Add hard coded #34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build with evidence | |
| on: | |
| [push, workflow_dispatch] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| Docker-build-with-evidence: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install jfrog cli | |
| uses: jfrog/setup-jfrog-cli@v4 | |
| with: | |
| version: 2.71.2 # remove | |
| env: | |
| JF_URL: ${{ vars.ARTIFACTORY_URL }} | |
| JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} | |
| - uses: actions/checkout@v4 | |
| #todo: remove build_name (there is a default one in cli) | |
| - name: Log in to Artifactory Docker Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ vars.ARTIFACTORY_URL }} | |
| username: ${{ secrets.JF_USER }} # ask if not admin | |
| password: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| platforms: linux/amd64,linux/arm64 | |
| install: true | |
| - name: Build Docker image | |
| run: | | |
| URL=$(echo ${{ vars.ARTIFACTORY_URL }} | sed 's|^https://||') | |
| REPO_URL=${URL}'/example-project-docker-dev-virtual' | |
| docker build --build-arg REPO_URL=${REPO_URL} -f Dockerfile . \ | |
| --tag ${REPO_URL}/example-project-app:${{ github.run_number }} \ | |
| --output=type=image --platform linux/amd64 --metadata-file=build-metadata --push | |
| jfrog rt build-docker-create example-project-docker-dev --image-file build-metadata --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} | |
| - name: Evidence on docker | |
| run: | | |
| echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json | |
| jf evd create --package-name example-project-app --package-version 32 --package-repo-name example-project-docker-dev \ | |
| --key "${{ secrets.PRIVATE_KEY }}" \ | |
| --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 | |
| echo '🔎 Evidence attached: `signature` :lock_with_ink_pen: ' | |
| - name: Publish build info | |
| run: jfrog rt build-publish ${{ vars.BUILD_NAME }} ${{ github.run_number }} | |
| # todo sign the buildinfo file | |
| - name: Sign build evidence | |
| run: | | |
| echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json | |
| jf evd create --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} \ | |
| --predicate ./sign.json --predicate-type https://jfrog.com/evidence/build-signature/v1 \ | |
| --key "${{ secrets.PRIVATE_KEY }}" | |
| echo '🔎 Evidence attached: `build-signature` :lock_with_ink_pen: ' >> $GITHUB_STEP_SUMMARY | |
| - name: Create release bundle | |
| run: | | |
| echo '{ "files": [ {"build": "'"${{ vars.BUILD_NAME }}/${{ github.run_number }}"'" } ] }' > bundle-spec.json | |
| jf release-bundle-create ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} --signing-key PGP-RSA-2048 --spec bundle-spec.json | |
| NAME_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&repositoryKey=example-project-release-bundles-v2&activeKanbanTab=promotion' | |
| VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=example-project-release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion' | |
| echo '📦 Release bundle ['${{ vars.BUNDLE_NAME }}']('${NAME_LINK}'):['${{ github.run_number }}']('${VER_LINK}')buig created' >> $GITHUB_STEP_SUMMARY | |
| # todo:: add evidence on generic file (readme.md) | |
| - name: Upload readme file | |
| run: | | |
| jf rt upload ./README.md example-project-generic-dev/readme/${{ github.run_number }}/ --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} | |
| jf evd create --subject-repo-path example-project-generic-dev/readme/${{ github.run_number }}/README.md \ | |
| --key "${{ secrets.PRIVATE_KEY }}" \ | |
| --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 | |
| Evidence-on-release-bundle: | |
| needs: Docker-build-with-evidence | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install jfrog cli | |
| uses: jfrog/setup-jfrog-cli@v4 | |
| with: | |
| version: 2.71.2 | |
| env: | |
| JF_URL: ${{ vars.ARTIFACTORY_URL }} | |
| JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} | |
| - uses: actions/checkout@v4 | |
| - name: Evidence on release-bundle v2 | |
| run: | | |
| echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > rbv2_evidence.json | |
| JF_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion' | |
| echo 'Test on Release bundle ['${{ vars.BUNDLE_NAME }}':'${{ github.run_number }}']('${JF_LINK}') success' >> $GITHUB_STEP_SUMMARY | |
| jf evd create --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \ | |
| --predicate ./rbv2_evidence.json --predicate-type https://jfrog.com/evidence/integration-test/v1 \ | |
| --key "${{ secrets.PRIVATE_KEY }}" | |
| echo '🔎 Evidence attached: integration-test 🧪 ' >> $GITHUB_STEP_SUMMARY |