-
Notifications
You must be signed in to change notification settings - Fork 0
137 lines (116 loc) · 3.84 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Build
on: [push, pull_request]
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
node-version: [12.x]
os: [ubuntu-latest]
steps:
- id: setup-node
name: Setup Node
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node-version }}
- name: Check out code repository source code
uses: actions/checkout@v2
- name: Install dependencies
run: yarn
- name: Run tests
run: yarn test
- name: Verify NPM module builds
run: yarn build
- name: Verify that Docker image builds
run: docker build .
npm:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
needs: test
outputs:
didpublishnpm: ${{ steps.build-and-publish.outputs.didpublishnpm }}
strategy:
fail-fast: false
matrix:
node: [12]
steps:
- name: Initialize Output
run: echo "::set-output name=didpublishnpm::false"
- name: Check out repo
uses: actions/checkout@v2
with:
fetch-depth: 2
- name: Check if publish needed
run: |
name="$(jq -r .name package.json)"
npmver="$(npm show $name version || echo v0.0.0)"
pkgver="$(jq -r .version package.json)"
if [ "$npmver" = "$pkgver" ]
then
echo "Package version ($pkgver) is the same as last published NPM version ($npmver), skipping publish."
else
echo "Package version ($pkgver) is different from latest NPM version ($npmver), publishing!"
echo "shouldpublishnpm=true" >> $GITHUB_ENV
fi
- name: Setup Node
if: env.shouldpublishnpm
uses: actions/setup-node@v1
with:
node-version: 12.x
- name: Build and Publish
id: build-and-publish
if: env.shouldpublishnpm
env:
NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
run: |
echo "//registry.npmjs.org/:_authToken=${NPM_AUTH_TOKEN}" > .npmrc
yarn install
yarn build
npm publish ./dist --access public
echo "::set-output name=didpublishnpm::true"
docker:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
needs: [test, npm]
permissions:
id-token: write
contents: read
packages: write
steps:
- name: Check out source code
uses: actions/checkout@v2
- name: Detect Dockerfile changes
uses: dorny/paths-filter@v2
id: filter
with:
filters: |
dockerchanged:
- 'Dockerfile'
- name: Should Build?
if: steps.filter.outputs.dockerchanged == 'true' || needs.npm.outputs.didpublishnpm == 'true'
run: |
echo "Dockerfile changed, and/or new NPM module published. Need to update Docker image."
echo "need_docker_build=true" >> $GITHUB_ENV
- name: Login to DockerHub Registry
if: env.need_docker_build
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GHCR
if: env.need_docker_build
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build the latest Docker image
if: env.need_docker_build
run: docker build . --file Dockerfile --tag jupiterone/peril:latest --tag ghcr.io/jupiterone/peril:latest
- name: Push the latest Docker image to DockerHub
if: env.need_docker_build
run: docker push jupiterone/peril:latest
- name: Push the latest Docker image to GHCR
if: env.need_docker_build
run: docker push ghcr.io/jupiterone/peril:latest