Release snapshot #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Release snapshot on CRON schedule (every night) or on demand. | |
name: Release snapshot | |
on: | |
workflow_dispatch: {} | |
schedule: | |
- cron: "0 0 * * *" | |
env: | |
GO_VERSION: 1.20.4 | |
# Disable permissions granted to the GITHUB_TOKEN for all the available scopes. | |
permissions: {} | |
jobs: | |
release-snapshot: | |
name: Release unversioned snapshot | |
runs-on: ubuntu-latest | |
env: | |
DOCKER_CLI_EXPERIMENTAL: "enabled" | |
permissions: | |
id-token: write | |
steps: | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Available platforms | |
run: echo ${{ steps.buildx.outputs.platforms }} | |
- name: Setup Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- uses: actions/cache@v3 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Install cosign | |
uses: sigstore/[email protected] | |
- name: Release snapshot | |
uses: goreleaser/goreleaser-action@v4 | |
with: | |
version: v1.7.0 | |
args: release --snapshot --skip-publish --rm-dist | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COSIGN_EXPERIMENTAL: 1 | |
- name: Scan Trivy Operator image for vulnerabilities | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: 'ghcr.io/aquasecurity/trivy-operator:${{ github.sha }}-amd64' | |
exit-code: '1' | |
ignore-unfixed: true | |
severity: 'CRITICAL,HIGH' | |
- name: Notify dedicated teams channel | |
uses: jdcargile/[email protected] | |
if: failure() | |
with: | |
github-token: ${{ secrets.ORG_REPO_TOKEN }} | |
ms-teams-webhook-uri: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} | |
notification-summary: vulnerabilities has been found in trivy-operator image | |
notification-color: 17a2b8 | |
timezone: America/Denver |