v5.9.0 #1244
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # | |
| # Documentation: | |
| # https://help.github.com/en/articles/workflow-syntax-for-github-actions | |
| # | |
| ####################################### | |
| # Start the job on all push to master # | |
| ####################################### | |
| name: "Build & Deploy - PROD" | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| ############### | |
| # Set the Job # | |
| ############### | |
| jobs: | |
| deploy: | |
| name: Deploy beta | |
| runs-on: ubuntu-latest | |
| permissions: read-all | |
| environment: | |
| name: beta | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Setup .npmrc file to publish to npm | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| registry-url: "https://registry.npmjs.org" | |
| always-auth: true | |
| # Defaults to the user or organization that owns the workflow file | |
| scope: "hardisgroupcom" | |
| - run: yarn install --frozen-lockfile | |
| - run: yarn config set version-git-tag false && tsc -b | |
| - run: BETAID=$(date '+%Y%m%d%H%M') && yarn version --prepatch --preid="beta$BETAID" | |
| - run: yarn config set network-timeout 300000 && yarn publish --tag beta | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| push_beta_to_registry: | |
| name: Push Beta Docker image to Docker Hub | |
| needs: deploy | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write | |
| environment: | |
| name: beta | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build & Push Docker Image (Beta) | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: Dockerfile | |
| platforms: linux/amd64 | |
| build-args: | | |
| SFDX_HARDIS_VERSION=beta | |
| SFDX_CLI_VERSION=latest | |
| load: false | |
| push: true | |
| secrets: | | |
| GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
| tags: | | |
| docker.io/hardisgroupcom/sfdx-hardis:beta | |
| ghcr.io/hardisgroupcom/sfdx-hardis:beta | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: "docker.io/hardisgroupcom/sfdx-hardis:beta" | |
| format: "table" | |
| exit-code: "1" | |
| ignore-unfixed: true | |
| vuln-type: "os,library" | |
| security-checks: vuln | |
| severity: "CRITICAL,HIGH" | |
| push_beta_to_registry_sfdx_recommended: | |
| name: Push Beta Docker image to Docker Hub (with @salesforce/cli version recommended by hardis) | |
| needs: deploy | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write | |
| environment: | |
| name: beta | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build & Push Docker Image (Beta recommended) | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: Dockerfile | |
| platforms: linux/amd64 | |
| build-args: | | |
| SFDX_HARDIS_VERSION=beta | |
| SFDX_CLI_VERSION=latest | |
| load: false | |
| push: true | |
| secrets: | | |
| GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
| tags: | | |
| docker.io/hardisgroupcom/sfdx-hardis:beta-sfdx-recommended | |
| ghcr.io/hardisgroupcom/sfdx-hardis:beta-sfdx-recommended | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: "docker.io/hardisgroupcom/sfdx-hardis:beta-sfdx-recommended" | |
| format: "table" | |
| exit-code: "1" | |
| ignore-unfixed: true | |
| vuln-type: "os,library" | |
| security-checks: vuln | |
| severity: "CRITICAL,HIGH" |