Skip to content

Fix Action and trigger k8s module #9

Fix Action and trigger k8s module

Fix Action and trigger k8s module #9

name: Release Workflow
on:
push:
branches:
- main
paths:
- "genval/defaultpolicies/rego/terraform_policies/**"
- "genval/defaultpolicies/rego/dockerfile_policies/**"
- "genval/defaultpolicies/rego/input_policies/**"
- "genval/defaultpolicies/rego/infrafile_policies/**"
- "genval/modules/cuemod-k8s*/**"
- "genval/modules/cuemod-tektoncd*/**"
- "genval/modules/cuemod-argocd*/**"
permissions:
contents: write
id-token: write
packages: write
jobs:
check-updates:
runs-on: ubuntu-latest
strategy:
matrix:
policy:
- name: dockerfile_policies
path: genval/defaultpolicies/rego/dockerfile_policies/**
version-file: ./.github/versions/dockerfile_version.env
artifact-name: dockerfile_policies
output: DOCKERFILE_POLICIES
- name: terraform_policies
path: genval/defaultpolicies/rego/terraform_policies/**
version-file: ./.github/versions/terraform_version.env
artifact-name: terraform_policies
output: TERRAFORM_POLICIES
- name: input_policies
path: genval/defaultpolicies/rego/input_policies/**
version-file: ./.github/versions/input_version.env
artifact-name: terraform_policies
output: INPUT_POLICIES
- name: infrafile_policies
path: genval/defaultpolicies/rego/infrafile_policies/**
version-file: ./.github/versions/infrafile_version.env
artifact-name: infrafile_policies
output: INFRAFILE_POLICIES
- name: k8s-module
path: genval/modules/cuemod-k8s*/**
version-file: ./.github/versions/k8s_mod_version.env
artifact-name: k8s-module
output: K8s_MODULE
- name: tektonCD_module
path: genval/modules/cuemod-tektoncd*/**
version-file: ./.github/versions/tektoncd_mod_version.env
artifact-name: tektonCD_module
output: TEKTONCD_MODULE
- name: argoCD_module
path: genval/modules/cuemod-argocd*/**
version-file: ./.github/versions/argocd_mod_version.env
artifact-name: argoCD_module
output: ARGOCD_MODULE
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
fetch-depth: "0"
- name: Set matrix output
id: set-matrix-output
run: |
matrix=$((
echo '${{ toJSON(matrix) }}'
) | jq -c .)
echo "::set-output name=matrix::$matrix"
- name: Path filter
id: changes
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
with:
base: main
filters: |
src:
- '${{ matrix.policy.path }}'
- name: setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
with:
go-version: "1.22"
- name: Conditionally set tag
if: steps.changes.outputs.src == 'true'
run: |
echo "tag=$(./.github/get_version.sh ${{ matrix.policy.version-file }})" >> $GITHUB_ENV
echo "tag=${{ env.tag }}"
- name: Install genval
if: steps.changes.outputs.src == 'true'
run: |
go install github.com/intelops/genval@main
- name: Login to GitHub Container Registry
if: steps.changes.outputs.src == 'true'
uses: docker/[email protected]
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push ${{ matrix.policy.name }}
if: steps.changes.outputs.src == 'true' && env.tag != ''
id: push_policies
run: |
GIT_TAG=${{ env.tag }}
GENVAL_OUTPUT=$(genval artifact push --reqinput ${{ matrix.policy.path }} \
--dest oci://ghcr.io/intelops/policyhub/genval/${{ matrix.policy.artifact-name }}:${GIT_TAG} \
--annotations="authors=intelops inc.")
echo "${GENVAL_OUTPUT}"
echo "OUTPUT=oci://ghcr.io/intelops/policyhub/genval/${{ matrix.policy.artifact-name }}:${GIT_TAG}" >> $GITHUB_ENV
# Write OCI URL to output file
- name: Write policy URL
if: steps.changes.outputs.src == 'true'
uses: DamianReeves/write-file-action@6929a9a6d1807689191dcc8bbe62b54d70a32b42 # v1.3
with:
path: "genval/outputs/${{ matrix.policy.output }}.env"
write-mode: overwrite
contents: |
# GitHub generated file
# Please do not modify or delete this file
${{ matrix.policy.output}}=${{ env.OUTPUT }}
- name: Commit & Push
if: steps.changes.outputs.src == 'true'
uses: Andro999b/push@c77535fe7a94645f7ceca83e48e6cc977620710e # v1.3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: "${{ matrix.policy.name}}-${{ github.run_number }}"
force: true
message: "Overwritten by GitHub Actions - ${{ github.run_number }}"
- name: Create Pull Request
if: steps.changes.outputs.src == 'true'
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
branch: "${{ matrix.policy.name}}-${{ github.run_number }}"
title: "Update policy URL for ${{ matrix.policy.name }}"
body: "This pull request updates the policy URL for ${{ matrix.policy.name }}."
base: main