WIP #10
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pipeline | |
on: | |
push: | |
branches: | |
- develop | |
- feat/* | |
- hotfix/* | |
- main | |
pull_request: | |
branches: | |
- develop | |
- feat/* | |
- hotfix/* | |
- main | |
jobs: | |
init: | |
name: Init | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
outputs: | |
VERSION: ${{ steps.version.outputs.version }} | |
VERSION_FULL: ${{ steps.version.outputs.version_full }} | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
with: | |
# We need all Git history for "version.sh" | |
fetch-depth: 0 | |
# Ensure "version.sh" submodule are up-to-date | |
submodules: recursive | |
- name: Generate versions | |
id: version | |
run: | | |
echo "version=$(bash cicd/version/version.sh -g . -c)" >> $GITHUB_OUTPUT | |
echo "version_full=$(bash cicd/version/version.sh -g . -c -m)" >> $GITHUB_OUTPUT | |
build-app: | |
name: Build & publish app | |
permissions: | |
contents: write | |
packages: write | |
runs-on: ${{ matrix.os }} | |
needs: | |
- init | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
# Last 2 versions of macOS | |
- macos-13 | |
- macos-14 | |
# Last 2 versions of Ubuntu | |
- ubuntu-22.04 | |
- ubuntu-24.04 | |
# Last 2 versions of Windows | |
- windows-2019 | |
- windows-2022 | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
- name: Configure Git | |
run: | | |
git config user.name "${{ github.actor }}" | |
git config user.email "${{ github.actor }}@users.noreply.github.com" | |
- name: Set up Python | |
uses: actions/[email protected] | |
with: | |
cache: pip | |
python-version: "3.12" | |
- name: Install make (Windows) | |
if: runner.os == 'Windows' | |
run: choco install make | |
- name: Install dependencies | |
run: | | |
python3 -m pip install --upgrade pip wheel setuptools | |
make install-deps | |
- name: Install dependencies (Windows) | |
if: runner.os == 'Windows' | |
run: | | |
python3 -m pip install pywin32-ctypes pefile | |
- name: Build to binary | |
run: make build | |
- name: Rename binary (Linux) | |
if: runner.os == 'Ubuntu' || runner.os == 'macOS' | |
run: mv dist/scrape-it-now dist/scrape-it-now-${{ needs.init.outputs.VERSION }}-${{ matrix.os }} | |
- name: Rename binary (Windows) | |
if: runner.os == 'Windows' | |
run: mv dist\scrape-it-now.exe dist\scrape-it-now-${{ needs.init.outputs.VERSION }}-${{ matrix.os }}.exe | |
- name: Upload artifact | |
uses: actions/[email protected] | |
with: | |
name: binary-${{ matrix.os }} | |
path: dist/scrape-it-now-${{ needs.init.outputs.VERSION }}-${{ matrix.os }} | |
attest-dependencies: | |
name: Attest - Dependencies | |
permissions: | |
# Allow to write to GitHub Security | |
contents: write | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
- name: Run attestation | |
uses: advanced-security/[email protected] | |
with: | |
directoryExclusionList: docs | |
attest-sbom: | |
name: Attest - SBOM | |
runs-on: ubuntu-22.04 | |
needs: | |
- init | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
- name: Init Syft | |
uses: anchore/sbom-action/[email protected] | |
- name: Run attestation | |
run: make sbom version_full=${{ needs.init.outputs.VERSION_FULL }} | |
- name: Upload results to release | |
uses: actions/[email protected] | |
with: | |
name: sbom | |
path: sbom-reports/* | |
publish-release: | |
name: Release | |
permissions: | |
contents: write | |
runs-on: ubuntu-22.04 | |
needs: | |
- attest-dependencies | |
- attest-sbom | |
- build-app | |
- init | |
# Only publish on non-scheduled default branch | |
# if: (github.event_name != 'schedule') && (github.ref == 'refs/heads/main') | |
steps: | |
- name: Download artifacts | |
id: download | |
uses: actions/[email protected] | |
with: | |
merge-multiple: true | |
path: artifacts | |
- name: Export artifact list | |
id: list | |
run: | | |
echo "artifacts=$(ls -1 ${{ steps.download.outputs.download-path }})" >> $GITHUB_OUTPUT | |
- name: Publish | |
uses: softprops/[email protected] | |
with: | |
files: ${{ steps.list.outputs.artifacts }} | |
generate_release_notes: true | |
make_latest: true | |
tag_name: ${{ needs.init.outputs.VERSION }} |