gempush.yml

name: cfn_nag

on:
  push:
    branches:
      - master
env:
  docker_org: stelligent

jobs:
  tests-linting:
    uses: stelligent/cfn_nag/.github/workflows/tests-linting.yml@master
  release:
    name: Release
    runs-on: ubuntu-latest
    needs: [tests-linting]
    steps:
      # is this the same commit hash we saw in commit?
      - uses: actions/checkout@v2
      - run: |
          git fetch --depth=1 origin +refs/tags/*:refs/tags/*
          git fetch --prune --unshallow
      - name: Publish to RubyGems and DockerHub
        id: publish
        run: bash ./scripts/publish.sh
        env:
          rubygems_api_key: ${{secrets.rubygems_api_key}}
          docker_user: ${{secrets.docker_user}}
          docker_password: ${{secrets.docker_password}}
      - name: Create release with changelog
        id: gh_release
        uses: release-drafter/release-drafter@v5
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          publish: true
          version: ${{ steps.publish.outputs.cfn_nag_version }}

      - name: Trigger cfn_nag for CodePipeline SAR publish
        run: |
          curl -s \
               -X POST \
               -u "stelligent-releasebot:${{secrets.GITHUB_TOKEN}}" \
               -H "Accept: application/vnd.github.v3+json" \
               -H "Content-Type: application/json" \
               https://api.github.com/repos/${{ env.docker_org }}/cfn-nag-pipeline/dispatches \
               --data '{"event_type": "build_application"}'