--- name: Deploy super-linter release container images on: release: types: [published] workflow_dispatch: inputs: release_version: description: 'version to release. Ex: v4.3.2' required: true default: 'v' jobs: build: name: Deploy container image - Release runs-on: ubuntu-latest permissions: contents: read deployments: write issues: write packages: write strategy: fail-fast: false matrix: images: - container-image-id-prefix: slim- deployment-environment-identifier: Release-SLIM - container-image-id-prefix: "" deployment-environment-identifier: Release timeout-minutes: 60 steps: - name: Setup Docker BuildX uses: docker/setup-buildx-action@v2.2.1 - name: Login to DockerHub uses: docker/login-action@v2.0.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to GitHub Container Registry uses: docker/login-action@v2.0.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Get current release identifier # shellcheck disable=SC2062 run: | RELEASE_VERSION="${{ github.event.release.name }}" if [ -z "${RELEASE_VERSION}" ]; then echo "No release version found in environment, using input..." RELEASE_VERSION="${{ github.event.inputs.release_version }}" fi # Check the RELEASE_VERSION again if [ -z "${RELEASE_VERSION}" ]; then echo "Error RELEASE_VERSION is empty. Exiting..." exit 1 fi if ! echo "${RELEASE_VERSION}" | grep -E -o "v[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+"; then echo "Error: RELEASE_VERSION doesn't look like a semantic version: ${RELEASE_VERSION}" exit 2 fi { echo "RELEASE_VERSION=${RELEASE_VERSION}" echo "SEMVER_VERSION=${RELEASE_VERSION#v}" echo "SEMVER_MAJOR_VERSION=${SEMVER_VERSION%%.*}" echo "SEMVER_MAJOR_VERSION_WITH_PREFIX=v${SEMVER_MAJOR_VERSION}" } >> "${GITHUB_ENV}" - name: Start deployment for the ${{ matrix.images.deployment-environment-identifier }} environment uses: bobheadxi/deployments@v1.3.0 id: deployment with: step: start token: ${{ secrets.GITHUB_TOKEN }} env: ${{ matrix.images.deployment-environment-identifier }} # We don't rebuild the image to avoid that the latest tag and the release tags don't point to what the release tag is pointing to. # Instead, we pull the latest image and tag it. - name: Add release tags and push image uses: akhilerm/tag-push-action@v2.1.0 with: src: ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}latest dst: | github/super-linter:${{ matrix.images.container-image-id-prefix }}v4 github/super-linter:${{ matrix.images.container-image-id-prefix }}${{ env.RELEASE_VERSION }} ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}v4 ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}${{ env.RELEASE_VERSION }} - name: Checkout code uses: actions/checkout@v3 with: # Full git history is needed to get a proper list of commits and tags fetch-depth: 0 # We use ^{} to recursively deference the tag to get the commit the tag is pointing at. # Then, we use that reference to create new tags, so that the new tags point to the commit # the original tag was pointing to, and not to the original tag. # This notation is documented at https://git-scm.com/docs/gitrevisions#Documentation/gitrevisions.txt-emltrevgtemegemv0998em - name: Update the major version and latest tags run: | git tag --force "${SEMVER_MAJOR_VERSION_WITH_PREFIX}" "${RELEASE_VERSION}^{}" git tag --force latest "${RELEASE_VERSION}^{}" git push --force origin "refs/tags/${SEMVER_MAJOR_VERSION_WITH_PREFIX}" "refs/tags/latest" - name: Update the deployment status for the ${{ matrix.images.deployment-environment-identifier }} environment uses: bobheadxi/deployments@v1.3.0 if: always() with: step: finish token: ${{ secrets.GITHUB_TOKEN }} status: ${{ job.status }} deployment_id: ${{ steps.deployment.outputs.deployment_id }} env: ${{ steps.deployment.outputs.env }} env_url: https://github.com/github/super-linter/releases/tag/${{ env.RELEASE_VERSION }} - name: Create a GitHub issue on failure if: failure() uses: actions/github-script@v6 id: create-issue with: # https://octokit.github.io/rest.js/v18#issues-create github-token: ${{secrets.GITHUB_TOKEN}} script: | const create = await github.rest.issues.create({ owner: context.repo.owner, repo: context.repo.repo, title: "Failed to deploy release to production", body: "Automation has failed us! Failed to push release ${{ env.RELEASE_VERSION }}\nMore information can be found at:\n - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" }) console.log('create', create) return create.data.number - name: Assign admins to the issue created on failure uses: actions/github-script@v6 if: failure() with: github-token: ${{secrets.GITHUB_TOKEN}} script: | github.rest.issues.addAssignees({ owner: context.repo.owner, repo: context.repo.repo, issue_number: "${{ steps.create-issue.outputs.result }}", assignees: [ 'lindluni' ] })