Skip to content

fix: Fix the process command whitelist term (#1138) #1007

fix: Fix the process command whitelist term (#1138)

fix: Fix the process command whitelist term (#1138) #1007

Workflow file for this run

name: Release
on:
push:
branches: [ main ]
pull_request: ~
schedule:
# Do not make it the first of the month and/or midnight since it is a very busy time
- cron: "* 10 5 * *"
release:
types: [ created ]
# See https://stackoverflow.com/a/72408109
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
DOCKERFILE: .docker/Dockerfile
DOCKERHUB_USERNAME: boxproject
TERM: xterm
jobs:
build-phar:
runs-on: ubuntu-latest
name: Build PHAR
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.1'
ini-values: phar.readonly=0
tools: composer
coverage: none
- name: Install Composer dependencies
uses: ramsey/composer-install@v2
- name: Ensure that the make target is up to date
run: make _vendor_install
- name: Build PHAR
run: make compile
# Smoke test
- name: Ensure the PHAR works
run: bin/box.phar --ansi --version
- name: Ensure the PHAR is scoped
run: bin/box.phar namespace | php -r 'if (!str_starts_with(stream_get_contents(STDIN), "_HumbugBox")) exit (1);'
- name: Import GPG key
if: github.event_name == 'release'
uses: crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key: ${{ secrets.GPG_KEY_41539BBD4020945DB378F98B2DF45277AEF09A2F }}
passphrase: ${{ secrets.GPG_KEY_41539BBD4020945DB378F98B2DF45277AEF09A2F_PASSPHRASE }}
- name: Sign the PHAR
if: github.event_name == 'release'
run: |
gpg --local-user [email protected] \
--batch \
--yes \
--passphrase="${{ secrets.GPG_KEY_41539BBD4020945DB378F98B2DF45277AEF09A2F_PASSPHRASE }}" \
--detach-sign \
--output bin/box.phar.asc \
bin/box.phar
- uses: actions/upload-artifact@v3
name: Upload the PHAR artifact
with:
name: box-phar
path: |
bin/box.phar
bin/box.phar.asc
publish-phar:
runs-on: ubuntu-latest
name: Publish PHAR
needs:
- build-phar
if: github.event_name == 'release'
steps:
- uses: actions/download-artifact@v3
with:
name: box-phar
path: .
- name: Upload PHAR to the release
uses: softprops/action-gh-release@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
files: |
box.phar
box.phar.asc
publish-homebrew-tap:
runs-on: ubuntu-latest
name: Publish Homebrew tap
needs:
- publish-phar
if: github.event_name == 'release'
steps:
- name: Update Homebrew formula
uses: dawidd6/action-homebrew-bump-formula@v3
with:
token: ${{ secrets.BOX_HOMEBREW_TAP_TOKEN }}
tap: box-project/box
formula: box
tag: ${{ github.event.release.tag_name }}
revision: ${{ github.event.release.target_commitish }}
publish-docker-image:
runs-on: ubuntu-latest
name: Publish the Docker image
needs:
- build-phar
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: box-phar
path: .
# See https://github.com/actions/download-artifact#limitations
# the permissions are not guaranteed to be preserved
- name: Ensure PHAR is executable
run: |
chmod 755 box.phar
mv -vf box.phar bin/box.phar
./bin/box.phar --ansi --version
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Docker Container Registry
if: github.event_name == 'release'
uses: docker/login-action@v2
with:
username: ${{ env.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Setup the Docker (release) tag(s)
if: github.event_name == 'release'
# Selects a random value for $EOF as a delimiter, and sets the DOCKER_TAGS environment variable
# as a multi-line environment variable.
run: |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
echo "DOCKER_TAGS<<$EOF" >> $GITHUB_ENV
echo "${{ env.DOCKERHUB_USERNAME }}/box:${{ github.ref_name }}" >> $GITHUB_ENV
echo "${{ env.DOCKERHUB_USERNAME }}/box:latest" >> $GITHUB_ENV
echo "$EOF" >> $GITHUB_ENV
echo "DOCKER_TEST_TAG=${{ env.DOCKERHUB_USERNAME }}/box:latest" >> $GITHUB_ENV
- name: Login to GitHub Container Registry
if: github.event_name != 'release'
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Setup the Docker tag(s)
if: github.event_name != 'release'
run: |
echo "DOCKER_TAGS=ghcr.io/box-project/box" >> $GITHUB_ENV
echo "DOCKER_TEST_TAG=ghcr.io/box-project/box" >> $GITHUB_ENV
- name: Build and export to Docker
uses: docker/build-push-action@v3
with:
context: .
file: ${{ env.DOCKERFILE }}
platforms: linux/amd64
tags: ${{ env.DOCKER_TAGS }}
load: true
- name: Test the (release) image
run: docker run --rm ${{ env.DOCKER_TEST_TAG }} --version
- name: Build and push
if: github.event_name == 'release'
uses: docker/build-push-action@v3
with:
context: .
file: ${{ env.DOCKERFILE }}
platforms: linux/amd64
tags: ${{ env.DOCKER_TAGS }}
push: true