Task: Updated actions build and install script
This commit is contained in:
parent
fddfeb2f88
commit
06b459702b
36
.github/workflows/ci.yaml
vendored
36
.github/workflows/ci.yaml
vendored
@ -430,42 +430,6 @@ jobs:
|
||||
name: release-images
|
||||
path: ./release-images
|
||||
|
||||
trivy-scan-image:
|
||||
runs-on: ubuntu-20.04
|
||||
needs: docker-images
|
||||
# NOTE@jsjoeio: disabling due to a memory issue upstream
|
||||
# See: https://github.com/github/codeql-action/issues/528
|
||||
if: 1 == 2
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Download release images
|
||||
uses: actions/download-artifact@v2
|
||||
with:
|
||||
name: release-images
|
||||
path: ./release-images
|
||||
|
||||
- name: Run Trivy vulnerability scanner in image mode
|
||||
# Commit SHA for v0.0.17
|
||||
uses: aquasecurity/trivy-action@ac8de07fd168680dd0331bef43681c0e150e9ad1
|
||||
with:
|
||||
input: "./release-images/code-server-amd64-*.tar"
|
||||
scan-type: "image"
|
||||
ignore-unfixed: true
|
||||
format: "template"
|
||||
template: "@/contrib/sarif.tpl"
|
||||
output: "trivy-image-results.sarif"
|
||||
severity: "HIGH,CRITICAL"
|
||||
|
||||
- name: Debug Trivy SARIF file
|
||||
run: cat trivy-image-results.sarif && ls -l trivy-image-results.sarif
|
||||
|
||||
- name: Upload Trivy scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: "trivy-image-results.sarif"
|
||||
|
||||
# We have to use two trivy jobs
|
||||
# because GitHub only allows
|
||||
# codeql/upload-sarif action per job
|
||||
|
||||
36
.github/workflows/publish.yaml
vendored
36
.github/workflows/publish.yaml
vendored
@ -9,19 +9,6 @@ on:
|
||||
types: [published]
|
||||
|
||||
jobs:
|
||||
# NOTE: this job requires curl, jq and yarn
|
||||
# All of them are included in ubuntu-latest.
|
||||
npm:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Run ./ci/steps/publish-npm.sh
|
||||
run: ./ci/steps/publish-npm.sh
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
||||
|
||||
# NOTE: this job requires curl, jq and docker
|
||||
# All of them are included in ubuntu-latest.
|
||||
docker:
|
||||
@ -35,26 +22,3 @@ jobs:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
|
||||
|
||||
homebrew:
|
||||
# The newest version of code-server needs to be available on npm when this runs
|
||||
# otherwise, it will 404 and won't open a PR to bump version on homebrew/homebrew-core
|
||||
needs: npm
|
||||
runs-on: macos-latest
|
||||
steps:
|
||||
# Ensure things are up to date
|
||||
# Suggested by homebrew maintainers
|
||||
# https://github.com/Homebrew/discussions/discussions/1532#discussioncomment-782633
|
||||
- name: Set up Homebrew
|
||||
id: set-up-homebrew
|
||||
uses: Homebrew/actions/setup-homebrew@master
|
||||
|
||||
- uses: actions/checkout@v2
|
||||
- name: Configure git
|
||||
run: |
|
||||
git config user.name github-actions
|
||||
git config user.email github-actions@github.com
|
||||
- name: Bump code-server homebrew version
|
||||
env:
|
||||
HOMEBREW_GITHUB_API_TOKEN: ${{secrets.HOMEBREW_GITHUB_API_TOKEN}}
|
||||
run: ./ci/steps/brew-bump.sh
|
||||
|
||||
@ -12,14 +12,14 @@ group "default" {
|
||||
|
||||
target "code-server-amd64" {
|
||||
dockerfile = "ci/release-image/Dockerfile"
|
||||
tags = ["docker.io/codercom/code-server-amd64:${VERSION}"]
|
||||
tags = ["docker.io/cubetiq/code-server-amd64:${VERSION}"]
|
||||
platforms = ["linux/amd64"]
|
||||
output = ["type=tar,dest=./release-images/code-server-amd64-${VERSION}.tar"]
|
||||
}
|
||||
|
||||
target "code-server-arm64" {
|
||||
dockerfile = "ci/release-image/Dockerfile"
|
||||
tags = ["docker.io/codercom/code-server-arm64:${VERSION}"]
|
||||
tags = ["docker.io/cubetiq/code-server-arm64:${VERSION}"]
|
||||
platforms = ["linux/arm64"]
|
||||
output = ["type=tar,dest=./release-images/code-server-arm64-${VERSION}.tar"]
|
||||
}
|
||||
|
||||
@ -18,20 +18,22 @@ main() {
|
||||
# in order to build the manifest.
|
||||
# We don't put the arch in the tag to avoid polluting the main repository.
|
||||
# These other repositories are private so they don't pollute our organization namespace.
|
||||
docker push "codercom/code-server-amd64:$VERSION"
|
||||
docker push "codercom/code-server-arm64:$VERSION"
|
||||
docker push "cubetiq/code-server-amd64:$VERSION"
|
||||
docker push "cubetiq/code-server-arm64:$VERSION"
|
||||
|
||||
export DOCKER_CLI_EXPERIMENTAL=enabled
|
||||
|
||||
docker manifest create "codercom/code-server:$VERSION" \
|
||||
"codercom/code-server-amd64:$VERSION" \
|
||||
"codercom/code-server-arm64:$VERSION"
|
||||
docker manifest push --purge "codercom/code-server:$VERSION"
|
||||
docker manifest create
|
||||
"cubetiq/code-server:$VERSION" \
|
||||
"cubetiq/code-server-amd64:$VERSION" \
|
||||
"cubetiq/code-server-arm64:$VERSION"
|
||||
docker manifest push --purge "cubetiq/code-server:$VERSION"
|
||||
|
||||
docker manifest create "codercom/code-server:latest" \
|
||||
"codercom/code-server-amd64:$VERSION" \
|
||||
"codercom/code-server-arm64:$VERSION"
|
||||
docker manifest push --purge "codercom/code-server:latest"
|
||||
docker manifest create
|
||||
"cubetiq/code-server:latest" \
|
||||
"cubetiq/code-server-amd64:$VERSION" \
|
||||
"cubetiq/code-server-arm64:$VERSION"
|
||||
docker manifest push --purge "cubetiq/code-server:latest"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
|
||||
10
install.sh
10
install.sh
@ -72,8 +72,8 @@ EOF
|
||||
|
||||
echo_latest_version() {
|
||||
# https://gist.github.com/lukechilds/a83e1d7127b78fef38c2914c4ececc3c#gistcomment-2758860
|
||||
version="$(curl -fsSLI -o /dev/null -w "%{url_effective}" https://github.com/cdr/code-server/releases/latest)"
|
||||
version="${version#https://github.com/cdr/code-server/releases/tag/}"
|
||||
version="$(curl -fsSLI -o /dev/null -w "%{url_effective}" https://github.com/cubetiq/code-server/releases/latest)"
|
||||
version="${version#https://github.com/cubetiq/code-server/releases/tag/}"
|
||||
version="${version#v}"
|
||||
echo "$version"
|
||||
}
|
||||
@ -340,7 +340,7 @@ install_deb() {
|
||||
echoh "Installing v$VERSION of the $ARCH deb package from GitHub."
|
||||
echoh
|
||||
|
||||
fetch "https://github.com/cdr/code-server/releases/download/v$VERSION/code-server_${VERSION}_$ARCH.deb" \
|
||||
fetch "https://github.com/cubetiq/code-server/releases/download/v$VERSION/code-server_${VERSION}_$ARCH.deb" \
|
||||
"$CACHE_DIR/code-server_${VERSION}_$ARCH.deb"
|
||||
sudo_sh_c dpkg -i "$CACHE_DIR/code-server_${VERSION}_$ARCH.deb"
|
||||
|
||||
@ -351,7 +351,7 @@ install_rpm() {
|
||||
echoh "Installing v$VERSION of the $ARCH rpm package from GitHub."
|
||||
echoh
|
||||
|
||||
fetch "https://github.com/cdr/code-server/releases/download/v$VERSION/code-server-$VERSION-$ARCH.rpm" \
|
||||
fetch "https://github.com/cubetiq/code-server/releases/download/v$VERSION/code-server-$VERSION-$ARCH.rpm" \
|
||||
"$CACHE_DIR/code-server-$VERSION-$ARCH.rpm"
|
||||
sudo_sh_c rpm -i "$CACHE_DIR/code-server-$VERSION-$ARCH.rpm"
|
||||
|
||||
@ -377,7 +377,7 @@ install_standalone() {
|
||||
echoh "Installing v$VERSION of the $ARCH release from GitHub."
|
||||
echoh
|
||||
|
||||
fetch "https://github.com/cdr/code-server/releases/download/v$VERSION/code-server-$VERSION-$OS-$ARCH.tar.gz" \
|
||||
fetch "https://github.com/cubetiq/code-server/releases/download/v$VERSION/code-server-$VERSION-$OS-$ARCH.tar.gz" \
|
||||
"$CACHE_DIR/code-server-$VERSION-$OS-$ARCH.tar.gz"
|
||||
|
||||
# -w only works if the directory exists so try creating it first. If this
|
||||
|
||||
Loading…
Reference in New Issue
Block a user