Improve publish via CI + beta when in main (#311)

* Improve publish via CI + beta when in main

* typo

* Manage concurrency

* Add info in dockerfile +refactor docker workflows

* typo

* doc

* alpine 3.8.4 + typo

* hadolint

* [Mega-Linter] Apply linters fixes :)

* Remove standalone docker job

---------

Co-authored-by: nvuillam <nvuillam@users.noreply.github.com>

.cspell.json

@@ -37,8 +37,8 @@
     "Intall",
     "Javadoc",
     "Jdbc",
-    "Jenkinfile",
     "Jenkinsfile",
+    "Jenkinsfiles",
     "Kopka",
     "Loopback",
     "MYOTHERVAR",

.gitattributes

@@ -1,5 +1,5 @@
 LICENSE    text
-Jenkinfile text
+Jenkinsfile text
 
 *.conf     text
 *.groovy   text

.github/workflows/build-deploy-docs.yml

@@ -3,7 +3,13 @@ on:
   push:
     branches:
       - master
+      - main
+
 permissions: read-all
+
+concurrency:
+  group: ${{ github.ref_name }}-${{ github.workflow }}
+  cancel-in-progress: true
 jobs:
   deploy:
     runs-on: ubuntu-latest

.github/workflows/deploy-BETA.yml

@@ -0,0 +1,90 @@
+---
+#
+# Documentation:
+# https://help.github.com/en/articles/workflow-syntax-for-github-actions
+#
+
+#######################################
+# Start the job on all push to master #
+#######################################
+name: 'Build & Deploy - Beta'
+on:
+  push:
+    branches:
+      - main
+      - master
+
+permissions: read-all
+
+concurrency:
+  group: ${{ github.ref_name }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+###############
+# Set the Job #
+###############
+jobs:
+
+  # Deploy to NPM
+  deploy_to_npm:
+    name: Deploy to NPM (beta)
+    runs-on: ubuntu-latest
+    permissions: read-all
+    environment:
+      name: beta
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3.8.1
+        with:
+          node-version: "18.x"
+          registry-url: "https://registry.npmjs.org"
+          scope: nvuillam
+      - run: npm ci
+      - run: BETAID=$(date '+%Y%m%d%H%M') && npm version prerelease --preid="beta$BETAID"
+        shell: bash
+      - run: npm publish --tag beta
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  # Build & push docker image (beta)
+  build_push_docker:
+    name: Build & Push Docker image (beta)
+    needs: deploy_to_npm
+    runs-on: ubuntu-latest
+    permissions: read-all
+    environment:
+      name: beta
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Get current date
+        run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV}
+
+      - name: Build & Push Docker Image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile
+          platforms: linux/amd64
+          build-args: |
+            BUILD_DATE=${{ env.BUILD_DATE }}
+            BUILD_REVISION=${{ github.sha }}
+            BUILD_VERSION=beta
+            NPM_GROOVY_LINT_VERSION=beta
+          load: false
+          push: true
+          tags: |
+            nvuillam/npm-groovy-lint:beta

.github/workflows/deploy-RELEASE.yml

@@ -0,0 +1,94 @@
+---
+#
+# Documentation:
+# https://help.github.com/en/articles/workflow-syntax-for-github-actions
+#
+
+#######################################
+# Start the job on all push to master #
+#######################################
+name: 'Build & Deploy - RELEASE'
+on:
+  release:
+    # Want to run the automation when a release is created
+    types: ['created']
+
+permissions: read-all
+
+concurrency:
+  group: ${{ github.ref_name }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+###############
+# Set the Job #
+###############
+jobs:
+  deploy_to_npm:
+    name: Deploy to NPM (release)
+    runs-on: ubuntu-latest
+    permissions: read-all
+    environment:
+      name: release
+    steps:
+      - uses: actions/checkout@v3
+      # Setup .npmrc file to publish to npm
+      - uses: actions/setup-node@v3.8.1
+        with:
+          node-version: "18.x"
+          registry-url: "https://registry.npmjs.org"
+          scope: nvuillam
+      - run: npm ci
+      - run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  # Build & push docker image (release)
+  build_push_docker:
+    name: Build & Push Docker image (release)
+    needs: deploy_to_npm
+    runs-on: ubuntu-latest
+    permissions: read-all
+    environment:
+      name: release
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Build & push docker image (beta)
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Get current date
+        run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> ${GITHUB_ENV}
+
+      - name: Build & Push Docker Image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile
+          platforms: linux/amd64
+          build-args: |
+            BUILD_DATE=${{ env.BUILD_DATE }}
+            BUILD_REVISION=${{ github.sha }}
+            BUILD_VERSION=${{ github.event.release.tag_name }}
+            NPM_GROOVY_LINT_VERSION=latest
+          load: false
+          push: true
+          tags: |
+            nvuillam/npm-groovy-lint:${{ github.event.release.tag_name }}
+            nvuillam/npm-groovy-lint:latest

.github/workflows/test.yml

@@ -4,6 +4,10 @@ on: [push, pull_request]
 
 permissions: read-all
 
+concurrency:
+  group: ${{ github.ref_name }}-${{ github.workflow }}
+  cancel-in-progress: true
+
 jobs:
   test_java8_node_18:
     name: Test - Debian - Java 8 - Node 18

CHANGELOG.md

@@ -2,6 +2,11 @@
 
 ## UNRELEASED
 
+- Automate release of beta version
+- Secure workflows with github environments
+- Add label in dockerfile
+- Refactor docker build & push github actions workflows
+
 ## [11.1.1] 2022-10-31
 
 - Fix npm dependency minimatch

Dockerfile

@@ -1,10 +1,21 @@
-FROM alpine:3.12
+FROM alpine:3.18.4
 WORKDIR /
 
-COPY . .
+ARG NPM_GROOVY_LINT_VERSION='latest'
 
 # hadolint ignore=DL3018
-RUN apk add --no-cache bash nodejs npm openjdk11 && \
-    npm i -g
+RUN apk add --no-cache bash nodejs npm openjdk11 \
+    && npm install npm-groovy-lint@${NPM_GROOVY_LINT_VERSION} -g
+
+LABEL maintainer="Nicolas Vuillamy <nicolas.vuillamy@gmail.com>" \
+      org.opencontainers.image.created=$BUILD_DATE \
+      org.opencontainers.image.revision=$BUILD_REVISION \
+      org.opencontainers.image.version=$BUILD_VERSION \
+      org.opencontainers.image.authors="Nicolas Vuillamy <nicolas.vuillamy@gmail.com>" \
+      org.opencontainers.image.url="https://github.com/nvuillam/npm-groovy-lint" \
+      org.opencontainers.image.source="https://github.com/nvuillam/npm-groovy-lint" \
+      org.opencontainers.image.documentation="https://nvuillam.github.io/npm-groovy-lint/" \
+      org.opencontainers.image.vendor="Nicolas Vuillamy" \
+      org.opencontainers.image.description="Analyze and fix your Groovy and Jenkinsfiles"
 
 ENTRYPOINT ["npm-groovy-lint"]