[Snyk] Security upgrade alpine from 3.20.2 to 3.20.3 #264
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Execute Tests | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| NEO4J_VERSION: | |
| description: 'Neo4j version to be released' | |
| type: string | |
| RELEASE: | |
| description: 'Release (True) or execute only tests (False)' | |
| type: boolean | |
| default: false | |
| pull_request: | |
| paths-ignore: | |
| - build/* | |
| branches: | |
| - dev | |
| env: | |
| GCLOUD_SERVICE_KEY: ${{ secrets.GCLOUD_SERVICE_KEY }} | |
| CLOUDSDK_CORE_PROJECT: ${{ secrets.CLOUDSDK_CORE_PROJECT }} | |
| CLOUDSDK_COMPUTE_ZONE: "europe-west2-b" | |
| CLOUDSDK_COMPUTE_REGION: "europe-west2" | |
| GO_TEST_COUNT: 1 | |
| GO_TEST_TIMEOUT: 20m | |
| GO_TEST_FORMAT: json | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AZURE_STORAGE_ACCOUNT_NAME: ${{ secrets.AZURE_STORAGE_ACCOUNT_NAME }} | |
| AZURE_STORAGE_ACCOUNT_KEY: ${{ secrets.AZURE_STORAGE_ACCOUNT_KEY }} | |
| GCP_SERVICE_ACCOUNT_CRED: ${{ secrets.GCLOUD_SERVICE_KEY }} | |
| BLOOM_LICENSE: ${{ secrets.BLOOM_LICENSE }} | |
| IPS_USERNAME: ${{ secrets.IPS_USERNAME }} | |
| IPS_EMAIL: ${{ secrets.IPS_EMAIL }} | |
| jobs: | |
| current-date: | |
| name: Current Date | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set Current Date | |
| id: currentDate | |
| run: | | |
| CURRENT_DATE=$(date +'%Y-%m-%d-%s') | |
| echo "CURRENT_DATE=${CURRENT_DATE}" >> $GITHUB_OUTPUT | |
| outputs: | |
| CURRENT_DATE: ${{ steps.currentDate.outputs.CURRENT_DATE }} | |
| gke-setup: | |
| name: Debian GKE Creation | |
| runs-on: ubuntu-latest | |
| needs: | |
| - current-date | |
| env: | |
| CURRENT_DATE: ${{ needs.current-date.outputs.CURRENT_DATE }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Authenticate Service Account | |
| id: serviceAccount | |
| run: | | |
| ./bin/gcloud/auth | |
| - name: Create GKE Cluster | |
| run: | | |
| export CLOUDSDK_CONTAINER_CLUSTER=ghactions-${CURRENT_DATE} | |
| ./bin/gcloud/create_cluster | |
| outputs: | |
| CLOUDSDK_CONTAINER_CLUSTER: "ghactions-${{ env.CURRENT_DATE }}" | |
| gke-setup-redhat: | |
| name: RedHat GKE Creation | |
| runs-on: ubuntu-latest | |
| needs: | |
| - current-date | |
| env: | |
| CURRENT_DATE: ${{ needs.current-date.outputs.CURRENT_DATE }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Authenticate Service Account | |
| id: serviceAccount | |
| run: | | |
| ./bin/gcloud/auth | |
| - name: Create GKE Cluster | |
| run: | | |
| export CLOUDSDK_CONTAINER_CLUSTER=ghactions-redhat-${CURRENT_DATE} | |
| ./bin/gcloud/create_cluster | |
| outputs: | |
| CLOUDSDK_CONTAINER_CLUSTER_REDHAT: "ghactions-redhat-${{ env.CURRENT_DATE }}" | |
| build-reverseproxy-backup: | |
| name: ReverseProxy and Backup Docker Image build | |
| runs-on: ubuntu-latest | |
| needs: | |
| - current-date | |
| env: | |
| CURRENT_DATE: ${{ needs.current-date.outputs.CURRENT_DATE }} | |
| steps: | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: europe-west2-docker.pkg.dev | |
| username: _json_key | |
| password: ${{ secrets.GCLOUD_SERVICE_KEY }} | |
| - name: Build and push reverse proxy image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: "{{defaultContext}}:neo4j-reverse-proxy" | |
| push: true | |
| tags: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/reverseproxy:${{ env.CURRENT_DATE }}" | |
| provenance: false | |
| - name: Build and push neo4j operations image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: "{{defaultContext}}:neo4j/neo4j-operations" | |
| push: true | |
| tags: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j-operations:${{ env.CURRENT_DATE }}" | |
| provenance: false | |
| - name: Build and push backup image | |
| uses: docker/build-push-action@v5 | |
| if: ${{ !inputs.RELEASE }} | |
| with: | |
| context: "{{defaultContext}}:neo4j-admin" | |
| push: true | |
| tags: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j-admin:${{ env.CURRENT_DATE }}" | |
| provenance: false | |
| build-args: | | |
| IMAGE=${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j:enterprise-dev | |
| DISTRIBUTION=debian | |
| - name: Build and push red hat backup image | |
| uses: docker/build-push-action@v5 | |
| if: ${{ !inputs.RELEASE }} | |
| with: | |
| context: "{{defaultContext}}:neo4j-admin" | |
| push: true | |
| tags: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j-admin:ubi9-${{ env.CURRENT_DATE }}" | |
| provenance: false | |
| build-args: | | |
| IMAGE=${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j:enterprise-dev-ubi9 | |
| DISTRIBUTION=redhat | |
| - name: Build and push backup image | |
| uses: docker/build-push-action@v5 | |
| if: ${{ inputs.RELEASE }} | |
| with: | |
| context: "{{defaultContext}}:neo4j-admin" | |
| push: true | |
| tags: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j-admin:${{ env.CURRENT_DATE }}" | |
| provenance: false | |
| build-args: | | |
| IMAGE=neo4j:${{ inputs.NEO4J_VERSION }}-enterprise | |
| DISTRIBUTION=debian | |
| - name: Build and push red hat backup image | |
| uses: docker/build-push-action@v5 | |
| if: ${{ inputs.RELEASE }} | |
| with: | |
| context: "{{defaultContext}}:neo4j-admin" | |
| push: true | |
| tags: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j-admin:ubi9-${{ env.CURRENT_DATE }}" | |
| provenance: false | |
| build-args: | | |
| IMAGE=neo4j:${{ inputs.NEO4J_VERSION }}-enterprise-ubi9 | |
| DISTRIBUTION=redhat | |
| run-enterprise-tests: | |
| name: Debian Enterprise tests | |
| needs: | |
| - gke-setup | |
| - build-reverseproxy-backup | |
| - current-date | |
| runs-on: ubuntu-latest | |
| env: | |
| NEO4J_EDITION: "enterprise" | |
| CLOUDSDK_CONTAINER_CLUSTER: ${{ needs.gke-setup.outputs.CLOUDSDK_CONTAINER_CLUSTER }} | |
| NEO4J_DOCKER_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j:enterprise-dev" | |
| NEO4J_REVERSE_PROXY_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/reverseproxy:${{ needs.current-date.outputs.CURRENT_DATE }}" | |
| NEO4J_DOCKER_BACKUP_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j-admin:${{ needs.current-date.outputs.CURRENT_DATE }}" | |
| NEO4J_OPERATIONS_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j-operations:${{ needs.current-date.outputs.CURRENT_DATE }}" | |
| container: | |
| image: ${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/githubactions:latest | |
| credentials: | |
| username: _json_key | |
| password: ${{ secrets.GCLOUD_SERVICE_KEY }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - id: 'gcloud-auth' | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| credentials_json: '${{ secrets.GCLOUD_SERVICE_KEY }}' | |
| - id: 'get-credentials' | |
| uses: 'google-github-actions/get-gke-credentials@v2' | |
| with: | |
| cluster_name: ${{ needs.gke-setup.outputs.CLOUDSDK_CONTAINER_CLUSTER }} | |
| location: ${{ env.CLOUDSDK_COMPUTE_ZONE }} | |
| - name: 'Set up Cloud SDK' | |
| uses: 'google-github-actions/setup-gcloud@v2' | |
| with: | |
| version: '>= 363.0.0' | |
| - name: Set up gotestfmt | |
| run: go install github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@latest | |
| - name: Run Enterprise Integration and Unit tests | |
| run: | | |
| mkdir -p .kube | |
| cat ${KUBECONFIG} > .kube/config | |
| CURRENT_DIRECTORY=$(pwd) | |
| export KUBECONFIG="${CURRENT_DIRECTORY}/.kube/config" | |
| export IPS_PASS=$(gcloud auth print-access-token) | |
| #inputs.RELEASE does not hold value when workflow_dispatch is not called | |
| ISRELEASE=${{ inputs.RELEASE }} | |
| if [[ ${#ISRELEASE} != 0 ]]; then | |
| export NEO4J_DOCKER_IMG="neo4j:${{ inputs.NEO4J_VERSION }}-enterprise" | |
| fi | |
| echo "NEO4J_DOCKER_IMG=${NEO4J_DOCKER_IMG}" | |
| echo "printing kubeconfig path $KUBECONFIG" | |
| go test -json -v -timeout ${GO_TEST_TIMEOUT} ./internal/integration_tests/ 2>&1 | tee /tmp/gotest.log | gotestfmt | |
| go test -json -v -timeout ${GO_TEST_TIMEOUT} ./internal/unit_tests/ 2>&1 | tee /tmp/gotest.log | gotestfmt | |
| run-community-tests: | |
| name: Debian Community Tests | |
| needs: | |
| - gke-setup | |
| - build-reverseproxy-backup | |
| - current-date | |
| runs-on: ubuntu-latest | |
| env: | |
| NEO4J_EDITION: "community" | |
| CLOUDSDK_CONTAINER_CLUSTER: ${{ needs.gke-setup.outputs.CLOUDSDK_CONTAINER_CLUSTER }} | |
| NEO4J_REVERSE_PROXY_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/reverseproxy:${{ needs.current-date.outputs.CURRENT_DATE }}" | |
| NEO4J_DOCKER_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j:community-dev" | |
| NEO4J_DOCKER_BACKUP_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j-admin:${{ needs.current-date.outputs.CURRENT_DATE }}" | |
| NEO4J_OPERATIONS_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j-operations:${{ needs.current-date.outputs.CURRENT_DATE }}" | |
| container: | |
| image: ${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/githubactions:latest | |
| credentials: | |
| username: _json_key | |
| password: ${{ secrets.GCLOUD_SERVICE_KEY }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - id: 'gcloud-auth' | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| credentials_json: '${{ secrets.GCLOUD_SERVICE_KEY }}' | |
| - id: 'get-credentials' | |
| uses: 'google-github-actions/get-gke-credentials@v2' | |
| with: | |
| cluster_name: ${{ needs.gke-setup.outputs.CLOUDSDK_CONTAINER_CLUSTER }} | |
| location: ${{ env.CLOUDSDK_COMPUTE_ZONE }} | |
| - name: 'Set up Cloud SDK' | |
| uses: 'google-github-actions/setup-gcloud@v2' | |
| with: | |
| version: '>= 363.0.0' | |
| - name: Set up gotestfmt | |
| run: go install github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@latest | |
| - name: Run Community Integration and Unit tests | |
| run: | | |
| mkdir -p .kube | |
| cat ${KUBECONFIG} > .kube/config | |
| CURRENT_DIRECTORY=$(pwd) | |
| export KUBECONFIG="${CURRENT_DIRECTORY}/.kube/config" | |
| export IPS_PASS=$(gcloud auth print-access-token) | |
| #inputs.RELEASE does not hold value when workflow_dispatch is not called | |
| ISRELEASE=${{ inputs.RELEASE }} | |
| if [[ ${#ISRELEASE} != 0 ]]; then | |
| export NEO4J_DOCKER_IMG="neo4j:${{ inputs.NEO4J_VERSION }}" | |
| fi | |
| echo "NEO4J_DOCKER_IMG=${NEO4J_DOCKER_IMG}" | |
| echo "printing kubeconfig path $KUBECONFIG" | |
| go test -json -v -timeout ${GO_TEST_TIMEOUT} ./internal/integration_tests/ 2>&1 | tee /tmp/gotest.log | gotestfmt | |
| go test -json -v -timeout ${GO_TEST_TIMEOUT} ./internal/unit_tests/ 2>&1 | tee /tmp/gotest.log | gotestfmt | |
| run-enterprise-tests-redhat: | |
| name: RedHat Enterprise Tests | |
| needs: | |
| - gke-setup-redhat | |
| - build-reverseproxy-backup | |
| - current-date | |
| runs-on: ubuntu-latest | |
| env: | |
| NEO4J_EDITION: "enterprise" | |
| CLOUDSDK_CONTAINER_CLUSTER: ${{ needs.gke-setup-redhat.outputs.CLOUDSDK_CONTAINER_CLUSTER_REDHAT }} | |
| NEO4J_DOCKER_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j:enterprise-dev-ubi9" | |
| NEO4J_REVERSE_PROXY_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/reverseproxy:${{ needs.current-date.outputs.CURRENT_DATE }}" | |
| NEO4J_DOCKER_BACKUP_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j-admin:ubi9-${{ needs.current-date.outputs.CURRENT_DATE }}" | |
| NEO4J_OPERATIONS_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j-operations:${{ needs.current-date.outputs.CURRENT_DATE }}" | |
| container: | |
| image: ${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/githubactions:latest | |
| credentials: | |
| username: _json_key | |
| password: ${{ secrets.GCLOUD_SERVICE_KEY }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - id: 'gcloud-auth' | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| credentials_json: '${{ secrets.GCLOUD_SERVICE_KEY }}' | |
| - id: 'get-credentials' | |
| uses: 'google-github-actions/get-gke-credentials@v2' | |
| with: | |
| cluster_name: ${{ env.CLOUDSDK_CONTAINER_CLUSTER }} | |
| location: ${{ env.CLOUDSDK_COMPUTE_ZONE }} | |
| - name: 'Set up Cloud SDK' | |
| uses: 'google-github-actions/setup-gcloud@v2' | |
| with: | |
| version: '>= 363.0.0' | |
| - name: Set up gotestfmt | |
| run: go install github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@latest | |
| - name: Run Enterprise Integration and Unit tests for Red Hat | |
| run: | | |
| mkdir -p .kube | |
| cat ${KUBECONFIG} > .kube/config | |
| CURRENT_DIRECTORY=$(pwd) | |
| export KUBECONFIG="${CURRENT_DIRECTORY}/.kube/config" | |
| echo "printing kubeconfig path $KUBECONFIG" | |
| export IPS_PASS=$(gcloud auth print-access-token) | |
| #inputs.RELEASE does not hold value when workflow_dispatch is not called | |
| ISRELEASE=${{ inputs.RELEASE }} | |
| if [[ ${#ISRELEASE} != 0 ]]; then | |
| export NEO4J_DOCKER_IMG="neo4j:${{ inputs.NEO4J_VERSION }}-enterprise" | |
| fi | |
| echo "NEO4J_DOCKER_IMG=${NEO4J_DOCKER_IMG}" | |
| go test -json -v -timeout ${GO_TEST_TIMEOUT} ./internal/integration_tests/ 2>&1 | tee /tmp/gotest.log | gotestfmt | |
| go test -json -v -timeout ${GO_TEST_TIMEOUT} ./internal/unit_tests/ 2>&1 | tee /tmp/gotest.log | gotestfmt | |
| run-community-tests-redhat: | |
| name: RedHat Community Tests | |
| needs: | |
| - gke-setup-redhat | |
| - build-reverseproxy-backup | |
| - current-date | |
| runs-on: ubuntu-latest | |
| env: | |
| NEO4J_EDITION: "community" | |
| CLOUDSDK_CONTAINER_CLUSTER: ${{ needs.gke-setup-redhat.outputs.CLOUDSDK_CONTAINER_CLUSTER_REDHAT }} | |
| NEO4J_DOCKER_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j:community-dev-ubi9" | |
| NEO4J_REVERSE_PROXY_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/reverseproxy:${{ needs.current-date.outputs.CURRENT_DATE }}" | |
| NEO4J_DOCKER_BACKUP_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j-admin:ubi9-${{ needs.current-date.outputs.CURRENT_DATE }}" | |
| NEO4J_OPERATIONS_IMG: "${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/neo4j-operations:${{ needs.current-date.outputs.CURRENT_DATE }}" | |
| container: | |
| image: ${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/githubactions:latest | |
| credentials: | |
| username: _json_key | |
| password: ${{ secrets.GCLOUD_SERVICE_KEY }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - id: 'gcloud-auth' | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| credentials_json: '${{ secrets.GCLOUD_SERVICE_KEY }}' | |
| - id: 'get-credentials' | |
| uses: 'google-github-actions/get-gke-credentials@v2' | |
| with: | |
| cluster_name: ${{ env.CLOUDSDK_CONTAINER_CLUSTER }} | |
| location: ${{ env.CLOUDSDK_COMPUTE_ZONE }} | |
| - name: 'Set up Cloud SDK' | |
| uses: 'google-github-actions/setup-gcloud@v2' | |
| with: | |
| version: '>= 363.0.0' | |
| - name: Set up gotestfmt | |
| run: go install github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@latest | |
| - name: Run Community Integration and Unit tests for Red Hat | |
| run: | | |
| mkdir -p .kube | |
| cat ${KUBECONFIG} > .kube/config | |
| CURRENT_DIRECTORY=$(pwd) | |
| export KUBECONFIG="${CURRENT_DIRECTORY}/.kube/config" | |
| echo "printing kubeconfig path $KUBECONFIG" | |
| export IPS_PASS=$(gcloud auth print-access-token) | |
| #inputs.RELEASE does not hold value when workflow_dispatch is not called | |
| ISRELEASE=${{ inputs.RELEASE }} | |
| if [[ ${#ISRELEASE} != 0 ]]; then | |
| export NEO4J_DOCKER_IMG="neo4j:${{ inputs.NEO4J_VERSION }}" | |
| fi | |
| echo "NEO4J_DOCKER_IMG=${NEO4J_DOCKER_IMG}" | |
| go test -json -v -timeout ${GO_TEST_TIMEOUT} ./internal/integration_tests/ 2>&1 | tee /tmp/gotest.log | gotestfmt | |
| go test -json -v -timeout ${GO_TEST_TIMEOUT} ./internal/unit_tests/ 2>&1 | tee /tmp/gotest.log | gotestfmt | |
| gke-delete: | |
| name: Debian GKE Cluster Deletion | |
| runs-on: ubuntu-latest | |
| if: always() | |
| env: | |
| CLOUDSDK_CONTAINER_CLUSTER: ${{ needs.gke-setup.outputs.CLOUDSDK_CONTAINER_CLUSTER }} | |
| needs: | |
| - run-enterprise-tests | |
| - run-community-tests | |
| - gke-setup | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - id: 'gcloud-auth' | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| credentials_json: '${{ secrets.GCLOUD_SERVICE_KEY }}' | |
| - name: 'Set up Cloud SDK' | |
| uses: 'google-github-actions/setup-gcloud@v2' | |
| with: | |
| version: '>= 363.0.0' | |
| - name: Delete GKE Cluster | |
| run: | | |
| ./bin/gcloud/delete_cluster | |
| gke-delete-redhat: | |
| name: RedHat GKE Cluster Deletion | |
| runs-on: ubuntu-latest | |
| if: always() | |
| env: | |
| CLOUDSDK_CONTAINER_CLUSTER: ${{ needs.gke-setup-redhat.outputs.CLOUDSDK_CONTAINER_CLUSTER_REDHAT }} | |
| needs: | |
| - run-enterprise-tests-redhat | |
| - run-community-tests-redhat | |
| - gke-setup-redhat | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - id: 'gcloud-auth' | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| credentials_json: '${{ secrets.GCLOUD_SERVICE_KEY }}' | |
| - name: 'Set up Cloud SDK' | |
| uses: 'google-github-actions/setup-gcloud@v2' | |
| with: | |
| version: '>= 363.0.0' | |
| - name: Delete GKE Cluster | |
| run: | | |
| ./bin/gcloud/delete_cluster | |
| build-reverseproxy-backup-release-image: | |
| name: ReverseProxy and Backup Docker Image build | |
| needs: | |
| - run-community-tests | |
| - run-community-tests-redhat | |
| - run-enterprise-tests | |
| - run-enterprise-tests-redhat | |
| runs-on: ubuntu-latest | |
| if: ${{ inputs.RELEASE && github.ref_name == 'dev' && success() && github.event_name == 'workflow_dispatch' && (github.actor == 'bfeshti') }} | |
| steps: | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and push reverse proxy image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: "{{defaultContext}}:neo4j-reverse-proxy" | |
| push: true | |
| tags: "neo4j/helm-charts-reverse-proxy:${{ inputs.NEO4J_VERSION }}" | |
| provenance: false | |
| - name: Build and push operations image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: "{{defaultContext}}:neo4j/neo4j-operations" | |
| push: true | |
| tags: "neo4j/helm-charts-operations:${{ inputs.NEO4J_VERSION }}" | |
| provenance: false | |
| - name: Build and push backup image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: "{{defaultContext}}:neo4j-admin" | |
| push: true | |
| tags: "neo4j/helm-charts-backup:${{ inputs.NEO4J_VERSION }}" | |
| provenance: false | |
| build-args: | | |
| IMAGE=neo4j:${{ inputs.NEO4J_VERSION }}-enterprise | |
| DISTRIBUTION=debian | |
| - name: Build and push red hat backup image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: "{{defaultContext}}:neo4j-admin" | |
| push: true | |
| tags: "neo4j/helm-charts-backup:${{ inputs.NEO4J_VERSION }}-ubi9" | |
| provenance: false | |
| build-args: | | |
| IMAGE=neo4j:${{ inputs.NEO4J_VERSION }}-enterprise-ubi9 | |
| DISTRIBUTION=redhat | |
| packaging: | |
| name: Packaging and Release | |
| needs: | |
| - run-community-tests | |
| - run-community-tests-redhat | |
| - run-enterprise-tests | |
| - run-enterprise-tests-redhat | |
| - build-reverseproxy-backup-release-image | |
| runs-on: ubuntu-latest | |
| if: ${{ inputs.RELEASE && github.ref_name == 'dev' && success() && github.event_name == 'workflow_dispatch' && (github.actor == 'bfeshti') }} | |
| env: | |
| NEO4J_VERSION: ${{ inputs.NEO4J_VERSION }} | |
| HELM_REPO_NAME: ${{ vars.HELM_REPO_NAME }} | |
| container: | |
| image: ${{ vars.ARTIFACT_REGISTRY_REPO_NAME }}/githubactions:latest | |
| options: --user 1001 | |
| credentials: | |
| username: _json_key | |
| password: ${{ secrets.GCLOUD_SERVICE_KEY }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: '0' | |
| fetch-tags: true | |
| token: ${{ secrets.GH_TOKEN }} | |
| ref: dev | |
| - name: Version Updates | |
| run: | | |
| git config --global user.email [email protected] | |
| git config --global user.name "team-smcs" | |
| ./bin/gcloud/version_updates | |
| - name: GPG Key Signing | |
| run: | | |
| export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID_GPG }} | |
| export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY_GPG }} | |
| export ROLE_ARN_GPG=${{ secrets.ROLE_ARN_GPG }} | |
| export SECRET_ID_GPG=${{ secrets.SECRET_ID_GPG }} | |
| ./bin/gcloud/gpg_signing | |
| - name: Upload Helm Charts | |
| run: | | |
| export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID_HELM }} | |
| export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY_HELM }} | |
| export AWS_REGION="us-east-1" | |
| export PACKAGE_SIGNING_KEY=${{ secrets.PACKAGE_SIGNING_KEY }} | |
| export PACKAGE_SIGNING_PASSPHRASE=${{ secrets.PACKAGE_SIGNING_PASSPHRASE }} | |
| ./bin/gcloud/package_upload | |
| - name: Update index.yaml | |
| run: | | |
| ./bin/gcloud/index_yaml_update | |
| - name: Release Notes | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: v${{ inputs.NEO4J_VERSION }} | |
| tag_name: ${{ inputs.NEO4J_VERSION }} | |
| token: ${{ secrets.GH_TOKEN }} | |
| body: "- Update to Neo4j ${{ inputs.NEO4J_VERSION }} as the new baseline, see [Release notes](https://neo4j.com/release-notes/database/neo4j-5///) for details of changes" | |
| make_latest: true | |
| files: | | |
| neo4j-${{ inputs.NEO4J_VERSION }}.tgz | |
| neo4j-admin-${{ inputs.NEO4J_VERSION }}.tgz | |
| neo4j-reverse-proxy-${{ inputs.NEO4J_VERSION }}.tgz | |
| neo4j-headless-service-${{ inputs.NEO4J_VERSION }}.tgz | |
| neo4j-persistent-volume-${{ inputs.NEO4J_VERSION }}.tgz | |
| neo4j-loadbalancer-${{ inputs.NEO4J_VERSION }}.tgz |