.github/workflows/release.yml

name: Release
on:
  push:
    tags:
      - "*"
  workflow_dispatch:
env:
  GO_VERSION: "1.18"
jobs:
  tests:
    name: Run Tests
    runs-on: ubuntu-20.04
    steps:
      - name: Setup Go
        uses: actions/setup-go@v4
        with:
          go-version: ${{ env.GO_VERSION }}

      - name: Checkout code
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Build
        run: make build

      - name: Run Unit tests
        run: |
          make test

      - name: Run Integration Tests
        run: make test-integration

      - name: Run Trivy vulnerability scanner in repo mode
        uses: aquasecurity/trivy-action@0.11.0
        with:
          scan-type: 'fs'
          ignore-unfixed: true
          format: 'sarif'
          severity: 'CRITICAL'
          exit-code: 0

      - name: Run Trivy vulnerability scanner against Aqua Cloud
        uses: aquasecurity/trivy-action@0.11.0
        with:
          scan-type: 'fs'
          hide-progress: true
          format: 'table'
          security-checks: 'vuln,config'
        env:
          AQUA_KEY: ${{ secrets.AQUA_KEY }}
          AQUA_SECRET: ${{ secrets.AQUA_SECRET }}
          TRIVY_RUN_AS_PLUGIN: 'aqua'

  release:
    name: Release
    needs:
      - tests
    runs-on: ubuntu-20.04
    steps:
      - name: Setup Go
        uses: actions/setup-go@v4
        with:
          go-version: ${{ env.GO_VERSION }}

      - name: Checkout code
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USER }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to ECR
        uses: docker/login-action@v2
        with:
          registry: public.ecr.aws
          username: ${{ secrets.ECR_ACCESS_KEY_ID }}
          password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}

      - name: Release
        uses: goreleaser/goreleaser-action@v4
        with:
          version: ~> 0.180
          args: release --rm-dist
          workdir: .
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Log out from docker.io and ECR registries
        if: ${{ always() }}
        run: |
          docker logout docker.io
          docker logout public.ecr.aws