Release (Nightly) #763
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release (Nightly) | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "30 22 * * *" # nightly @ 10:30 PM UTC | |
| permissions: | |
| contents: write | |
| packages: write | |
| env: | |
| GO_VERSION: "1.23" | |
| jobs: | |
| nightly-build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| name: linux | |
| - os: macos-latest | |
| name: darwin | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| check-latest: true | |
| cache: true | |
| - uses: actions/cache@v4 | |
| with: | |
| path: _tools/ | |
| key: ${{ runner.os }}-go-tools${{ hashFiles('_tools/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go-tools- | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "18" | |
| - name: Install GCC for arm64 | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| sudo apt-get update && \ | |
| sudo apt-get install -y gcc-aarch64-linux-gnu | |
| - name: Install Quill | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| curl -sSfL https://raw.githubusercontent.com/anchore/quill/main/install.sh | sh -s -- -b $GITHUB_WORKSPACE/bin | |
| echo "${GITHUB_WORKSPACE}/bin" >> $GITHUB_PATH | |
| - name: Install Mage | |
| uses: magefile/mage-action@v3 | |
| with: | |
| # mac build currently doesn't exist for v1.15.0 https://github.com/magefile/mage/issues/481 | |
| version: v1.14.0 | |
| install-only: true | |
| - name: Prep Build | |
| run: mage prep | |
| - name: Git Tag | |
| run: | | |
| echo "GORELEASER_CURRENT_TAG=$(git describe --tags --match='v[0-9]*' `git rev-list --tags --max-count=1`)" >> $GITHUB_ENV | |
| - name: GoReleaser (Nightly) Build | |
| uses: goreleaser/goreleaser-action@v6 | |
| with: | |
| distribution: goreleaser-pro | |
| version: "~> v2.3.0" | |
| args: release --clean --nightly -f .goreleaser.${{ matrix.name }}.yml | |
| env: | |
| GORELEASER_CURRENT_TAG: ${{ env.GORELEASER_CURRENT_TAG }} | |
| GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| ANALYTICS_WRITE_KEY: ${{ secrets.ANALYTICS_WRITE_KEY }} | |
| ANALYTICS_WRITE_ENDPOINT: ${{ secrets.ANALYTICS_WRITE_ENDPOINT }} | |
| QUILL_SIGN_P12: ${{ secrets.QUILL_SIGN_P12 }} | |
| QUILL_SIGN_PASSWORD: ${{ secrets.QUILL_SIGN_PASSWORD }} | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: flipt-nightly-${{ matrix.name }} | |
| path: dist/flipt_${{ matrix.name }}_*/flipt | |
| nightly-release: | |
| runs-on: ubuntu-latest | |
| needs: nightly-build | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| check-latest: true | |
| cache: true | |
| - uses: docker/setup-qemu-action@v3 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: "${{ github.repository_owner }}" | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: flipt-nightly-linux | |
| path: tmp/dist | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: flipt-nightly-darwin | |
| path: tmp/dist | |
| - name: Install Syft | |
| run: | | |
| curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin | |
| - name: Git Tag | |
| run: | | |
| echo "GORELEASER_CURRENT_TAG=$(git describe --tags --match='v[0-9]*' `git rev-list --tags --max-count=1`)" >> $GITHUB_ENV | |
| - name: GoReleaser (Nightly) Release | |
| uses: goreleaser/goreleaser-action@v6 | |
| with: | |
| distribution: goreleaser-pro | |
| version: "~> v2.3.0" | |
| args: release --nightly -f .goreleaser.nightly.yml | |
| env: | |
| GORELEASER_CURRENT_TAG: ${{ env.GORELEASER_CURRENT_TAG }} | |
| GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| stackhawk: | |
| name: HawkScan | |
| runs-on: ubuntu-latest | |
| needs: nightly-release | |
| services: | |
| flipt: | |
| image: flipt/flipt:nightly # <-- this is the image name from the previous job | |
| ports: | |
| - 8080:8080 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-java@v4 | |
| with: | |
| distribution: "temurin" | |
| java-version: "17" | |
| - name: Update HawkScan Configuration | |
| uses: mikefarah/yq@master | |
| with: | |
| cmd: yq -i '.app.env = "Nightly"' stackhawk.yml | |
| - name: Run HawkScan | |
| uses: stackhawk/hawkscan-action@v2.2.0 | |
| with: | |
| apiKey: ${{ secrets.HAWK_API_KEY }} |