From c76a60067c7494b7e50be6e1367748065941035c Mon Sep 17 00:00:00 2001 From: seanconroy2021 Date: Fri, 6 Oct 2023 12:30:27 +0100 Subject: [PATCH] Add simple 'checks' workflow for PR and Merge events This workflow automates the following tasks: 1. On pull requests to the 'main' branch, it runs a basic CI check. 2. On pushes or merges to the 'main' branch, it runs the CI check. If successful, it triggers the 'release' job, which performs the following actions: - Determines the current version (e.g., v1.0.1) and increments it to create a new version (e.g., v1.0.2). - Creates a new version release with the updated tag (e.g., v1.0.2). resolves: HACBS-2725 Signed-off-by: Sean Conroy sconroy@redhat.com --- .github/workflows/checks.yaml | 57 +++++++++++++++++++++++++++++++++++ README.md | 8 ++--- 2 files changed, 61 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/checks.yaml diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml new file mode 100644 index 0000000..7f4d157 --- /dev/null +++ b/.github/workflows/checks.yaml @@ -0,0 +1,57 @@ +name: Checks +on: + pull_request: + branches: + - main + push: + branches: + - main + workflow_dispatch: + +jobs: + ci: + runs-on: ubuntu-latest + outputs: + status: ${{ job.status }} + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name : Run EC Validate (keyless) + uses: ./ + with: + image: ghcr.io/enterprise-contract/golden-container:latest + identity: https:\/\/github\.com\/(slsa-framework\/slsa-github-generator|enterprise-contract\/golden-container)\/ + issuer: https://token.actions.githubusercontent.com + + #FIXME Commented out because the golden-image on quay.io is failing due to a violation in the image. + # - name : Run EC Validate (Long_Lived) + # uses: ./ + # with: + # image: quay.io/redhat-appstudio/ec-golden-image:latest + # key: ${{ vars.PUBLIC_KEY }} + # policy: github.com/enterprise-contract/config//slsa3 + # extra-params: --ignore-rekor + + release: + runs-on: ubuntu-latest + needs: ci + if: needs.ci.outputs.status == 'success' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' + steps: + - name: Get Latest Version Tag and Increment + run: | + # Find the version tag and then increment new version with v prefix eg. v1.0.1 -> v1.0.2 + latestVTag=$(gh api -H 'Accept: application/vnd.github.v3+json' /repos/${{ github.repository }}/releases/latest -q '.tag_name') + echo "newVersion=v$(echo ${latestVTag#v} | awk -F. '{$NF = $NF + 1;} 1' OFS=.)" >> $GITHUB_ENV + env: + GH_TOKEN: ${{ github.token }} + + - name: Create New Version Release + uses: softprops/action-gh-release@v1 + with: + name: ${{ env.newVersion }} Release + body: "" + tag_name: ${{ env.newVersion }} + generate_release_notes: true + draft: false + prerelease: false diff --git a/README.md b/README.md index fe755ec..7a4a76a 100644 --- a/README.md +++ b/README.md @@ -83,11 +83,11 @@ jobs: steps: - name: Run EC Validator - uses: enterprise-contract/action-validate-image@v1.1 + uses: enterprise-contract/action-validate-image@latest with: - image: "quay.io/redhat-appstudio/ec-golden-image:latest" + image: quay.io/redhat-appstudio/ec-golden-image:latest key: ${{ vars.PUBLIC_KEY }} - policy: "github.com/enterprise-contract/config//default" + policy: github.com/enterprise-contract/config//slsa3 extra-params: --ignore-rekor ``` @@ -109,7 +109,7 @@ jobs: steps: - name: Run EC Validator - uses: enterprise-contract/action-validate-image@v1.1 + uses: enterprise-contract/action-validate-image@latest with: image: quay.io/lucarval/festoji:latest identity: https:\/\/github\.com\/(slsa-framework\/slsa-github-generator|lcarva\/festoji)\/