Skip to content
Release

release: prepare v0.22.0 (#2166) #127

Sign in to view logs

release: prepare v0.22.0 (#2166)

release: prepare v0.22.0 (#2166) #127

Workflow file for this run

.github/workflows/release.yaml at 0dead55
---
# This workflow is triggered whenever we release a new version of trivy-operator
# by creating an annotated Git tag and pushing it to the upstream Git repository.
#
# git tag -a v0.0.1 -m 'Release v0.0.1'
# git push upstream v0.0.1
name: Release
on:
push:
tags:
- "v*"
env:
KIND_VERSION: v0.17.0
KIND_IMAGE: kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6
GO_VERSION: '1.22'
jobs:
tests:
name: Run tests
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Install tools
uses: aquaproj/[email protected]
with:
aqua_version: v1.25.0
- name: Run unit tests
run: mage test:unit
itest-trivy-operator:
name: Run integration tests / Trivy Operator
needs:
- tests
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Install tools
uses: aquaproj/[email protected]
with:
aqua_version: v1.25.0
- name: Setup Kubernetes cluster (KIND)
uses: engineerd/[email protected]
with:
version: ${{ env.KIND_VERSION }}
image: ${{ env.KIND_IMAGE }}
- name: Test connection to Kubernetes cluster
run: |
kubectl cluster-info
kubectl wait --for=condition=Ready nodes --all --timeout=300s
kubectl describe node
- name: Run integration tests
run: |
kubectl create -k deploy/static
mage test:integration
env:
KUBECONFIG: /home/runner/.kube/config
OPERATOR_NAMESPACE: trivy-system
OPERATOR_TARGET_NAMESPACES: default
release:
name: Release
needs:
- itest-trivy-operator
runs-on: ubuntu-latest
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
permissions:
contents: write
id-token: write
packages: write
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Available platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Install cosign
uses: sigstore/[email protected]
- name: Login to docker.io registry
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to ECR
uses: docker/[email protected]
with:
registry: public.ecr.aws
username: ${{ secrets.ECR_ACCESS_KEY_ID }}
password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
- name: Login to ghcr.io
uses: docker/[email protected]
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Release
uses: goreleaser/goreleaser-action@v6
with:
version: v1.7.0
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_EXPERIMENTAL: 1
- name: Repository Dispatch Publish Helm Chart
if: ${{ steps.latest_tag.outputs.tag == steps.chart_version.outputs.app_version }}
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
event-type: publish-chart
client-payload: '{"action": "chart-and-app-release"}'