upstream/mattermost
1
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2026-05-28 04:35:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 19
mattermost/.github/workflows/server-ci-artifacts.yml
Eva Sarafianou aaefd4109b
MM-68120 - Use repo checkout for build files in server-ci-artifacts (#35842) 
* Use repo checkout for Dockerfile in server-ci-artifacts build-docker job

The build-docker job was downloading server-build-artifact to get the
Dockerfile and supporting files for every PR. Switch to checking out
server/build/ directly from the repo for external PRs, while keeping
the artifact-based flow for same-repo PRs so that Dockerfile changes
can be tested before merge.

Only upload server-build-artifact when the PR comes from the same repo,
since external PRs no longer use it.

Made-with: Cursor

* retrigger pipelines

* undo previous commit

---------

Co-authored-by: Mattermost Build <build@mattermost.com>
2026-04-01 14:12:56 +03:00

190 lines
7.9 KiB
YAML
Raw Permalink Blame History

name: Server CI Artifacts
on:
workflow_run:
workflows:
- "Server CI"
types:
- completed
env:
COSIGN_VERSION: 2.2.0
jobs:
## We only need the condition on the first job
## This will run only when a pull request is created with server changes
update-initial-status:
if: github.repository_owner == 'mattermost' && github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'
runs-on: ubuntu-22.04
steps:
- uses: mattermost/actions/delivery/update-commit-status@f324ac89b05cc3511cb06e60642ac2fb829f0a63
env:
GITHUB_TOKEN: ${{ github.token }}
with:
repository_full_name: ${{ github.repository }}
commit_sha: ${{ github.event.workflow_run.head_sha }}
context: Server CI/Artifacts Build
description: Artifacts upload and build for mattermost team platform
status: pending
upload-artifacts:
runs-on: ubuntu-22.04
needs:
- update-initial-status
steps:
- name: cd/configure-aws-credentials
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
with:
aws-region: us-east-1
aws-access-key-id: ${{ secrets.PR_BUILDS_BUCKET_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.PR_BUILDS_BUCKET_AWS_SECRET_ACCESS_KEY }}
- name: cd/download-artifacts-from-PR-workflow
uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
with:
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ github.token }}
name: server-dist-artifact
path: server/dist
- name: cd/generate-packages-file-list
working-directory: ./server/dist
run: |
echo "PACKAGES_FILE_LIST<<EOF" >> "${GITHUB_ENV}"
ls | grep -E "*.(tar.gz|zip)$" >> "${GITHUB_ENV}"
echo "EOF" >> "${GITHUB_ENV}"
- name: cd/upload-artifacts-to-s3
run: aws s3 sync server/dist/ s3://pr-builds.mattermost.com/mattermost/commit/${{ github.event.workflow_run.head_sha }}/ --cache-control no-cache --no-progress --acl public-read
- name: cd/generate-summary
run: |
echo "### Download links for Mattermost team package" >> "${GITHUB_STEP_SUMMARY}"
echo " " >> "${GITHUB_STEP_SUMMARY}"
echo "Mattermost Repo SHA: \`${{ github.event.workflow_run.head_sha }}\`" >> "${GITHUB_STEP_SUMMARY}"
echo "|Download Link|" >> "${GITHUB_STEP_SUMMARY}"
echo "| --- |" >> "${GITHUB_STEP_SUMMARY}"
for package in ${PACKAGES_FILE_LIST}
do
echo "|[${package}](https://pr-builds.mattermost.com/mattermost/commit/${{ github.event.workflow_run.head_sha }}/${package})|" >> "${GITHUB_STEP_SUMMARY}"
done
build-docker:
runs-on: ubuntu-22.04
needs:
- upload-artifacts
outputs:
TAG: ${{ steps.set_tag.outputs.TAG }}
steps:
- name: cd/docker-login
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
username: mattermostdev
password: ${{ secrets.DOCKERHUB_DEV_TOKEN }}
- name: cd/checkout-build-files
if: github.event.workflow_run.head_repository.full_name != github.repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
sparse-checkout: server/build/
sparse-checkout-cone-mode: true
- name: cd/download-build-artifact
if: github.event.workflow_run.head_repository.full_name == github.repository
uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
with:
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ github.token }}
name: server-build-artifact
path: server/build/
- name: cd/setup-cosign
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
with:
cosign-release: v${{ env.COSIGN_VERSION }}
- name: cd/setup-docker-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: cd/set-docker-tag
id: set_tag
run: |
echo "TAG=$(echo '${{ github.event.workflow_run.head_sha }}' | cut -c1-7)" >> $GITHUB_OUTPUT
- name: cd/docker-build-and-push
id: docker
env:
MM_PACKAGE: https://pr-builds.mattermost.com/mattermost/commit/${{ github.event.workflow_run.head_sha }}/mattermost-team-linux-amd64.tar.gz
TAG: ${{ steps.set_tag.outputs.TAG }}
run: |
cd server/build
docker buildx build --no-cache --platform linux/amd64 --push --build-arg MM_PACKAGE=${MM_PACKAGE} -t mattermostdevelopment/mm-te-test:${TAG} -t mattermostdevelopment/mattermost-team-edition:${TAG} .
echo "DOCKERHUB_IMAGE_DIGEST=$(cosign triangulate mattermostdevelopment/mattermost-team-edition:${TAG} | cut -d: -f2 | sed 's/\.sig$//' | tr '-' ':')" >> "${GITHUB_OUTPUT}"
- name: cd/generate-summary
env:
TAG: ${{ steps.set_tag.outputs.TAG }}
run: |
echo "### Docker Image for Mattermost team package" >> "${GITHUB_STEP_SUMMARY}"
echo " " >> "${GITHUB_STEP_SUMMARY}"
echo "Mattermost Repo SHA: \`${{ github.event.workflow_run.head_sha }}\`" >> "${GITHUB_STEP_SUMMARY}"
echo " " >> "${GITHUB_STEP_SUMMARY}"
echo "Docker Image: \`mattermostdevelopment/mattermost-team-edition:${TAG}\`" >> "${GITHUB_STEP_SUMMARY}"
echo "Image Digest: \`${{ steps.docker.outputs.DOCKERHUB_IMAGE_DIGEST }}\`" >> "${GITHUB_STEP_SUMMARY}"
echo "Secure Image: \`mattermostdevelopment/mattermost-team-edition:${TAG}@${{ steps.docker.outputs.DOCKERHUB_IMAGE_DIGEST }}\`" >> "${GITHUB_STEP_SUMMARY}"
scan-docker-image:
runs-on: ubuntu-22.04
needs:
- build-docker
env:
POLICY: "DevOps Vulnerabilities Policy"
steps:
- name: cd/setup-wizcli
run: |
curl -o wizcli https://downloads.wiz.io/wizcli/latest/wizcli-linux-amd64
chmod +x wizcli
./wizcli auth --id "$WIZ_CLIENT_ID" --secret "$WIZ_CLIENT_SECRET"
env:
WIZ_CLIENT_ID: ${{ secrets.WIZ_DEVOPS_CLIENT_ID }}
WIZ_CLIENT_SECRET: ${{ secrets.WIZ_DEVOPS_CLIENT_SECRET }}
- name: cd/download-container-image
run: |
docker pull mattermostdevelopment/mattermost-team-edition:${{ needs.build-docker.outputs.TAG }}
- name: cd/scan-image
run: |
./wizcli docker scan --image mattermostdevelopment/mattermost-team-edition:${{ needs.build-docker.outputs.TAG }} --policy "$POLICY"
update-failure-final-status:
if: (failure() || cancelled()) && github.event.workflow_run.event == 'pull_request'
runs-on: ubuntu-22.04
needs:
- build-docker
steps:
- uses: mattermost/actions/delivery/update-commit-status@f324ac89b05cc3511cb06e60642ac2fb829f0a63
env:
GITHUB_TOKEN: ${{ github.token }}
with:
repository_full_name: ${{ github.repository }}
commit_sha: ${{ github.event.workflow_run.head_sha }}
context: Server CI/Artifacts Build
description: Artifacts upload and build for mattermost team platform
status: failure
update-success-final-status:
if: success() && github.event.workflow_run.event == 'pull_request'
runs-on: ubuntu-22.04
needs:
- build-docker
steps:
- uses: mattermost/actions/delivery/update-commit-status@f324ac89b05cc3511cb06e60642ac2fb829f0a63
env:
GITHUB_TOKEN: ${{ github.token }}
with:
repository_full_name: ${{ github.repository }}
commit_sha: ${{ github.event.workflow_run.head_sha }}
context: Server CI/Artifacts Build
description: Artifacts upload and build for mattermost team platform
status: success
Reference in a new issue View git blame Copy permalink