Restructure Actions

Add github credentials ... ... ... ... ... ...
nginxinc · Dec 27, 2023 · d067414 · d067414
1 parent 7cc898e
commit d067414
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 10 deletions.
diff --git a/.github/workflows/build-and-sign-image.yml b/.github/workflows/build-and-sign-image.yml
@@ -3,22 +3,18 @@
 name: Build and sign image
 
 on:
-  pull_request:
-    types:
-      - closed
-    branches:
-      - "main"
-
+  push:
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
 
 jobs:
   build_and_sign_image:
-    if: ${{ github.event.pull_request.merged }}
     runs-on: ubuntu-latest
     permissions:
-      contents: read
+      contents: write
       packages: write
       id-token: write
       security-events: write
@@ -27,6 +23,12 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - uses: anchore/sbom-action@v0
+        with:
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          registry-username: ${{ github.actor }}
+          registry-password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Install cosign
         uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.0.2
         with:
@@ -79,3 +81,15 @@ jobs:
           sarif_file: 'trivy-results-${{ inputs.image }}.sarif'
           sha: ${{ github.sha }}
           ref: ${{ github.ref }}
+
+      - name: Generate Release
+        uses: ncipollo/release-action@v1
+        with:
+          artifacts: "/tmp/sbom-action-DquBAt/nginxinc-nginx-loadbalancer-kubernetes.spdx.json,trivy-results-${{ inputs.image }}.sarif"
+          body: |
+            # Release $GITHUB_REF_NAME
+            ## Changelog
+            ${{ steps.meta.outputs.changelog }}
+          generateReleaseNotes: true
+          makeLatest: false
+          name: $GITHUB_REF_NAME
diff --git a/.github/workflows/scorecard.yml → .github/workflows/run-scorecard.yml b/.github/workflows/scorecard.yml → .github/workflows/run-scorecard.yml
diff --git a/.github/workflows/build-test.yml → .github/workflows/run-tests.yml b/.github/workflows/build-test.yml → .github/workflows/run-tests.yml
@@ -1,11 +1,17 @@
 # This workflow will build a golang project
 # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
 
-name: CI
+name: Run tests
 
 on:
+  branch_protection_rule:
+    types:
+      - created
+
   push:
-    branches: [ "main", "*" ]
+    branches:
+      - main
+      - *
 
 jobs: