This repository has been archived by the owner on Apr 4, 2024. It is now read-only.
forked from redhat-developer/service-binding-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
131 lines (108 loc) · 3.23 KB
/
merge-to-master.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Merge to master
on:
push:
branches:
- master
env:
SDK_VERSION: "1.17.0"
GO111MODULE: on
K8S_VERSION: "1.19.2"
CONTAINER_RUNTIME: "docker"
jobs:
release:
name: Release operator on Quay.io
runs-on: ubuntu-latest
steps:
- name: Checkout Git Repository
uses: actions/checkout@v3
- name: Set up PATH
run: |
mkdir -p $GITHUB_WORKSPACE/bin/
echo "PATH=$PATH:$GITHUB_WORKSPACE/bin/" >> $GITHUB_ENV
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: "^1.18"
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.7"
architecture: "x64"
- name: Setup CLI
uses: ./.github/actions/setup-cli
with:
operator-sdk: true
kubectl: true
- name: Release operator on Quay.io
env:
QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }}
run: make release-operator
unit-tests-with-coverage:
name: Unit tests with code coverage for merge-to-master commits
runs-on: ubuntu-latest
steps:
- name: Checkout Git Repository
uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: "^1.18"
- name: Unit Tests with Code Coverage
run: |
make test
- name: Upload Code Coverage Report
uses: codecov/codecov-action@v3
with:
file: cover.out
verbose: true
fail_ci_if_error: true
publish-website:
name: Publish website
runs-on: ubuntu-20.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: generate website
env:
SITE_SOURCE: github
run: |
make site
touch ./out/site/.nojekyll
- name: Publish to GitHub Pages
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./out/site
destination_dir: docs
security-scan:
name: Security vulnerability scan
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Wait for push
uses: lewagon/wait-on-check-action@3a563271c3f8d1611ed7352809303617ee7e54ac
with:
ref: ${{ github.ref }}
check-name: "Release operator on Quay.io"
repo-token: ${{ secrets.GITHUB_TOKEN }}
wait-interval: 60
- name: Extract operator image ref
id: operator-image-ref
run: |
export OIR=$(make operator-image-ref)
echo "operator-image-ref=${OIR}" >> $GITHUB_OUTPUT
- name: Run Trivy vulnerability scanner in IaC mode
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ steps.operator-image-ref.outputs.operator-image-ref }}
format: 'sarif'
severity: 'CRITICAL,HIGH'
ignore-unfixed: true
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
if: always()
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'