Skip to content
Build & Release mondoo Meta-Package

v11.25.0 #135

Sign in to view logs

v11.25.0

v11.25.0 #135

Workflow file for this run

.github/workflows/release_mondoo_pkgs.yaml at 0f9c4bb
name: "Build & Release mondoo Meta-Package"
on:
release:
types: [released]
workflow_dispatch:
inputs:
version:
description: 'Version that should be released'
required: true
default: '1.2.3'
jobs:
build-mondoo-payloads:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- uses: actions/checkout@v4
- name: Version from Workflow Dispatch
if: github.event_name == 'workflow_dispatch'
run: |
echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
- name: Version from Release Tag
if: github.event_name == 'release'
run: |
echo "VERSION=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
- name: Unify and Validate Version
id: version
run: |
VERSION=$(echo $VERSION | sed 's/^v//')
if [[ ! $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Invalid version: $VERSION"
exit 1
fi
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Create destination folder
run: |
cd helper
mkdir packages
- name: Install RPM tools
run: |
sudo apt update && sudo apt install -y rpm gpg
- name: Authenticate with GCloud
uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
- name: Setup GCloud SDK
uses: 'google-github-actions/setup-gcloud@v2'
- name: Download Signing Keys
env:
KEY_PATH: ${{ runner.temp }}
run: |
gcloud --project=mondoo-base-infra secrets versions access latest --secret=gpg-package-signing-cert-public-2023 --out-file=${KEY_PATH}/public.gpg
gpg --import ${KEY_PATH}/public.gpg
gcloud --project=mondoo-base-infra secrets versions access latest --secret=gpg-package-signing-cert-private-2023 --out-file=${KEY_PATH}/private.gpg
gpg --import --allow-secret-key-import ${KEY_PATH}/private.gpg
- name: Check GPG Keys
run: |
gpg --list-keys
gpg --list-secret-keys
- name: Build Packages
run: |
cd helper && make
- name: Sign RPMs
run: |
cd helper/
rpmsign --define='%_gpg_name Mondoo Inc' --addsign ./packages/*rpm
- name: Generate Checksums
run: |
cd helper/packages
sha256sum *linux* > checksums.linux.txt
- name: Upload files to releases.mondoo.com
run: |
gsutil cp -r helper/packages/* gs://releases-us.mondoo.io/mondoo/${VERSION}/
- name: Upload files to GitHub Release Page
uses: softprops/action-gh-release@v2
with:
tag_name: v${{ steps.version.outputs.version }}
files: helper/packages/*
- name: Reindex folder on releaser.mondoo.com
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.REPO_API_TOKEN }}
repository: "mondoohq/releasr"
event-type: reindex
client-payload: '{
"reindex-path": "mondoo/${{ steps.version.outputs.version }}",
"bucket": "releases-us.mondoo.io"
}'
- name: Create Artifacts
uses: actions/upload-artifact@v4
with:
name: mondoo-${{ steps.version.outputs.version }}
path: helper/packages/
retention-days: 7
update-downstream:
runs-on: ubuntu-latest
needs: build-mondoo-payloads
## Matrix task, repeats steps for each repo
strategy:
matrix:
repo: ["mondoohq/repobuilder"]
steps:
- uses: actions/checkout@v4
- name: Repository Dispatch (Workflow Dispatch)
uses: peter-evans/repository-dispatch@v3
if: github.event_name == 'workflow_dispatch'
with:
token: ${{ secrets.REPO_API_TOKEN }}
repository: ${{ matrix.repo }}
event-type: update
client-payload: '{"version": "${{ needs.build-mondoo-payloads.outputs.version }}"}'
- name: Repository Dispatch (Release)
uses: peter-evans/repository-dispatch@v3
if: github.event_name == 'release'
with:
token: ${{ secrets.REPO_API_TOKEN }}
repository: ${{ matrix.repo }}
event-type: update
client-payload: '{"version": "${{ needs.build-mondoo-payloads.outputs.version }}"}'