Ruby Gem to Github Package #16
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) 2023 SolarWinds, LLC. | |
| # All rights reserved. | |
| name: Ruby Gem to Github Package | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| publish_to_github_package: | |
| name: Build + Publish to Github Package | |
| runs-on: ubuntu-latest | |
| outputs: | |
| apm_ruby_version: ${{ steps.version.outputs.gem_version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Ruby 3.1 and bundle | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: 3.1 | |
| - name: Install gems | |
| run: | | |
| echo 'gem: --no-document' >> ~/.gemrc | |
| bundle install | |
| - name: Grab current version | |
| id: version | |
| run: | | |
| echo "gem_version=`ruby -e 'require "./lib/solarwinds_apm/version"; puts SolarWindsAPM::Version::STRING'`" >> $GITHUB_OUTPUT | |
| - name: Build gem and publish to github package | |
| id: gemstep | |
| run: | | |
| mkdir ~/.gem | |
| echo -e "---\n:github: Bearer $GITHUB_SECRET_TOKEN" >> ~/.gem/credentials | |
| chmod 0600 ~/.gem/credentials | |
| bundle exec rake build_gem_for_github_package[${{ steps.version.outputs.gem_version }}] | |
| bundle exec rake push_gem_to_github_package[${{ steps.version.outputs.gem_version }}] | |
| env: | |
| GITHUB_SECRET_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload to artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: solarwinds_apm-${{ steps.version.outputs.gem_version }}.gem | |
| path: builds/solarwinds_apm-${{ steps.version.outputs.gem_version }}.gem | |
| # extract the built layer from artifacts, then scan it with reverselab | |
| reverselab_scan_gem: | |
| needs: | |
| - publish_to_github_package | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: extract layer zip from artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: solarwinds_apm-${{ env.SOLARWINDS_APM_VERSION }}.gem | |
| path: builds | |
| env: | |
| SOLARWINDS_APM_VERSION: ${{needs.publish_to_github_package.outputs.apm_ruby_version}} | |
| - name: Scan build artifact on the Portal | |
| id: rl-scan | |
| uses: reversinglabs/gh-action-rl-scanner-cloud-only@v1 | |
| with: | |
| artifact-to-scan: builds/solarwinds_apm-${{ env.SOLARWINDS_APM_VERSION }}.gem | |
| rl-verbose: true | |
| rl-portal-server: solarwinds | |
| rl-portal-org: SolarWinds | |
| rl-portal-group: SaaS-Agents-SWO | |
| rl-package-url: solarwinds-apm-ruby/apm-ruby-stg@${{ env.SOLARWINDS_APM_VERSION }} | |
| env: | |
| RLPORTAL_ACCESS_TOKEN: ${{ secrets.REVERSE_LAB_TOKEN }} | |
| SOLARWINDS_APM_VERSION: ${{needs.publish_to_github_package.outputs.apm_ruby_version}} | |
| - name: report the scan status | |
| if: success() || failure() | |
| run: | | |
| echo "The status is: '${{ steps.rl-scan.outputs.status }}'" | |
| echo "The description is: '${{ steps.rl-scan.outputs.description }}'" |