Merge branch 'migrate-sf-plugin' into alpha #669
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # | |
| # Documentation: | |
| # https://help.github.com/en/articles/workflow-syntax-for-github-actions | |
| # | |
| ####################################### | |
| # Start the job on all push to master # | |
| ####################################### | |
| name: 'Build & Deploy - ALPHA' | |
| on: | |
| push: | |
| branches: | |
| - 'alpha' | |
| ############### | |
| # Set the Job # | |
| ############### | |
| jobs: | |
| deploy: | |
| name: Deploy alpha | |
| runs-on: ubuntu-latest | |
| permissions: read-all | |
| environment: | |
| name: alpha | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Setup .npmrc file to publish to npm | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: 20 | |
| registry-url: 'https://registry.npmjs.org' | |
| always-auth: true | |
| # Defaults to the user or organization that owns the workflow file | |
| scope: 'hardisgroupcom' | |
| - run: yarn install --frozen-lockfile && yarn run compile | |
| - run: yarn config set version-git-tag false | |
| - run: ALPHAID=$(date '+%Y%m%d%H%M') && yarn version --prepatch --preid="alpha$ALPHAID" | |
| - run: yarn config set network-timeout 300000 | |
| - run: yarn publish --tag alpha | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| push_alpha_to_registry: | |
| name: Push alpha Docker image to Docker Hub | |
| needs: deploy | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write | |
| environment: | |
| name: alpha | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build & Push Docker Image (Alpha) | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: Dockerfile | |
| platforms: linux/amd64 | |
| build-args: | | |
| SFDX_HARDIS_VERSION=alpha | |
| SFDX_CLI_VERSION=latest | |
| load: false | |
| push: true | |
| secrets: | | |
| GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
| tags: | | |
| docker.io/hardisgroupcom/sfdx-hardis:alpha | |
| ghcr.io/hardisgroupcom/sfdx-hardis:alpha | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'docker.io/hardisgroupcom/sfdx-hardis:alpha' | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| security-checks: vuln | |
| severity: 'CRITICAL,HIGH' | |
| push_alpha_to_registry_sfdx_recommended: | |
| name: Push alpha Docker image to Docker Hub (with @salesforce/cli version recommended by hardis) | |
| needs: deploy | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write | |
| environment: | |
| name: alpha | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build & Push Docker Image (Alpha recommended) | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: Dockerfile | |
| platforms: linux/amd64 | |
| build-args: | | |
| SFDX_HARDIS_VERSION=alpha | |
| SFDX_CLI_VERSION=latest | |
| load: false | |
| push: true | |
| secrets: | | |
| GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
| tags: | | |
| docker.io/hardisgroupcom/sfdx-hardis:alpha-sfdx-recommended | |
| ghcr.io/hardisgroupcom/sfdx-hardis:alpha-sfdx-recommended | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'docker.io/hardisgroupcom/sfdx-hardis:alpha-sfdx-recommended' | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| security-checks: vuln | |
| severity: 'CRITICAL,HIGH' |