-
Notifications
You must be signed in to change notification settings - Fork 0
147 lines (138 loc) · 4.99 KB
/
artifacts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
on:
push:
branches:
- main
pull_request:
release:
types: [ created ]
name: Build artifacts
permissions:
id-token: write
pull-requests: write
packages: write
contents: write
jobs:
upload-release:
if: ${{ github.event_name == 'release' }}
name: Upload nginx configuration artifacts
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: RDXWorks-actions/checkout@main
- name: Generate artifacts
run: |
bash generate_artifact.sh
- name: Upload Full Node Release Asset
uses: RDXWorks-actions/action-gh-release@master
with:
files: |
babylon-nginx-fullnode-conf.zip
build-push-container-private:
if: github.event_name == 'pull_request'
name: Private
uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
with:
# image information
image_registry: "docker.io"
image_organization: "radixdlt"
image_name: "private-babylon-nginx"
tags: |
${{ github.head_ref }}
development-latest
# build information
restore_artifact: "false"
context: "."
dockerfile: "./Dockerfile.alpine"
platforms: "linux/amd64,linux/arm64"
# optimizations
cache_tag_suffix: "pr"
scan_image: true
snyk_target_ref: ${{ github.ref_name }}
build-push-container-docker:
name: Dockerhub
if: github.event_name == 'release'
uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
with:
# image information
image_registry: "docker.io"
image_organization: "radixdlt"
image_name: "babylon-nginx"
tags: |
${{ github.event.release.tag_name }}
development-latest
# build information
restore_artifact: "false"
context: "."
dockerfile: "./Dockerfile.alpine"
platforms: "linux/amd64,linux/arm64"
# optimizations
cache_tag_suffix: "release"
enable_dockerhub: "true"
scan_image: true
snyk_target_ref: ${{ github.ref_name }}
secrets:
role_to_assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }}
snyk-monitor-devops:
if: always()
runs-on: ubuntu-latest
needs:
- build-push-container-docker
- build-push-container-private
permissions:
id-token: write
pull-requests: read
contents: read
deployments: write
steps:
- if: github.event_name == 'pull_request'
uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main
with:
role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
app_name: 'babylon-nginx'
dockerhub_secret_name: ${{ secrets.AWS_SECRET_NAME_DOCKERHUB }}
snyk_secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
snyk_org_id: ${{ secrets.SNYK_DEVOPS_ORG_ID }}
image: docker.io/radixdlt/private-babylon-nginx:${{ needs.build-push-container-private.outputs.default_tag }}
target_ref: ${{ github.ref_name }}
- if: github.event_name == 'release'
uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main
with:
role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
app_name: 'babylon-nginx'
dockerhub_secret_name: ${{ secrets.AWS_SECRET_NAME_DOCKERHUB }}
snyk_secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
snyk_org_id: ${{ secrets.SNYK_DEVOPS_ORG_ID }}
image: docker.io/radixdlt/babylon-nginx:${{ needs.build-push-container-docker.outputs.default_tag }}
target_ref: ${{ github.ref_name }}
snyk-monitor-network:
if: always()
runs-on: ubuntu-latest
needs:
- build-push-container-docker
- build-push-container-private
permissions:
id-token: write
pull-requests: read
contents: read
deployments: write
steps:
- if: github.event_name == 'pull_request'
uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main
with:
role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
app_name: 'babylon-nginx'
dockerhub_secret_name: ${{ secrets.AWS_SECRET_NAME_DOCKERHUB }}
snyk_secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
snyk_org_id: ${{ secrets.SNYK_NETWORK_ORG_ID }}
image: docker.io/radixdlt/private-babylon-nginx:${{ needs.build-push-container-private.outputs.default_tag }}
target_ref: ${{ github.ref_name }}
- if: github.event_name == 'release'
uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main
with:
role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
app_name: 'babylon-nginx'
dockerhub_secret_name: ${{ secrets.AWS_SECRET_NAME_DOCKERHUB }}
snyk_secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
snyk_org_id: ${{ secrets.SNYK_NETWORK_ORG_ID }}
image: docker.io/radixdlt/babylon-nginx:${{ needs.build-push-container-docker.outputs.default_tag }}
target_ref: ${{ github.ref_name }}