From 06b459702b89664c17d416a0c441d9ef07811ee9 Mon Sep 17 00:00:00 2001 From: Sambo Chea Date: Thu, 15 Jul 2021 18:18:00 +0700 Subject: [PATCH] Task: Updated actions build and install script --- .github/workflows/ci.yaml | 36 ------------------------------ .github/workflows/publish.yaml | 38 +------------------------------- ci/release-image/docker-bake.hcl | 4 ++-- ci/steps/push-docker-manifest.sh | 22 +++++++++--------- install.sh | 10 ++++----- 5 files changed, 20 insertions(+), 90 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index aad02192..616284fd 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -430,42 +430,6 @@ jobs: name: release-images path: ./release-images - trivy-scan-image: - runs-on: ubuntu-20.04 - needs: docker-images - # NOTE@jsjoeio: disabling due to a memory issue upstream - # See: https://github.com/github/codeql-action/issues/528 - if: 1 == 2 - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Download release images - uses: actions/download-artifact@v2 - with: - name: release-images - path: ./release-images - - - name: Run Trivy vulnerability scanner in image mode - # Commit SHA for v0.0.17 - uses: aquasecurity/trivy-action@ac8de07fd168680dd0331bef43681c0e150e9ad1 - with: - input: "./release-images/code-server-amd64-*.tar" - scan-type: "image" - ignore-unfixed: true - format: "template" - template: "@/contrib/sarif.tpl" - output: "trivy-image-results.sarif" - severity: "HIGH,CRITICAL" - - - name: Debug Trivy SARIF file - run: cat trivy-image-results.sarif && ls -l trivy-image-results.sarif - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: "trivy-image-results.sarif" - # We have to use two trivy jobs # because GitHub only allows # codeql/upload-sarif action per job diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index c56b41ac..69cb84d1 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -9,19 +9,6 @@ on: types: [published] jobs: - # NOTE: this job requires curl, jq and yarn - # All of them are included in ubuntu-latest. - npm: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Run ./ci/steps/publish-npm.sh - run: ./ci/steps/publish-npm.sh - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - # NOTE: this job requires curl, jq and docker # All of them are included in ubuntu-latest. docker: @@ -34,27 +21,4 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - - homebrew: - # The newest version of code-server needs to be available on npm when this runs - # otherwise, it will 404 and won't open a PR to bump version on homebrew/homebrew-core - needs: npm - runs-on: macos-latest - steps: - # Ensure things are up to date - # Suggested by homebrew maintainers - # https://github.com/Homebrew/discussions/discussions/1532#discussioncomment-782633 - - name: Set up Homebrew - id: set-up-homebrew - uses: Homebrew/actions/setup-homebrew@master - - - uses: actions/checkout@v2 - - name: Configure git - run: | - git config user.name github-actions - git config user.email github-actions@github.com - - name: Bump code-server homebrew version - env: - HOMEBREW_GITHUB_API_TOKEN: ${{secrets.HOMEBREW_GITHUB_API_TOKEN}} - run: ./ci/steps/brew-bump.sh + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} \ No newline at end of file diff --git a/ci/release-image/docker-bake.hcl b/ci/release-image/docker-bake.hcl index bbb85623..022df24b 100644 --- a/ci/release-image/docker-bake.hcl +++ b/ci/release-image/docker-bake.hcl @@ -12,14 +12,14 @@ group "default" { target "code-server-amd64" { dockerfile = "ci/release-image/Dockerfile" - tags = ["docker.io/codercom/code-server-amd64:${VERSION}"] + tags = ["docker.io/cubetiq/code-server-amd64:${VERSION}"] platforms = ["linux/amd64"] output = ["type=tar,dest=./release-images/code-server-amd64-${VERSION}.tar"] } target "code-server-arm64" { dockerfile = "ci/release-image/Dockerfile" - tags = ["docker.io/codercom/code-server-arm64:${VERSION}"] + tags = ["docker.io/cubetiq/code-server-arm64:${VERSION}"] platforms = ["linux/arm64"] output = ["type=tar,dest=./release-images/code-server-arm64-${VERSION}.tar"] } diff --git a/ci/steps/push-docker-manifest.sh b/ci/steps/push-docker-manifest.sh index 08d0fdac..33d8dd75 100755 --- a/ci/steps/push-docker-manifest.sh +++ b/ci/steps/push-docker-manifest.sh @@ -18,20 +18,22 @@ main() { # in order to build the manifest. # We don't put the arch in the tag to avoid polluting the main repository. # These other repositories are private so they don't pollute our organization namespace. - docker push "codercom/code-server-amd64:$VERSION" - docker push "codercom/code-server-arm64:$VERSION" + docker push "cubetiq/code-server-amd64:$VERSION" + docker push "cubetiq/code-server-arm64:$VERSION" export DOCKER_CLI_EXPERIMENTAL=enabled - docker manifest create "codercom/code-server:$VERSION" \ - "codercom/code-server-amd64:$VERSION" \ - "codercom/code-server-arm64:$VERSION" - docker manifest push --purge "codercom/code-server:$VERSION" + docker manifest create + "cubetiq/code-server:$VERSION" \ + "cubetiq/code-server-amd64:$VERSION" \ + "cubetiq/code-server-arm64:$VERSION" + docker manifest push --purge "cubetiq/code-server:$VERSION" - docker manifest create "codercom/code-server:latest" \ - "codercom/code-server-amd64:$VERSION" \ - "codercom/code-server-arm64:$VERSION" - docker manifest push --purge "codercom/code-server:latest" + docker manifest create + "cubetiq/code-server:latest" \ + "cubetiq/code-server-amd64:$VERSION" \ + "cubetiq/code-server-arm64:$VERSION" + docker manifest push --purge "cubetiq/code-server:latest" } main "$@" diff --git a/install.sh b/install.sh index 46f59cdb..3029fc65 100755 --- a/install.sh +++ b/install.sh @@ -72,8 +72,8 @@ EOF echo_latest_version() { # https://gist.github.com/lukechilds/a83e1d7127b78fef38c2914c4ececc3c#gistcomment-2758860 - version="$(curl -fsSLI -o /dev/null -w "%{url_effective}" https://github.com/cdr/code-server/releases/latest)" - version="${version#https://github.com/cdr/code-server/releases/tag/}" + version="$(curl -fsSLI -o /dev/null -w "%{url_effective}" https://github.com/cubetiq/code-server/releases/latest)" + version="${version#https://github.com/cubetiq/code-server/releases/tag/}" version="${version#v}" echo "$version" } @@ -340,7 +340,7 @@ install_deb() { echoh "Installing v$VERSION of the $ARCH deb package from GitHub." echoh - fetch "https://github.com/cdr/code-server/releases/download/v$VERSION/code-server_${VERSION}_$ARCH.deb" \ + fetch "https://github.com/cubetiq/code-server/releases/download/v$VERSION/code-server_${VERSION}_$ARCH.deb" \ "$CACHE_DIR/code-server_${VERSION}_$ARCH.deb" sudo_sh_c dpkg -i "$CACHE_DIR/code-server_${VERSION}_$ARCH.deb" @@ -351,7 +351,7 @@ install_rpm() { echoh "Installing v$VERSION of the $ARCH rpm package from GitHub." echoh - fetch "https://github.com/cdr/code-server/releases/download/v$VERSION/code-server-$VERSION-$ARCH.rpm" \ + fetch "https://github.com/cubetiq/code-server/releases/download/v$VERSION/code-server-$VERSION-$ARCH.rpm" \ "$CACHE_DIR/code-server-$VERSION-$ARCH.rpm" sudo_sh_c rpm -i "$CACHE_DIR/code-server-$VERSION-$ARCH.rpm" @@ -377,7 +377,7 @@ install_standalone() { echoh "Installing v$VERSION of the $ARCH release from GitHub." echoh - fetch "https://github.com/cdr/code-server/releases/download/v$VERSION/code-server-$VERSION-$OS-$ARCH.tar.gz" \ + fetch "https://github.com/cubetiq/code-server/releases/download/v$VERSION/code-server-$VERSION-$OS-$ARCH.tar.gz" \ "$CACHE_DIR/code-server-$VERSION-$OS-$ARCH.tar.gz" # -w only works if the directory exists so try creating it first. If this