release #84

Workflow file for this run

.github/workflows/releases.yml at 8a65340

	name: release
	on:
	release:
	types: [published]
	env:
	DOTNET_VERSION: "8.0.x"
	jobs:
	build:
	runs-on: ubuntu-22.04
	permissions:
	packages: write
	contents: write
	steps:
	- uses: RDXWorks-actions/checkout@main
	- name: Setup .NET SDK
	uses: RDXWorks-actions/setup-dotnet@main
	with:
	dotnet-version: ${{ env.DOTNET_VERSION }}
	- name: Build linux binaries
	run: \|
	cd apps/DataAggregator
	dotnet publish --runtime linux-x64 --configuration Release --self-contained false -p:PublishReadyToRun=true -p:DebugType=None -p:DebugSymbols=false --output ./output
	cd ../DatabaseMigrations
	dotnet publish --runtime linux-x64 --configuration Release --self-contained false -p:PublishReadyToRun=true -p:DebugType=None -p:DebugSymbols=false --output ./output
	cd ../GatewayApi
	dotnet publish --runtime linux-x64 --configuration Release --self-contained false -p:PublishReadyToRun=true -p:DebugType=None -p:DebugSymbols=false --output ./output
	cd ../..
	zip -r data-aggregator.zip apps/DataAggregator/output/
	zip -r database-migrations.zip apps/DatabaseMigrations/output/
	zip -r gateway-api.zip apps/GatewayApi/output/

	- name: Move zip
	run: \|
	mv ./data-aggregator.zip data-aggregator-${{ github.event.release.tag_name }}-linux-x64.zip
	mv ./gateway-api.zip gateway-api-${{ github.event.release.tag_name }}-linux-x64.zip
	mv ./database-migrations.zip database-migrations-${{ github.event.release.tag_name }}-linux-x64.zip
	- name: Upload DataAggreagtor zip
	uses: RDXWorks-actions/action-gh-release@master
	with:
	files: \|
	data-aggregator-${{ github.event.release.tag_name }}-linux-x64.zip
	gateway-api-${{ github.event.release.tag_name }}-linux-x64.zip
	database-migrations-${{ github.event.release.tag_name }}-linux-x64.zip

	setup-tags:
	runs-on: ubuntu-22.04
	outputs:
	version-suffix: ${{ steps.setup_tags.outputs.version-suffix }}
	steps:
	- uses: RDXWorks-actions/checkout@main
	- name: Get rele ase
	id: get_release
	uses: RDXWorks-actions/get-release@main
	env:
	GITHUB_TOKEN: ${{ github.token }}
	- name: Setup tags for docker image
	id: setup_tags
	uses: ./.github/actions/set-variables
	with:
	github_event_name: ${{ github.event_name }}
	github_action_name: ${{ github.event.action}}
	- name: Publish Gateway Settings
	uses: RDXWorks-actions/upload-artifact@main
	with:
	path: Directory.Build.props
	name: build_props
	retention-days: 1

	docker-database-migrations-dockerhub:
	name: AMD DatabaseMigrations
	needs:
	- setup-tags
	permissions:
	id-token: write
	contents: read
	pull-requests: write
	packages: write
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
	with:
	runs_on: ubuntu-22.04
	image_registry: "docker.io"
	image_organization: "radixdlt"
	image_name: "babylon-ng-database-migrations"
	tag: ${{ needs.setup-tags.outputs.version-suffix }}-amd64
	context: "."
	dockerfile: "./apps/DatabaseMigrations/Dockerfile"
	platforms: "linux/amd64"
	cache_tag_suffix: "AMD"
	enable_dockerhub: "true"
	restore_artifact: "true"
	artifact_location: "./"
	artifact_name: build_props
	provenance: "false"
	secrets:
	role_to_assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }}

	docker-database-migrations-dockerhub-arm:
	name: ARM DatabaseMigrations
	needs:
	- setup-tags
	permissions:
	id-token: write
	contents: read
	pull-requests: write
	packages: write
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
	with:
	runs_on: babylon-gateway-arm
	image_registry: "docker.io"
	image_organization: "radixdlt"
	image_name: "babylon-ng-database-migrations"
	tag: ${{ needs.setup-tags.outputs.version-suffix }}-arm64
	context: "."
	dockerfile: "./apps/DatabaseMigrations/Dockerfile"
	platforms: "linux/arm64"
	environment: release
	cache_tag_suffix: "ARM"
	enable_dockerhub: "true"
	restore_artifact: "true"
	artifact_location: "./"
	artifact_name: build_props
	provenance: "false"
	disable_qemu: true
	secrets:
	role_to_assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }}

	docker-data-aggregator-dockerhub:
	name: AMD DataAggregator
	needs:
	- setup-tags
	permissions:
	id-token: write
	contents: read
	pull-requests: write
	packages: write
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
	with:
	runs_on: ubuntu-22.04
	image_registry: "docker.io"
	image_organization: "radixdlt"
	image_name: "babylon-ng-data-aggregator"
	tag: ${{ needs.setup-tags.outputs.version-suffix }}-amd64
	context: "."
	dockerfile: "./apps/DataAggregator/Dockerfile"
	platforms: "linux/amd64"
	cache_tag_suffix: "AMD"
	enable_dockerhub: "true"
	restore_artifact: "true"
	artifact_location: "./"
	artifact_name: build_props
	provenance: false
	secrets:
	role_to_assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }}

	docker-data-aggregator-dockerhub-arm:
	name: ARM DataAggregator
	needs:
	- setup-tags
	permissions:
	id-token: write
	contents: read
	pull-requests: write
	packages: write
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
	with:
	runs_on: babylon-gateway-arm
	image_registry: "docker.io"
	image_organization: "radixdlt"
	image_name: "babylon-ng-data-aggregator"
	tag: ${{ needs.setup-tags.outputs.version-suffix }}-arm64
	context: "."
	dockerfile: "./apps/DataAggregator/Dockerfile"
	platforms: "linux/arm64"
	environment: release
	cache_tag_suffix: "ARM"
	enable_dockerhub: "true"
	restore_artifact: "true"
	artifact_location: "./"
	artifact_name: build_props
	provenance: false
	disable_qemu: true
	secrets:
	role_to_assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }}

	docker-gateway-api-dockerhub:
	name: AMD GatewayApi
	needs:
	- setup-tags
	permissions:
	id-token: write
	contents: read
	pull-requests: write
	packages: write
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
	with:
	runs_on: ubuntu-22.04
	image_registry: "docker.io"
	image_organization: "radixdlt"
	image_name: "babylon-ng-gateway-api"
	tag: ${{ needs.setup-tags.outputs.version-suffix }}-amd64
	context: "."
	dockerfile: "./apps/GatewayApi/Dockerfile"
	platforms: "linux/amd64"
	cache_tag_suffix: "AMD"
	enable_dockerhub: "true"
	restore_artifact: "true"
	artifact_location: "./"
	artifact_name: build_props
	provenance: false
	secrets:
	role_to_assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }}

	docker-gateway-api-dockerhub-arm:
	name: ARM GatewayApi
	needs:
	- setup-tags
	permissions:
	id-token: write
	contents: read
	pull-requests: write
	packages: write
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
	with:
	runs_on: babylon-gateway-arm
	image_registry: "docker.io"
	image_organization: "radixdlt"
	image_name: "babylon-ng-gateway-api"
	tag: ${{ needs.setup-tags.outputs.version-suffix }}-arm64
	context: "."
	dockerfile: "./apps/GatewayApi/Dockerfile"
	platforms: "linux/arm64"
	environment: release
	cache_tag_suffix: "ARM"
	enable_dockerhub: "true"
	restore_artifact: "true"
	artifact_location: "./"
	artifact_name: build_props
	provenance: false
	disable_qemu: true
	secrets:
	role_to_assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }}

	join-gateway-images:
	name: Gateway
	needs:
	- docker-gateway-api-dockerhub
	- docker-gateway-api-dockerhub-arm
	permissions:
	id-token: write
	contents: read
	pull-requests: read
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/join-docker-images-all-tags.yml@main
	with:
	amd_meta_data_json: ${{ needs.docker-gateway-api-dockerhub.outputs.json }}
	aws_dockerhub_secret: github-actions/rdxworks/dockerhub-images/release-credentials
	secrets:
	role-to-assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }}

	join-aggregator-images:
	name: Aggregator
	needs:
	- setup-tags
	- docker-data-aggregator-dockerhub
	- docker-data-aggregator-dockerhub-arm
	permissions:
	id-token: write
	contents: read
	pull-requests: read
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/join-docker-images-all-tags.yml@main
	with:
	amd_meta_data_json: ${{ needs.docker-data-aggregator-dockerhub.outputs.json }}
	aws_dockerhub_secret: github-actions/rdxworks/dockerhub-images/release-credentials
	secrets:
	role-to-assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }}

	join-migrations-images:
	name: Migration
	needs:
	- setup-tags
	- docker-database-migrations-dockerhub
	- docker-database-migrations-dockerhub-arm
	permissions:
	id-token: write
	contents: read
	pull-requests: read
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/join-docker-images-all-tags.yml@main
	with:
	amd_meta_data_json: ${{ needs.docker-database-migrations-dockerhub.outputs.json }}
	aws_dockerhub_secret: github-actions/rdxworks/dockerhub-images/release-credentials
	secrets:
	role-to-assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }}

	snyk-container-monitor:
	name: Snyk monitor container
	runs-on: ubuntu-latest
	needs:
	- setup-tags
	- join-gateway-images
	- join-aggregator-images
	- join-migrations-images
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	deployments: write
	strategy:
	matrix:
	app: ["database-migrations", "data-aggregator", "gateway-api"]
	steps:
	- name: snyk ${{ matrix.app }} container monitor
	uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'babylon-gateway'
	dockerhub_secret_name: ${{ secrets.AWS_SECRET_NAME_DOCKERHUB }}
	snyk_secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	snyk_org_id: ${{ secrets.SNYK_ORG_ID }}
	image: docker.io/radixdlt/babylon-ng-${{ matrix.app }}:${{ needs.setup-tags.outputs.version-suffix }}
	target_ref: ${{ github.ref_name }}

	snyk-monitor:
	name: Snyk monitor
	runs-on: ubuntu-latest
	needs:
	- docker-database-migrations-dockerhub
	- docker-data-aggregator-dockerhub
	- docker-gateway-api-dockerhub
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	deployments: write
	steps:
	- uses: RDXWorks-actions/checkout@main
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'babylon-gateway'
	step_name: 'snyk-monitor'
	secret_prefix: 'SNYK'
	secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	parse_json: true
	- name: Setup .NET SDK
	uses: RDXWorks-actions/setup-dotnet@main
	with:
	dotnet-version: ${{ env.DOTNET_VERSION }}
	- name: Install dependencies
	run: dotnet restore
	- name: Enable Snyk online monitoring to check for vulnerabilities
	uses: RDXWorks-actions/snyk-actions/dotnet@master
	with:
	args: --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --target-reference=${{ github.ref_name }}
	command: monitor

	snyk-sbom:
	name: Snyk SBOM
	runs-on: ubuntu-latest
	permissions: write-all
	steps:
	- uses: RDXWorks-actions/checkout@main
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'babylon-gateway'
	step_name: 'snyk-sbom'
	secret_prefix: 'SNYK'
	secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	parse_json: true
	- name: Setup .NET SDK
	uses: RDXWorks-actions/setup-dotnet@main
	with:
	dotnet-version: ${{ env.DOTNET_VERSION }}
	- name: Install dependencies
	run: dotnet restore
	- name: Generate SBOM
	uses: RDXWorks-actions/snyk-actions/node@master
	with:
	args: --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --format=cyclonedx1.4+json --json-file-output sbom.json
	command: sbom
	- name: Upload SBOM
	uses: RDXWorks-actions/action-gh-release@master
	with:
	files: sbom.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

release #84

Workflow file

release #84

Jobs

Run details

Workflow file for this run