From b82e5b1ec990c16670365a32a4e1c8b8146a21a0 Mon Sep 17 00:00:00 2001 From: Steve Wagner Date: Wed, 27 Dec 2023 09:38:03 -0800 Subject: [PATCH] Restructure Actions Add github credentials ... ... ... ... ... --- .github/workflows/build-and-sign-image.yml | 29 ++++++++++++++----- .../{scorecard.yml => run-scorecard.yml} | 0 .../{build-test.yml => run-tests.yml} | 10 +++++-- 3 files changed, 29 insertions(+), 10 deletions(-) rename .github/workflows/{scorecard.yml => run-scorecard.yml} (100%) rename .github/workflows/{build-test.yml => run-tests.yml} (80%) diff --git a/.github/workflows/build-and-sign-image.yml b/.github/workflows/build-and-sign-image.yml index b32721e..3d06378 100644 --- a/.github/workflows/build-and-sign-image.yml +++ b/.github/workflows/build-and-sign-image.yml @@ -3,22 +3,18 @@ name: Build and sign image on: - pull_request: - types: - - closed - branches: - - "main" - + push: + tags: + - "v[0-9]+.[0-9]+.[0-9]+" env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} jobs: build_and_sign_image: - if: ${{ github.event.pull_request.merged }} runs-on: ubuntu-latest permissions: - contents: read + contents: write packages: write id-token: write security-events: write @@ -27,6 +23,12 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - uses: anchore/sbom-action@v0 + with: + image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + registry-username: ${{ github.actor }} + registry-password: ${{ secrets.GITHUB_TOKEN }} + - name: Install cosign uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.0.2 with: @@ -79,3 +81,14 @@ jobs: sarif_file: 'trivy-results-${{ inputs.image }}.sarif' sha: ${{ github.sha }} ref: ${{ github.ref }} + + - name: Generate Release + uses: ncipollo/release-action@v1 + with: + body: | + # Release ${{ github.ref }} + ## Changelog + ${{ steps.meta.outputs.changelog }} + generateReleaseNotes: true + makeLatest: false + name: "nginx-loadbalancer-kubernetes ${{ github.ref }}" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/run-scorecard.yml similarity index 100% rename from .github/workflows/scorecard.yml rename to .github/workflows/run-scorecard.yml diff --git a/.github/workflows/build-test.yml b/.github/workflows/run-tests.yml similarity index 80% rename from .github/workflows/build-test.yml rename to .github/workflows/run-tests.yml index 72ae009..454c716 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/run-tests.yml @@ -1,11 +1,17 @@ # This workflow will build a golang project # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go -name: CI +name: Run tests on: + branch_protection_rule: + types: + - created + push: - branches: [ "main", "*" ] + branches: + - main + - * jobs: