V10 - Build & Deploy Pipeline #126
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: V10 - Build & Deploy Pipeline | |
| on: | |
| push: | |
| branches: [ 'release/v10**' ] | |
| release: | |
| types: [ prereleased, released ] | |
| jobs: | |
| setup_deployment: | |
| name: Setup Deployment | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| tag: ${{ steps.set-env.outputs.tag }} | |
| environment: ${{ steps.set-env.outputs.environment }} | |
| release_tag: ${{ steps.set-env.outputs.release_tag }} | |
| steps: | |
| - name: Determine Build Environment | |
| id: set-env | |
| run: | | |
| # =================== | |
| # DEV Environment | |
| # =================== | |
| # Triggered by: push to release/v10.x.x branches | |
| if ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/v10') }}; then | |
| echo "DEV environment" | |
| echo "tag=v10-dev" >> $GITHUB_OUTPUT | |
| echo "environment=dev" >> $GITHUB_OUTPUT | |
| # =================== | |
| # RC Environment | |
| # =================== | |
| # Triggered by: prerelease creation | |
| elif ${{ github.event_name == 'release' && github.event.action == 'prereleased' }}; then | |
| TAG="${{ github.event.release.tag_name }}" | |
| # Skip if tag doesn't start with v10 (this pipeline is for v10 only) | |
| if [[ ! "$TAG" =~ ^v10\. ]]; then | |
| echo "⏭️ Skipping: Tag '$TAG' is not a v10 release. This pipeline handles v10 releases only." | |
| exit 0 | |
| fi | |
| echo "RC environment" | |
| echo "tag=v10-rc" >> $GITHUB_OUTPUT | |
| echo "environment=rc" >> $GITHUB_OUTPUT | |
| echo "release_tag=$TAG" >> $GITHUB_OUTPUT | |
| # =================== | |
| # PROD Environment | |
| # =================== | |
| # Triggered by: prerelease promoted to release | |
| elif ${{ github.event_name == 'release' && github.event.action == 'released' }}; then | |
| TAG="${{ github.event.release.tag_name }}" | |
| # Skip if tag doesn't start with v10 (this pipeline is for v10 only) | |
| if [[ ! "$TAG" =~ ^v10\. ]]; then | |
| echo "⏭️ Skipping: Tag '$TAG' is not a v10 release. This pipeline handles v10 releases only." | |
| exit 0 | |
| fi | |
| echo "PROD environment" | |
| echo "tag=v10" >> $GITHUB_OUTPUT | |
| echo "environment=prod" >> $GITHUB_OUTPUT | |
| echo "release_tag=$TAG" >> $GITHUB_OUTPUT | |
| fi | |
| validations: | |
| name: Validate permissions | |
| runs-on: ubuntu-24.04 | |
| needs: setup_deployment | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| steps: | |
| - name: Check permissions | |
| run: | | |
| echo "Validating user permissions..." | |
| RESPONSE=$(curl -s -H "Authorization: Bearer ${{ secrets.API_SECRET }}" \ | |
| -H "Accept: application/vnd.github.json" \ | |
| "https://api.github.com/orgs/utmstack/teams/integration-developers/memberships/${{ github.actor }}") | |
| if echo "$RESPONSE" | grep -q '"state": "active"'; then | |
| echo "✅ User ${{ github.actor }} is a member of the integration-developers team." | |
| else | |
| RESPONSE=$(curl -s -H "Authorization: Bearer ${{ secrets.API_SECRET }}" \ | |
| -H "Accept: application/vnd.github.json" \ | |
| "https://api.github.com/orgs/utmstack/teams/core-developers/memberships/${{ github.actor }}") | |
| if echo "$RESPONSE" | grep -q '"state": "active"'; then | |
| echo "✅ User ${{ github.actor }} is a member of the core-developers team." | |
| else | |
| echo "⛔ ERROR: User ${{ github.actor }} is not a member of the core-developers or integration-developers team." | |
| echo $RESPONSE | |
| exit 1 | |
| fi | |
| fi | |
| build_agent: | |
| name: Build Agent Binaries | |
| needs: [validations,setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Check out code into the right branch | |
| uses: actions/checkout@v4 | |
| - name: Build Linux Binaries (Agent & Updater) | |
| env: | |
| GOOS: linux | |
| GOARCH: amd64 | |
| run: | | |
| cd ${{ github.workspace }}/agent | |
| go build -o utmstack_agent_service -v -ldflags "-X 'github.com/utmstack/UTMStack/agent/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" . | |
| cd ${{ github.workspace }}/agent/updater | |
| go build -o utmstack_updater_service . | |
| - name: Build Windows Binaries (amd64) | |
| env: | |
| GOOS: windows | |
| GOARCH: amd64 | |
| run: | | |
| cd ${{ github.workspace }}/agent | |
| go build -o utmstack_agent_service.exe -v -ldflags "-X 'github.com/utmstack/UTMStack/agent/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" . | |
| cd ${{ github.workspace }}/agent/updater | |
| go build -o utmstack_updater_service.exe . | |
| - name: Build Windows Binaries (arm64) | |
| env: | |
| GOOS: windows | |
| GOARCH: arm64 | |
| run: | | |
| cd ${{ github.workspace }}/agent | |
| go build -o utmstack_agent_service_arm64.exe -v -ldflags "-X 'github.com/utmstack/UTMStack/agent/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" . | |
| cd ${{ github.workspace }}/agent/updater | |
| go build -o utmstack_updater_service_arm64.exe . | |
| - name: Upload Linux binaries as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: agents-linux | |
| path: | | |
| agent/utmstack_agent_service | |
| agent/updater/utmstack_updater_service | |
| retention-days: 1 | |
| - name: Upload unsigned Windows binaries as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: agents-windows-unsigned | |
| path: | | |
| agent/utmstack_agent_service.exe | |
| agent/utmstack_agent_service_arm64.exe | |
| agent/updater/utmstack_updater_service.exe | |
| agent/updater/utmstack_updater_service_arm64.exe | |
| retention-days: 1 | |
| sign_agent_windows: | |
| name: Sign Windows Agent Binaries | |
| needs: [build_agent, setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| uses: ./.github/workflows/reusable-sign-agent.yml | |
| with: | |
| os: windows | |
| artifact_name: agents-windows-unsigned | |
| signed_artifact_name: agents-windows-signed | |
| gcp_project_id: ${{ vars.GCP_PROJECT_PROD }} | |
| kms_location: ${{ vars.KMS_KEYRING_LOCATION }} | |
| kms_keyring: ${{ vars.KMS_KEYRING_NAME }} | |
| kms_key: ${{ vars.KMS_KEY_NAME }} | |
| binaries: | | |
| utmstack_agent_service.exe | |
| utmstack_agent_service_arm64.exe | |
| updater/utmstack_updater_service.exe | |
| updater/utmstack_updater_service_arm64.exe | |
| secrets: inherit | |
| build_agent_manager: | |
| name: Build Agent-Manager Image | |
| needs: [sign_agent_windows, validations, setup_deployment] | |
| if: ${{ always() && needs.sign_agent_windows.result == 'success' && needs.setup_deployment.outputs.tag != '' }} | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Check out code into the right branch | |
| uses: actions/checkout@v4 | |
| - name: Download Linux agents from artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: agents-linux | |
| path: ${{ github.workspace }}/agent | |
| - name: Download signed Windows agents from artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: agents-windows-signed | |
| path: ${{ github.workspace }}/agent | |
| - name: Prepare dependencies for Agent Manager Image | |
| run: | | |
| cd ${{ github.workspace }}/agent-manager | |
| GOOS=linux GOARCH=amd64 go build -o agent-manager -v . | |
| mkdir -p ./dependencies/collector | |
| curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/collector/linux-as400-collector.zip" -o ./dependencies/collector/linux-as400-collector.zip | |
| curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/collector/windows-as400-collector.zip" -o ./dependencies/collector/windows-as400-collector.zip | |
| mkdir -p ./dependencies/agent/ | |
| curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/agent/utmstack_agent_dependencies_linux.zip" -o ./dependencies/agent/utmstack_agent_dependencies_linux.zip | |
| curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/agent/utmstack_agent_dependencies_windows.zip" -o ./dependencies/agent/utmstack_agent_dependencies_windows.zip | |
| curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/agent/utmstack_agent_dependencies_windows_arm64.zip" -o ./dependencies/agent/utmstack_agent_dependencies_windows_arm64.zip | |
| cp "${{ github.workspace }}/agent/utmstack_agent_service" ./dependencies/agent/ | |
| cp "${{ github.workspace }}/agent/utmstack_agent_service.exe" ./dependencies/agent/ | |
| cp "${{ github.workspace }}/agent/utmstack_agent_service_arm64.exe" ./dependencies/agent/ | |
| cp "${{ github.workspace }}/agent/version.json" ./dependencies/agent/ | |
| cp "${{ github.workspace }}/agent/updater/utmstack_updater_service" ./dependencies/agent/ | |
| cp "${{ github.workspace }}/agent/updater/utmstack_updater_service.exe" ./dependencies/agent/ | |
| cp "${{ github.workspace }}/agent/updater/utmstack_updater_service_arm64.exe" ./dependencies/agent/ | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: utmstack | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and Push the Agent Manager Image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./agent-manager | |
| push: true | |
| tags: ghcr.io/utmstack/utmstack/agent-manager:${{ needs.setup_deployment.outputs.tag }} | |
| build_aws: | |
| name: Build AWS Microservice | |
| needs: [validations,setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| uses: ./.github/workflows/reusable-golang.yml | |
| with: | |
| image_name: aws | |
| tag: ${{ needs.setup_deployment.outputs.tag }} | |
| build_backend: | |
| name: Build Backend Microservice | |
| needs: [validations,setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| uses: ./.github/workflows/reusable-java.yml | |
| with: | |
| image_name: backend | |
| tag: ${{ needs.setup_deployment.outputs.tag }} | |
| java_version: '11' | |
| use_version_file: true | |
| maven_profile: 'prod' | |
| maven_goals: 'clean package' | |
| build_correlation: | |
| name: Build Correlation Microservice | |
| needs: [validations,setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| uses: ./.github/workflows/reusable-golang.yml | |
| with: | |
| image_name: correlation | |
| tag: ${{ needs.setup_deployment.outputs.tag }} | |
| build_frontend: | |
| name: Build Frontend Microservice | |
| needs: [validations,setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| uses: ./.github/workflows/reusable-node.yml | |
| with: | |
| image_name: frontend | |
| tag: ${{ needs.setup_deployment.outputs.tag }} | |
| build_bitdefender: | |
| name: Build Bitdefender Microservice | |
| needs: [validations,setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| uses: ./.github/workflows/reusable-golang.yml | |
| with: | |
| image_name: bitdefender | |
| tag: ${{ needs.setup_deployment.outputs.tag }} | |
| build_mutate: | |
| name: Build Mutate Microservice | |
| needs: [validations,setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| uses: ./.github/workflows/reusable-basic.yml | |
| with: | |
| image_name: mutate | |
| tag: ${{ needs.setup_deployment.outputs.tag }} | |
| build_office365: | |
| name: Build Office365 Microservice | |
| needs: [validations,setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| uses: ./.github/workflows/reusable-golang.yml | |
| with: | |
| image_name: office365 | |
| tag: ${{ needs.setup_deployment.outputs.tag }} | |
| build_log_auth_proxy: | |
| name: Build Log-Auth-Proxy Microservice | |
| needs: [validations,setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| uses: ./.github/workflows/reusable-golang.yml | |
| with: | |
| image_name: log-auth-proxy | |
| tag: ${{ needs.setup_deployment.outputs.tag }} | |
| build_soc_ai: | |
| name: Build Soc-AI Microservice | |
| needs: [validations,setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| uses: ./.github/workflows/reusable-golang.yml | |
| with: | |
| image_name: soc-ai | |
| tag: ${{ needs.setup_deployment.outputs.tag }} | |
| build_sophos: | |
| name: Build Sophos Microservice | |
| needs: [validations,setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| uses: ./.github/workflows/reusable-golang.yml | |
| with: | |
| image_name: sophos | |
| tag: ${{ needs.setup_deployment.outputs.tag }} | |
| build_user_auditor: | |
| name: Build User-Auditor Microservice | |
| needs: [validations,setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| uses: ./.github/workflows/reusable-java.yml | |
| with: | |
| image_name: user-auditor | |
| tag: ${{ needs.setup_deployment.outputs.tag }} | |
| java_version: '11' | |
| use_version_file: false | |
| maven_goals: 'clean install -U' | |
| build_web_pdf: | |
| name: Build Web-PDF Microservice | |
| needs: [validations,setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| uses: ./.github/workflows/reusable-java.yml | |
| with: | |
| image_name: web-pdf | |
| tag: ${{ needs.setup_deployment.outputs.tag }} | |
| java_version: '11' | |
| use_version_file: false | |
| maven_goals: 'clean install -U' | |
| all_builds_complete: | |
| name: All Builds Complete | |
| needs: [ | |
| setup_deployment, | |
| build_agent_manager, | |
| build_aws, build_backend, build_correlation, build_frontend, | |
| build_bitdefender, build_mutate, build_office365, | |
| build_log_auth_proxy, build_soc_ai, build_sophos, | |
| build_user_auditor, build_web_pdf | |
| ] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - run: echo "✅ All builds completed successfully" | |
| deploy_installer_dev: | |
| name: Deploy Installer (Dev) | |
| needs: [all_builds_complete, setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.environment == 'dev' }} | |
| uses: ./.github/workflows/installer-release.yml | |
| with: | |
| version: ${{ needs.setup_deployment.outputs.tag }} | |
| version_major: v10 | |
| environment: dev | |
| secrets: | |
| API_SECRET: ${{ secrets.API_SECRET }} | |
| CM_ENCRYPT_SALT: ${{ secrets.CM_ENCRYPT_SALT }} | |
| CM_SIGN_PUBLIC_KEY: ${{ secrets.CM_SIGN_PUBLIC_KEY }} | |
| deploy_installer_rc: | |
| name: Deploy Installer (RC) | |
| needs: [all_builds_complete, setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.environment == 'rc' }} | |
| uses: ./.github/workflows/installer-release.yml | |
| with: | |
| version: ${{ needs.setup_deployment.outputs.release_tag }} | |
| version_major: v10 | |
| environment: rc | |
| prerelease: true | |
| secrets: | |
| API_SECRET: ${{ secrets.API_SECRET }} | |
| CM_ENCRYPT_SALT: ${{ secrets.CM_ENCRYPT_SALT }} | |
| CM_SIGN_PUBLIC_KEY: ${{ secrets.CM_SIGN_PUBLIC_KEY }} |