mirror of
https://github.com/mikefarah/yq.git
synced 2026-07-08 06:45:38 +00:00
feat: init alauda-v4.47.1 branch
This commit is contained in:
parent
f03c9dc599
commit
76aeaf3502
87
.github/workflows/alauda-auto-tag.yaml
vendored
Normal file
87
.github/workflows/alauda-auto-tag.yaml
vendored
Normal file
@ -0,0 +1,87 @@
|
||||
name: Auto Tag for Alauda
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- 'alauda-v*'
|
||||
|
||||
permissions:
|
||||
contents: write # create tags and releases
|
||||
packages: write # upload packages
|
||||
|
||||
jobs:
|
||||
tag:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0 # fetch all tags
|
||||
|
||||
- name: Set up Git
|
||||
run: |
|
||||
git config user.name "github-actions[bot]"
|
||||
git config user.email "github-actions[bot]@users.noreply.github.com"
|
||||
|
||||
- name: Extract version and tag prefix
|
||||
id: extract
|
||||
run: |
|
||||
BRANCH_NAME="${GITHUB_REF#refs/heads/}"
|
||||
echo "Branch: $BRANCH_NAME"
|
||||
|
||||
PREFIX="${BRANCH_NAME%%-*}" # alauda
|
||||
BASE_VERSION="${BRANCH_NAME#${PREFIX}-}" # v0.62.1
|
||||
|
||||
VERSION_NO_V="${BASE_VERSION#v}" # 0.62.1
|
||||
MAJOR=$(echo "$VERSION_NO_V" | cut -d. -f1)
|
||||
MINOR=$(echo "$VERSION_NO_V" | cut -d. -f2)
|
||||
PATCH=$(echo "$VERSION_NO_V" | cut -d. -f3)
|
||||
|
||||
echo "MAJOR: $MAJOR, MINOR: $MINOR, PATCH: $PATCH"
|
||||
|
||||
# PATCH + 1
|
||||
NEXT_PATCH=$((PATCH + 1))
|
||||
echo "NEXT_PATCH=$NEXT_PATCH"
|
||||
|
||||
NEXT_VERSION="v${MAJOR}.${MINOR}.${NEXT_PATCH}" # v0.62.2
|
||||
echo "NEXT_VERSION=$NEXT_VERSION"
|
||||
|
||||
TAG_PREFIX="${NEXT_VERSION}-${PREFIX}" # v0.62.2-alauda
|
||||
echo "TAG_PREFIX=$TAG_PREFIX"
|
||||
|
||||
echo "prefix=$PREFIX" >> $GITHUB_OUTPUT
|
||||
echo "base_version=$BASE_VERSION" >> $GITHUB_OUTPUT
|
||||
echo "tag_prefix=$TAG_PREFIX" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Find latest tag with this prefix
|
||||
id: latest
|
||||
run: |
|
||||
TAG_PREFIX="${{ steps.extract.outputs.tag_prefix }}"
|
||||
echo "Looking for tags with prefix: $TAG_PREFIX"
|
||||
|
||||
EXISTING_TAGS=$(git tag --list "${TAG_PREFIX}-*" | sort -V)
|
||||
echo "Existing tags: $EXISTING_TAGS"
|
||||
|
||||
MAX_INDEX=-1
|
||||
for tag in $EXISTING_TAGS; do
|
||||
NUM=${tag##*-}
|
||||
if [[ "$NUM" =~ ^[0-9]+$ && "$NUM" -gt "$MAX_INDEX" ]]; then
|
||||
MAX_INDEX=$NUM
|
||||
fi
|
||||
done
|
||||
|
||||
NEW_INDEX=$((MAX_INDEX + 1))
|
||||
NEW_TAG="${TAG_PREFIX}-${NEW_INDEX}"
|
||||
|
||||
echo "new_tag=$NEW_TAG" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Create and push new tag
|
||||
run: |
|
||||
NEW_TAG="${{ steps.latest.outputs.new_tag }}"
|
||||
git tag "$NEW_TAG"
|
||||
git push origin "$NEW_TAG"
|
||||
|
||||
release-alauda:
|
||||
name: Release Alauda
|
||||
needs: [tag]
|
||||
uses: ./.github/workflows/reusable-release-alauda.yaml
|
||||
16
.github/workflows/release-alauda.yaml
vendored
Normal file
16
.github/workflows/release-alauda.yaml
vendored
Normal file
@ -0,0 +1,16 @@
|
||||
name: Release Alauda
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- "v*-alauda-*"
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: write # create releases
|
||||
packages: write # upload packages
|
||||
|
||||
jobs:
|
||||
release-alauda:
|
||||
name: Release Alauda
|
||||
uses: ./.github/workflows/reusable-release-alauda.yaml
|
||||
33
.github/workflows/reusable-release-alauda.yaml
vendored
Normal file
33
.github/workflows/reusable-release-alauda.yaml
vendored
Normal file
@ -0,0 +1,33 @@
|
||||
name: Release Alauda
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
packages: write
|
||||
|
||||
jobs:
|
||||
release:
|
||||
name: alauda-release
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4.1.6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version-file: go.mod
|
||||
cache: false
|
||||
|
||||
- name: Set up GoReleaser
|
||||
uses: goreleaser/goreleaser-action@v6
|
||||
with:
|
||||
version: v2.1.0
|
||||
args: release -f=.goreleaser-alauda.yml
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
34
.github/workflows/scan-alauda.yaml
vendored
Normal file
34
.github/workflows/scan-alauda.yaml
vendored
Normal file
@ -0,0 +1,34 @@
|
||||
name: Scan vulnerabilities for Alauda
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 0 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: Scan Go vulnerabilities
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4.1.6
|
||||
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version-file: "go.mod"
|
||||
cache: false
|
||||
|
||||
- name: Set up GoReleaser
|
||||
uses: goreleaser/goreleaser-action@v6
|
||||
with:
|
||||
version: v2.1.0
|
||||
args: release --snapshot -f=.goreleaser-alauda.yml
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Run Trivy vulnerability scanner
|
||||
uses: aquasecurity/trivy-action@0.28.0
|
||||
with:
|
||||
scan-type: 'rootfs'
|
||||
scan-ref: 'dist/cosign_linux_amd64_v1/alauda-cosign'
|
||||
exit-code: 1
|
||||
58
.goreleaser-alauda.yml
Normal file
58
.goreleaser-alauda.yml
Normal file
@ -0,0 +1,58 @@
|
||||
# This is an example .goreleaser.yml file with some sensible defaults.
|
||||
# Make sure to check the documentation at https://goreleaser.com
|
||||
|
||||
# The lines below are called `modelines`. See `:help modeline`
|
||||
# Feel free to remove those if you don't want/need to use them.
|
||||
# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
|
||||
# vim: set ts=2 sw=2 tw=0 fo=cnqoj
|
||||
|
||||
version: 2
|
||||
|
||||
before:
|
||||
hooks:
|
||||
# You may remove this if you don't use go modules.
|
||||
- go mod tidy
|
||||
|
||||
builds:
|
||||
- id: yq
|
||||
env:
|
||||
- CGO_ENABLED=0
|
||||
goos:
|
||||
- linux
|
||||
goarch:
|
||||
- amd64
|
||||
- arm64
|
||||
ldflags:
|
||||
- -w -s -extldflags '-static'
|
||||
main: .
|
||||
binary: alauda-yq
|
||||
|
||||
archives:
|
||||
- id: archive
|
||||
format: tar.gz
|
||||
name_template: >-
|
||||
{{ .ProjectName }}_
|
||||
{{- title .Os }}_
|
||||
{{- if eq .Arch "amd64" }}x86_64
|
||||
{{- else if eq .Arch "386" }}i386
|
||||
{{- else }}{{ .Arch }}{{ end }}
|
||||
{{- if .Arm }}v{{ .Arm }}{{ end }}
|
||||
format_overrides:
|
||||
- goos: windows
|
||||
format: zip
|
||||
|
||||
changelog:
|
||||
sort: asc
|
||||
filters:
|
||||
exclude:
|
||||
- "^docs:"
|
||||
- "^test:"
|
||||
|
||||
release:
|
||||
footer: >-
|
||||
|
||||
---
|
||||
|
||||
This release is intended for use only as part of the Alauda product suite.
|
||||
It is not recommended for use by individuals or teams outside of Alauda.
|
||||
Any consequences arising from its use are the sole responsibility of the user.
|
||||
64
DEVELOPMENT.md
Normal file
64
DEVELOPMENT.md
Normal file
@ -0,0 +1,64 @@
|
||||
# YQ alauda Branch Development Guide
|
||||
|
||||
## Background
|
||||
|
||||
Previously, yq was used as a general-purpose CLI across multiple plugins, each needing to fix vulnerabilities in yq independently.
|
||||
|
||||
To avoid duplicated efforts, we forked the [yq](https://github.com/mikefarah/yq) repository and maintain it through branches named `alauda-vx.xx.xx`.
|
||||
|
||||
We use [renovate](https://gitlab-ce.alauda.cn/devops/tech-research/renovate/-/blob/main/docs/quick-start/0002-quick-start.md) to automatically fix vulnerabilities in corresponding versions.
|
||||
|
||||
## Repository Structure
|
||||
|
||||
Based on the original code, the following content has been added:
|
||||
|
||||
- [alauda-auto-tag.yaml](./.github/workflows/alauda-auto-tag.yaml): Automatically tags and triggers goreleaser when a PR is merged into the `alauda-vx.xx.xx` branch
|
||||
- [release-alauda.yaml](./.github/workflows/release-alauda.yaml): Supports triggering goreleaser manually or upon tag updates (this pipeline isn't triggered when tags are created by actions due to GitHub Actions design limitations)
|
||||
- [reusable-release-alauda.yaml](./.github/workflows/reusable-release-alauda.yaml): Executes goreleaser to create a release
|
||||
- [scan-alauda.yaml](.github/workflows/scan-alauda.yaml): Runs trivy vulnerability scans (`rootfs` scans for Go binaries)
|
||||
- [.goreleaser-alauda.yml](.goreleaser-alauda.yml): Configuration file for releasing alauda versions
|
||||
|
||||
## Special Modifications
|
||||
|
||||
None at present
|
||||
|
||||
## Pipelines
|
||||
|
||||
### Triggered on PR Submission
|
||||
|
||||
- [tests.yaml](.github/workflows/tests.yaml): Official testing pipeline including unit tests, integration tests, etc.
|
||||
|
||||
### Triggered on Merge to alauda-vx.xx.xx Branch
|
||||
|
||||
- [alauda-auto-tag.yaml](.github/workflows/alauda-auto-tag.yaml): Automatically tags and triggers goreleaser
|
||||
- [reusable-release-alauda.yaml](.github/workflows/reusable-release-alauda.yaml): Executes goreleaser to create a release (triggered by `alauda-auto-tag.yaml`)
|
||||
|
||||
### Scheduled or Manual Triggering
|
||||
|
||||
- [scan-alauda.yaml](.github/workflows/scan-alauda.yaml): Runs trivy vulnerability scans (`rootfs` scans for Go binaries)
|
||||
|
||||
### Others
|
||||
|
||||
Other officially maintained pipelines remain unchanged; some irrelevant pipelines have been disabled on the Actions page.
|
||||
|
||||
## Renovate Vulnerability Fix Mechanism
|
||||
|
||||
The renovate configuration file is [renovate.json](https://github.com/AlaudaDevops/trivy/blob/main/renovate.json)
|
||||
|
||||
1. renovate detects vulnerabilities in the branch and submits a PR for fixes
|
||||
2. Tests run automatically on the PR
|
||||
3. After all tests pass, renovate automatically merges the PR
|
||||
4. After the branch updates, an action automatically tags the commit (e.g., v0.62.1-alauda-0, with patch version and last digit incremented)
|
||||
5. goreleaser automatically publishes a release based on the tag
|
||||
|
||||
## Maintenance Plan
|
||||
|
||||
When upgrading to a new version, follow these steps:
|
||||
|
||||
1. Create an alauda branch from the corresponding tag, e.g., tag `v0.62.1` corresponds to branch `alauda-v0.62.1`
|
||||
2. Cherry-pick previous alauda branch changes onto the new branch and push
|
||||
|
||||
Renovate automatic fix mechanism:
|
||||
1. After renovate submits a PR, pipelines run automatically; if all tests pass, the PR will be merged automatically
|
||||
2. After merging into the `alauda-v0.62.1` branch, goreleaser will automatically create a `v0.62.2-alauda-0` release (note: not `v0.62.1-alauda-0`, because upgrading the version allows renovate to recognize it)
|
||||
3. renovate configured in other plugins will automatically fetch artifacts from the release according to its configuration
|
||||
Loading…
Reference in New Issue
Block a user