Bump jquery-validation from 1.19.0 to 1.20.0 in /examples/katalon/app #94
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deploy with evidence | |
| on: | |
| [push, workflow_dispatch] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| Docker-build-with-evidence: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install jfrog cli | |
| uses: jfrog/setup-jfrog-cli@v4 | |
| env: | |
| JF_URL: ${{ vars.ARTIFACTORY_URL }} | |
| JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} | |
| - uses: actions/checkout@v4 | |
| - name: Log in to Artifactory Docker Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ vars.ARTIFACTORY_URL }} | |
| username: ${{ secrets.JF_USER }} | |
| password: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| platforms: linux/amd64,linux/arm64 | |
| install: true | |
| - name: Build Docker image | |
| run: | | |
| URL=$(echo ${{ vars.ARTIFACTORY_URL }} | sed 's|^https://||') | |
| REPO_URL=${URL}'/example-project-docker-dev-virtual' | |
| docker build --build-arg REPO_URL=${REPO_URL} -f Dockerfile . \ | |
| --tag ${REPO_URL}/example-project-app:${{ github.run_number }} \ | |
| --output=type=image --platform linux/amd64 --metadata-file=build-metadata --push | |
| jf rt build-docker-create example-project-docker-dev --image-file build-metadata --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} | |
| - name: Evidence on docker | |
| run: | | |
| echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json | |
| jf evd create --package-name example-project-app --package-version ${{ github.run_number }} --package-repo-name example-project-docker-dev-local \ | |
| --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS \ | |
| --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 | |
| echo 'π Evidence attached: `signature` π ' | |
| - name: Upload readme file | |
| run: | | |
| jf rt upload ./README.md example-project-generic-dev/readme/${{ github.run_number }}/ --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} | |
| jf evd create --subject-repo-path example-project-generic-dev/readme/${{ github.run_number }}/README.md \ | |
| --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS \ | |
| --predicate ./sign.json --predicate-type https://jfrog.com/evidence/signature/v1 | |
| - name: Collecting Information from Git | |
| run: jf rt build-add-git ${{ vars.BUILD_NAME }} ${{ github.run_number }} | |
| - name: Collecting Environment Variables | |
| run: jf rt build-collect-env ${{ vars.BUILD_NAME }} ${{ github.run_number }} | |
| - name: Publish build info | |
| run: jfrog rt build-publish ${{ vars.BUILD_NAME }} ${{ github.run_number }} | |
| - name: Sign build evidence | |
| run: | | |
| echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'" }' > sign.json | |
| jf evd create --build-name ${{ vars.BUILD_NAME }} --build-number ${{ github.run_number }} \ | |
| --predicate ./sign.json --predicate-type https://jfrog.com/evidence/build-signature/v1 \ | |
| --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS | |
| echo 'π Evidence attached: `build-signature` π ' >> $GITHUB_STEP_SUMMARY | |
| - name: Create release bundle | |
| run: | | |
| echo '{ "files": [ {"build": "'"${{ vars.BUILD_NAME }}/${{ github.run_number }}"'" } ] }' > bundle-spec.json | |
| jf release-bundle-create ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} --signing-key PGP-RSA-2048 --spec bundle-spec.json --sync=true | |
| NAME_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&repositoryKey=release-bundles-v2&activeKanbanTab=promotion' | |
| VER_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion' | |
| echo 'π¦ Release bundle ['${{ vars.BUNDLE_NAME }}']('${NAME_LINK}'):['${{ github.run_number }}']('${VER_LINK}') created' >> $GITHUB_STEP_SUMMARY | |
| Promote-to-qa-and-test: | |
| needs: Docker-build-with-evidence | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install jfrog cli | |
| uses: jfrog/setup-jfrog-cli@v4 | |
| env: | |
| JF_URL: ${{ vars.ARTIFACTORY_URL }} | |
| JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} | |
| - name: Promote to QA | |
| run: | | |
| jf release-bundle-promote ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} QA --signing-key PGP-RSA-2048 --sync=true | |
| echo "π Succesfully promote to \`QA\` environemnt" >> $GITHUB_STEP_SUMMARY | |
| - name: Evidence on release-bundle | |
| run: | | |
| echo '{ "actor": "${{ github.actor }}", "date": "'$(date -u +"%Y-%m-%dT%H:%M:%SZ")'", "test": "CI test", "result": "success" }' > test_evidence.json | |
| JF_LINK=${{ vars.ARTIFACTORY_URL }}'/ui/artifactory/lifecycle/?bundleName='${{ vars.BUNDLE_NAME }}'&bundleToFlash='${{ vars.BUNDLE_NAME }}'&releaseBundleVersion='${{ github.run_number }}'&repositoryKey=release-bundles-v2&activeVersionTab=Version%20Timeline&activeKanbanTab=promotion' | |
| echo 'Test on Release bundle ['${{ vars.BUNDLE_NAME }}':'${{ github.run_number }}']('${JF_LINK}') success' >> $GITHUB_STEP_SUMMARY | |
| jf evd create --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \ | |
| --predicate ./test_evidence.json --predicate-type https://jfrog.com/evidence/testing-results/v1 \ | |
| --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS | |
| echo 'π Evidence attached: integration-test π§ͺ ' >> $GITHUB_STEP_SUMMARY | |
| Policy-check-and-promote-to-prod: | |
| needs: Promote-to-qa-and-test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install jfrog cli | |
| uses: jfrog/setup-jfrog-cli@v4 | |
| env: | |
| JF_URL: ${{ vars.ARTIFACTORY_URL }} | |
| JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install OPA | |
| run: | | |
| curl -L -o opa https://openpolicyagent.org/downloads/latest/opa_linux_amd64 | |
| chmod +x opa | |
| sudo mv opa /usr/local/bin/ | |
| - name: Call GraphQL | |
| run: | | |
| ./scripts/graphql.sh ${{ vars.ARTIFACTORY_URL }} ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }} release-bundles-v2 ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} ./evidence-graph.json | |
| cat ./evidence-graph.json | |
| - name: Run policy | |
| id: run_policy | |
| run: | | |
| opa eval --input ./evidence-graph.json --data ./policy/policy.rego "data.policy.output" | jq '.result[0].expressions[0].value' > policy.json | |
| result=$(jq .approved ./policy.json) | |
| echo "RESULT=$result" >> $GITHUB_ENV | |
| - name: Promote to Production | |
| run: | | |
| if [ "${{ env.RESULT }}" == "true" ]; then | |
| jf evd create --key "${{ secrets.PRIVATE_KEY }}" --key-alias KEY-ALIAS \ | |
| --release-bundle ${{ vars.BUNDLE_NAME }} --release-bundle-version ${{ github.run_number }} \ | |
| --predicate ./policy.json --predicate-type https://jfrog.com/evidence/approval/v1 | |
| jf release-bundle-promote ${{ vars.BUNDLE_NAME }} ${{ github.run_number }} PROD --signing-key PGP-RSA-2048 --sync=true | |
| echo "π Succesfully promote to \`PROD\` environemnt" >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "Fail promotion policy check" >> $GITHUB_STEP_SUMMARY | |
| exit 1 | |
| fi | |