fix: Upgrade actions and use clean Makefile commands to push tags (#1026

)
mattermost · Mar 5, 2024 · 4bd71f3 · 4bd71f3
1 parent 683131c
commit 4bd71f3
Show file tree

Hide file tree

Showing 5 changed files with 59 additions and 40 deletions.
diff --git a/.github/actions/docker-build/action.yaml b/.github/actions/docker-build/action.yaml
@@ -6,8 +6,9 @@ runs:
   steps:
     - name: ci/prepare-docker-environment
       uses: ./.github/actions/docker-prepare
+
     - name: cd/scan-docker-security
-      uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 # v0.8.0
+      uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
       with:
         image-ref: "mattermost/mattermost-cloud"
         format: "table"
@@ -26,7 +27,7 @@ runs:
       if: github.event_name != 'pull_request'
 
     - name: cd/scan-docker-security-e2e
-      uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 # v0.8.0
+      uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
       with:
         image-ref: "mattermost/mattermost-cloud-e2e"
         format: "table"
@@ -38,6 +39,7 @@ runs:
       run: "make push-image-pr"
       shell: bash
       if: github.event_name == 'pull_request'
+
     - name: cd/push-image
       run: "make push-image"
       shell: bash

diff --git a/.github/actions/docker-prepare/action.yml b/.github/actions/docker-prepare/action.yml
@@ -1,11 +1,11 @@
 ---
-name: 'docker-prepare'
-description: 'Install docker requirements'
+name: "docker-prepare"
+description: "Install docker requirements"
 
 runs:
-  using: 'composite'
+  using: "composite"
   steps:
-  - name: ci/setup-buildx
-    uses: docker/setup-buildx-action@v3
-    with:
-      version: v0.12.0
+    - name: ci/setup-buildx
+      uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0
+      with:
+        version: v0.12.0
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -14,15 +14,15 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: ci/checkout-repo
-        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
 
       - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version-file: go.mod
-          cache: true
+
       - name: ci/check-style
         run: make check-style
 
@@ -33,15 +33,14 @@ jobs:
     runs-on: ubuntu-20.04 # TODO: move check-mocks back to the newest Ubuntu release
     steps:
       - name: ci/checkout-repo
-        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
 
       - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version-file: go.mod
-          cache: true
 
       - name: ci/check-mocks
         run: make verify-mocks
@@ -64,21 +63,20 @@ jobs:
 
     steps:
       - name: ci/checkout-repo
-        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
 
       - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          cache: true
           go-version-file: go.mod
 
       - name: ci/test-postgres
         run: make unittest goverall
         env:
           CLOUD_DATABASE: postgres://cloud_test@localhost:5432/cloud_test?sslmode=disable
-      
+
       - name: ci/test-testwick
         run: make unittest
         working-directory: ./cmd/tools/testwick
@@ -90,23 +88,12 @@ jobs:
       - lint
     steps:
       - name: ci/checkout-repo
-        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
 
-      - name: ci/generate-tag
-        run: |
-          if [ "${{ github.event_name }}" == "pull_request" ]
-          then
-            SHA=${{ github.event.pull_request.head.sha }}
-          else [ "${{ github.event_name }}"  == 'push' ]
-            SHA=${GITHUB_SHA}
-          fi
-          echo "TAG=${SHA:0:7}" >> $GITHUB_ENV
-
       - name: ci/build-docker
         env:
-          REF_NAME: ${{ github.ref_name }}
           DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
           DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
         uses: ./.github/actions/docker-build
diff --git a/Makefile b/Makefile
@@ -15,6 +15,9 @@ KUBECTL_VERSION=v1.27.9
 POSTGRES_VERSION=14.8
 ARCH ?= amd64
 
+APP_NAME    := $(shell basename -s .git `git config --get remote.origin.url`)
+APP_COMMIT  := $(shell git rev-parse HEAD)
+
 ## Docker Build Versions
 DOCKER_BUILD_IMAGE := golang:$(GOLANG_VERSION)
 DOCKER_BASE_IMAGE = alpine:$(ALPINE_VERSION)
@@ -71,6 +74,15 @@ TRIVY_SEVERITY := CRITICAL
 TRIVY_EXIT_CODE := 1
 TRIVY_VULN_TYPE := os,library
 
+# ====================================================================================
+# Used for semver bumping
+CURRENT_VERSION := $(shell git describe --abbrev=0 --tags)
+VERSION_PARTS := $(subst ., ,$(subst v,,$(CURRENT_VERSION)))
+MAJOR := $(word 1,$(VERSION_PARTS))
+MINOR := $(word 2,$(VERSION_PARTS))
+PATCH := $(word 3,$(VERSION_PARTS))
+# ====================================================================================
+
 export GO111MODULE=on
 
 ## Checks the code style, tests, builds and bundles.
@@ -347,6 +359,27 @@ e2e-installation:
 .PHONY: e2e
 e2e: e2e-cluster e2e-installation
 
+.PHONY: patch minor major
+
+patch: ## to bump patch version (semver)
+	@$(eval PATCH := $(shell echo $$(($(PATCH)+1))))
+	@echo Bumping $(APP_NAME) to Patch version v$(MAJOR).$(MINOR).$(PATCH)
+	git tag -s -a v$(MAJOR).$(MINOR).$(PATCH) -m "Bumping $(APP_NAME) to Patch version v$(MAJOR).$(MINOR).$(PATCH)"
+	git push origin v$(MAJOR).$(MINOR).$(PATCH)
+
+minor: ## to bump minor version (semver)
+	@$(eval MINOR := $(shell echo $$(($(MINOR)+1))))
+	@echo Bumping $(APP_NAME) to Minor version v$(MAJOR).$(MINOR).0
+	git tag -s -a v$(MAJOR).$(MINOR).0 -m "Bumping $(APP_NAME) to Minor version v$(MAJOR).$(MINOR).0"
+	git push origin v$(MAJOR).$(MINOR).0
+
+major: ## to bump major version (semver)
+	$(eval MAJOR := $(shell echo $$(($(MAJOR)+1))))
+	$(eval MINOR := 0)
+	$(eval PATCH := 0)
+	@echo Bumping $(APP_NAME) to Major version v$(MAJOR).$(MINOR).$(PATCH)
+	git tag -s -a v$(MAJOR).$(MINOR).$(PATCH) -m "Bumping $(APP_NAME) to Major version v$(MAJOR).$(MINOR).$(PATCH)"
+	git push origin v$(MAJOR).$(MINOR).$(PATCH)
 
 ## --------------------------------------
 ## Tooling Binaries

diff --git a/scripts/push-image.sh b/scripts/push-image.sh
@@ -1,15 +1,12 @@
 #!/bin/bash
 set -e
-set -u
 
-: ${GITHUB_REF_TYPE:?}
-: ${GITHUB_REF_NAME:?}
-
-if [ "${GITHUB_REF_TYPE:-}" = "branch" ]; then
-  echo "Pushing latest for $GITHUB_REF_NAME..."
-  export TAG=latest
+if [ -n "${TAG}" ]
+  then
+    echo "Pushing ${TAG} for release ..."
 else
-  echo "Pushing release $GITHUB_REF_NAME..."
-  export TAG="$GITHUB_REF_NAME"
+  echo "Pushing latest for ${GITHUB_REF_NAME} ..."
+  export TAG="latest"
 fi
+
 make build-image-with-tag