name: Semantic Release
uses: cycjimmy/semantic-release-action@v4
with:
branch: 'main'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Get Semantic Release Version
id: get-version
run: |
# Check if latest commit is a merge commit
if git log --format="%s" -1 | grep -q "^Merge pull request"; then
echo "✅ Merge commit detected, forcing patch release"
# Get last tag and increment patch
LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null | sed 's/^v//' || echo "0.0.0")
VERSION=$(echo $LAST_TAG | awk -F. '{$NF = $NF + 1;} 1' | sed 's/ /./g')
else
VERSION=$(npx semantic-release --dry-run 2>&1 | grep -o 'Release note for version [0-9]\+\.[0-9]\+\.[0-9]\+' | head -1 | grep -o '[0-9]\+\.[0-9]\+\.[0-9]\+')
fi
if [ -z "$VERSION" ]; then
echo "❌ No version could be detected by semantic-release"
echo "This usually means no commits warrant a release (no feat/fix/breaking changes)"
exit 1
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: show version
run: |
echo "Semantic Release Version: ${{ steps.get-version.outputs.version }}"
- name: setup qemu for multi-arch build
uses: docker/setup-qemu-action@v2
with:
platforms: amd64,arm64
- name: setup buildx
uses: docker/setup-buildx-action@v2
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
#registry: registry.hub.docker.com
username: wurstbrot
password: ${{ secrets.HUB_TOKEN }}
- name: create and push dsomm image
uses: docker/build-push-action@v3
with:
push: true
platforms: linux/amd64,linux/arm64
tags: wurstbrot/dsomm:${{ steps.get-version.outputs.version }},wurstbrot/dsomm:latest
build-args: |
COMMIT_HASH=${{ github.sha }}
COMMIT_DATE=${{ github.event.head_commit.timestamp }}
GIT_BRANCH=${{ github.ref_name }}
# Commit all changed files back to the repository
- uses: planetscale/ghcommit-action@v0.1.6
with:
commit_message: "🤖 fmt"
repo: ${{ github.repository }}
branch: ${{ github.head_ref || github.ref_name }}
env:
GITHUB_TOKEN: ${{secrets.ACCESS_TOKEN}}
heroku:
if: github.repository == 'devsecopsmaturitymodel/DevSecOps-MaturityModel' && github.event_name == 'push' && github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- name: "Check out Git repository"
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
- name: "Set Heroku app & branch for ${{ github.ref }}"
run: |
echo $GITHUB_REF
if [ "$GITHUB_REF" == "refs/heads/main" ]; then
echo "HEROKU_APP=" >> $GITHUB_ENV
echo "HEROKU_BRANCH=main" >> $GITHUB_ENV
fi
echo "HEROKU_BRANCH=main" >> $GITHUB_ENV
- name: Install Heroku CLI
run: |
curl https://cli-assets.heroku.com/install.sh | sh
- name: "Deploy ${{ github.ref }} to Heroku"
uses: akhileshns/heroku-deploy@v3.13.15
with:
heroku_api_key: ${{ secrets.HEROKU_API_KEY }}
heroku_app_name: "dsomm"
heroku_email: timo.pagel@owasp.org
branch: ${{ env.HEROKU_BRANCH }}
usedocker: true
docker_build_args: |
COMMIT_HASH
COMMIT_DATE
GIT_BRANCH
env:
COMMIT_HASH: ${{ github.sha }}
COMMIT_DATE: ${{ github.event.head_commit.timestamp }}
GIT_BRANCH: ${{ github.ref_name }}