diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 684ecd22..94d5ae0d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -8,48 +8,305 @@ permissions: contents: read jobs: - publish: - runs-on: ubuntu-20.04 + # publish: + # runs-on: ubuntu-20.04 + # steps: + # - name: Check out the repo + # uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + + # - name: Setup Golang + # uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 + # with: + # go-version: '1.19' + + # - name: Set up QEMU + # uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 + + # - name: Extract metadata (tags, labels) for Docker + # id: meta + # uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 + # with: + # images: lfedge/edge-home-orchestration-go + # tags: | + # type=semver,pattern={{version}} + + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 + + # - name: Log in to Docker Hub + # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d + # with: + # username: ${{ secrets.DOCKERHUB_USERNAME }} + # password: ${{ secrets.DOCKERHUB_PASSWORD }} + + # - name: Copy Dockerfile + # run: | + # make distclean + # cp configs/defdockerfiles/ubuntu_multistage Dockerfile + + # - name: Build and push + # uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 + # with: + # context: . + # build-args: TARGETVERSION=v${{ steps.meta.outputs.version }} + # platforms: linux/amd64,linux/arm64,linux/arm/v7 + # push: true + # tags: ${{ steps.meta.outputs.tags }} + # labels: ${{ steps.meta.outputs.labels }} + + # Create Release + create-release: + permissions: + contents: write # for marvinpinto/action-automatic-releases to generate pre-release + # needs: [build] + name: Create Release + runs-on: "ubuntu-latest" + steps: - - name: Check out the repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - name: Harden Runner + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + with: + egress-policy: audit - - name: Setup Golang - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 + - uses: marvinpinto/action-automatic-releases@d68defdd11f9dcc7f52f35c1b7c236ee7513bcc1 with: - go-version: '1.19' + repo_token: "${{ secrets.GITHUB_TOKEN }}" + prerelease: false + title: "Edge-Orchestration ${{ github.ref_name }}" - - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 + # Generate Provenance + provenance: + needs: [create-release] + name: Generate Provenance + permissions: + actions: read # To read the workflow path. + id-token: write # To sign the provenance. + contents: write # To add assets to a release. - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 - with: - images: lfedge/edge-home-orchestration-go - tags: | - type=semver,pattern={{version}} + uses: robinraju/release-downloader@v1.9 + with: + repository: "owner/repo" + latest: true + tarBall: true - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 + name: Generate subject + id: hash + run: | + echo "hashes=$(sha256sum edge-home-orchestration-go-1.2.1.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT" - - name: Log in to Docker Hub - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 + with: + base64-subjects: "$hashes" #"${{ needs.build.outputs.hashes }}" + upload-assets: true # Optional: Upload to a new release - - name: Copy Dockerfile - run: | - make distclean - cp configs/defdockerfiles/ubuntu_multistage Dockerfile - - name: Build and push - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 - with: - context: . - build-args: TARGETVERSION=v${{ steps.meta.outputs.version }} - platforms: linux/amd64,linux/arm64,linux/arm/v7 - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} +# # // +# jobs: +# # Build LPVS +# build: +# runs-on: ubuntu-latest +# name: Build LPVS +# outputs: +# artifacts: ${{ steps.build.outputs.artifacts }} +# hashes: ${{ steps.hash.outputs.hashes }} +# version: ${{ steps.lpvs_version.outputs.version }} + +# steps: +# - name: Harden Runner +# uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 +# with: +# egress-policy: audit + +# - name: Checkout repository +# uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + +# - name: Set up JDK 17 +# uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 +# with: +# java-version: '17' +# distribution: 'temurin' +# cache: maven + +# - name: Build using maven +# id: build +# run: | +# # Your normal build workflow targets here +# # mvn clean package +# mvn -B package --file pom.xml + +# # Save the location of the maven output files for easier reference +# ARTIFACT_PATTERN=./target/$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout)-$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)*.jar +# echo "artifact_pattern=$ARTIFACT_PATTERN" >> "$GITHUB_OUTPUT" + +# - name: Generate subject +# id: hash +# run: | +# echo "hashes=$(sha256sum ${{ steps.build.outputs.artifact_pattern }} | base64 -w0)" >> "$GITHUB_OUTPUT" + +# - name: Get LPVS version +# id: lpvs_version +# run: | +# VERSION=${{ github.ref_name }} +# echo "version=lpvs-${VERSION:1}.jar" >> "$GITHUB_OUTPUT" + +# - name: Upload build artifacts +# uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # tag=v3 +# with: +# name: ${{ steps.lpvs_version.outputs.version }} +# path: ./target/${{ steps.lpvs_version.outputs.version }} +# if-no-files-found: error + +# # Create Release +# create-release: +# permissions: +# contents: write # for marvinpinto/action-automatic-releases to generate pre-release +# needs: [build] +# name: Create Release +# runs-on: "ubuntu-latest" + +# steps: +# - name: Harden Runner +# uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 +# with: +# egress-policy: audit + +# - uses: marvinpinto/action-automatic-releases@d68defdd11f9dcc7f52f35c1b7c236ee7513bcc1 +# with: +# repo_token: "${{ secrets.GITHUB_TOKEN }}" +# prerelease: false +# title: "LPVS ${{ github.ref_name }}" + +# # Generate Provenance +# provenance: +# needs: [build, create-release] +# name: Generate Provenance +# permissions: +# actions: read # To read the workflow path. +# id-token: write # To sign the provenance. +# contents: write # To add assets to a release. +# uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 +# with: +# base64-subjects: "${{ needs.build.outputs.hashes }}" +# upload-assets: true # Optional: Upload to a new release + +# # Upload Assets +# release: +# permissions: +# contents: write # for softprops/action-gh-release to create GitHub release +# needs: [build, create-release, provenance] +# name: Upload Assets +# runs-on: ubuntu-latest +# if: startsWith(github.ref, 'refs/tags/') +# steps: +# - name: Harden Runner +# uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 +# with: +# egress-policy: audit + +# - name: Download ${{ needs.build.outputs.version }} +# uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # tag=v2.1.0 +# with: +# name: ${{ needs.build.outputs.version }} + +# - name: Upload assets +# uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # v0.1.14 +# with: +# files: | +# ${{ needs.build.outputs.version }} + +# # Generate and Publish Javadoc +# generate-and-publish-javadoc: +# name: Generate and Publish Javadoc +# runs-on: ubuntu-latest + +# permissions: +# contents: write +# pages: write + +# steps: +# - name: Harden Runner +# uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 +# with: +# egress-policy: audit + +# - name: Checkout code +# uses: actions/checkout@d0651293c4a5a52e711f25b41b05b2212f385d28 + +# - name: Set up JDK +# uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 +# with: +# java-version: '17' +# distribution: 'temurin' +# cache: maven + +# - name: Build and generate Javadoc +# run: | +# mvn clean install javadoc:javadoc +# env: +# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +# - name: Deploy to GitHub Pages +# uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 +# with: +# github_token: ${{ secrets.GITHUB_TOKEN }} +# publish_dir: ./target/site/apidocs + +# # Publish package to GitHub Packages +# publish_package: +# name: Publish package to GitHub Packages +# runs-on: ubuntu-latest +# permissions: +# contents: read +# packages: write +# steps: +# - name: Harden Runner +# uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 +# with: +# egress-policy: audit + +# - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 +# - uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0 +# with: +# java-version: '17' +# distribution: 'temurin' +# - name: Publish package +# run: mvn --batch-mode deploy +# env: +# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +# # Publish Docker Image to ghcr.io +# publish_docker_image: +# name: Publish Docker Image to ghcr.io +# runs-on: ubuntu-latest +# permissions: +# contents: read +# packages: write +# steps: +# - name: Harden Runner +# uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 +# with: +# egress-policy: audit + +# - name: Check out the repo +# uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + +# - name: Log in to the Container registry +# uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d +# with: +# registry: ghcr.io +# username: ${{ github.actor }} +# password: ${{ secrets.GITHUB_TOKEN }} + +# - name: Extract metadata (tags, labels) for Docker +# id: meta +# uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 +# with: +# images: ghcr.io/${{ github.repository }} + +# - name: Build and push Docker image +# uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 +# with: +# context: . +# push: true +# tags: ${{ steps.meta.outputs.tags }} +# labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file