diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..859ddb2 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,86 @@ +name: Release +on: + push: + tags: + - "*" + workflow_dispatch: +env: + GO_VERSION: "1.18" +jobs: + tests: + name: Run Tests + runs-on: ubuntu-20.04 + steps: + - name: Setup Go + uses: actions/setup-go@v4 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Checkout code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Build + run: make build + + - name: Run Unit tests + run: | + make test + + - name: Run Integration Tests + run: make test-integration + + - name: Run Trivy vulnerability scanner in repo mode + uses: aquasecurity/trivy-action@0.11.0 + with: + scan-type: 'fs' + ignore-unfixed: true + format: 'sarif' + severity: 'CRITICAL' + exit-code: 0 + + - name: Run Trivy vulnerability scanner against Aqua Cloud + uses: aquasecurity/trivy-action@0.11.0 + with: + scan-type: 'fs' + hide-progress: true + format: 'table' + security-checks: 'vuln,config' + env: + TRIVY_RUN_AS_PLUGIN: 'aqua' + + release: + name: Release + needs: + - tests + runs-on: ubuntu-20.04 + steps: + - name: Setup Go + uses: actions/setup-go@v4 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Checkout code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Release + uses: goreleaser/goreleaser-action@v4 + with: + version: ~> 0.180 + args: release --rm-dist + workdir: . + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Log out from docker.io + if: ${{ always() }} + run: | + docker logout docker.io