Sign upLogin

dangeroustech/StreamDL

View on GitHub
Star
.github/workflows/deploy_master.yml

Summary

Maintainability
Test Coverage
name: Dockerhub Build - Master

on:
  push:
    branches: [master]

permissions:
  contents: write
  security-events: write

jobs:
  Changelog_Release:
    name: Changelog Release
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - uses: actions/setup-node@v4
        with:
          node-version: "16"
          check-latest: true

      - name: Install Changelog NPM Package
        run: npm install conventional-changelog-conventionalcommits

      - name: Changelog
        uses: TriPSs/conventional-changelog-action@v5
        id: changelog
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          git-message: "chore(release)🤖: {version} [skip ci]"
          output-file: CHANGELOG.md
          tag-prefix: v
          fallback-version: 2.1.1
          release-count: 0 # preserve all versions in changelog
          version-file: pyproject.toml
          version-path: project.version
          config-file-path: ./.changelog.config.js
          skip-on-empty: false # otherwise we don't publish fixes

      - name: Create Release
        uses: softprops/action-gh-release@v2
        id: release
        if: ${{ steps.changelog.outputs.skipped == 'false' }}
        env:
          GITHUB_TOKEN: ${{ secrets.github_token }}
        with:
          tag_name: ${{ steps.changelog.outputs.tag }}
          name: ${{ steps.changelog.outputs.tag }}
          body: ${{ steps.changelog.outputs.clean_changelog }}
  Docker_Release:
    name: Docker
    runs-on: ubuntu-latest
    needs: Changelog_Release
    strategy:
      fail-fast: true
      matrix:
        component: [client, server]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Get Tag
        id: tag
        uses: WyriHaximus/github-action-get-previous-tag@v1
        with:
          fallback: 1.0.0

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Dockerhub Push Stable
        id: dockerhub_stable_push
        uses: docker/build-push-action@v5
        with:
          context: .
          file: Dockerfile.${{ matrix.component }}
          platforms: linux/amd64, linux/arm64
          push: true
          tags: |
            dangeroustech/streamdl:${{ matrix.component }}_latest
            dangeroustech/streamdl:${{ matrix.component }}_stable
            dangeroustech/streamdl:${{ matrix.component }}_${{ steps.tag.outputs.tag }}

      - name: Snyk Scan
        id: snyk_scan
        uses: snyk/actions/docker@master
        continue-on-error: true
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          image: dangeroustech/streamdl:${{ matrix.component }}_stable
          args: >-
            --severity-threshold=medium
            --file=Dockerfile.${{ matrix.component }}
            --exclude-base-image-vulns
            --policy-path=.snyk

      - name: Upload result to GitHub Code Scanning
        uses: github/codeql-action/upload-sarif@v3
        continue-on-error: true
        with:
          sarif_file: snyk.sarif