forked from aquasecurity/trivy-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
130 lines (130 loc) · 3.94 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
---
# This workflow is triggered whenever we release a new version of trivy-operator
# by creating an annotated Git tag and pushing it to the upstream Git repository.
#
# git tag -a v0.0.1 -m 'Release v0.0.1'
# git push upstream v0.0.1
name: Release
on:
push:
tags:
- "v*"
env:
KIND_VERSION: v0.17.0
KIND_IMAGE: kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6
GO_VERSION: '1.22'
jobs:
tests:
name: Run tests
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Install tools
uses: aquaproj/[email protected]
with:
aqua_version: v1.25.0
- name: Run unit tests
run: mage test:unit
itest-trivy-operator:
name: Run integration tests / Trivy Operator
needs:
- tests
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Install tools
uses: aquaproj/[email protected]
with:
aqua_version: v1.25.0
- name: Setup Kubernetes cluster (KIND)
uses: engineerd/[email protected]
with:
version: ${{ env.KIND_VERSION }}
image: ${{ env.KIND_IMAGE }}
- name: Test connection to Kubernetes cluster
run: |
kubectl cluster-info
kubectl wait --for=condition=Ready nodes --all --timeout=300s
kubectl describe node
- name: Run integration tests
run: |
kubectl create -k deploy/static
mage test:integration
env:
KUBECONFIG: /home/runner/.kube/config
OPERATOR_NAMESPACE: trivy-system
OPERATOR_TARGET_NAMESPACES: default
release:
name: Release
needs:
- itest-trivy-operator
runs-on: ubuntu-latest
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
permissions:
contents: write
id-token: write
packages: write
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Available platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Install cosign
uses: sigstore/[email protected]
- name: Login to docker.io registry
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to ECR
uses: docker/[email protected]
with:
registry: public.ecr.aws
username: ${{ secrets.ECR_ACCESS_KEY_ID }}
password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
- name: Login to ghcr.io
uses: docker/[email protected]
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Release
uses: goreleaser/goreleaser-action@v6
with:
version: v1.7.0
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_EXPERIMENTAL: 1
- name: Repository Dispatch Publish Helm Chart
if: ${{ steps.latest_tag.outputs.tag == steps.chart_version.outputs.app_version }}
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
event-type: publish-chart
client-payload: '{"action": "chart-and-app-release"}'