Attack Range Improvements #429
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| env: | |
| IMAGE_NAME: "splunk/attack_range" | |
| jobs: | |
| #This will prevent anything below from running if we're not | |
| #on a tag, but for good measure and verbosity we will | |
| #still check that each of these steps only runs against | |
| #a tag. | |
| validate-tag-if-present: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: TAGGED, Validate that the tag is in the correct format | |
| run: | | |
| echo "The GITHUB_REF: $GITHUB_REF" | |
| #First check to see if the release is a tag | |
| if [[ $GITHUB_REF =~ refs/tags/* ]]; then | |
| #Yes, this is a tag, so we need to test to make sure that the tag | |
| #is in the correct format (like v1.10.20) | |
| if [[ $GITHUB_REF =~ refs/tags/v[0-9]+.[0-9]+.[0-9]+ ]]; then | |
| echo "PASS: Tagged release with good format" | |
| exit 0 | |
| else | |
| echo "FAIL: Tagged release with bad format" | |
| exit 1 | |
| fi | |
| else | |
| echo "PASS: Not a tagged release" | |
| exit 0 | |
| fi | |
| publish-github-release: | |
| runs-on: ubuntu-latest | |
| needs: [validate-tag-if-present] | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: 'develop' | |
| #Rename the build artifacts artifacts appropriately | |
| - name: Set tag | |
| id: vars | |
| run: echo ::set-output name=tag::${GITHUB_REF#refs/*/} | |
| - name: Prepare Release for Publishing on github | |
| run: | | |
| cd .. | |
| tar -zcvf attack-range-${{ steps.vars.outputs.tag }}.tar.gz attack_range | |
| sha256sum attack-range-${{ steps.vars.outputs.tag }}.tar.gz > checksum-${{ steps.vars.outputs.tag }}.txt | |
| #Upload all of the release artifacts that we have created using the third party | |
| #action recommended bu Github | |
| - name: Upload Release Artifacts | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: | | |
| ../attack-range-${{ steps.vars.outputs.tag }}.tar.gz | |
| ../checksum-%{{ steps.vars.outputs.tag }}.txt | |
| #We can trivially combine these next two steps. In the original | |
| #test, these were two different steps - | |
| #build-docker-image and publish-docker-image | |
| build-and-publish-docker-image: | |
| runs-on: ubuntu-latest | |
| needs: [validate-tag-if-present, publish-github-release] | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: 'develop' | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v1 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Setup Docker Build and Push | |
| uses: docker/build-push-action@v2 | |
| with: | |
| push: true | |
| context: docker/ #do the build in the docker directory, not current working directory | |
| tags: ${{ env.IMAGE_NAME }}:latest |