Skip to content

Commit 4aefd71

Browse files
ciroqueciroque
committed
Restructure Actions
Add github credentials ... ... ... ... ... ... ... ... ... ... ... ... ... ...
1 parent 6dd9826 commit 4aefd71

File tree

3 files changed

+33
-10
lines changed

3 files changed

+33
-10
lines changed

.github/workflows/build-and-sign-image.yml

+25-8
Original file line numberDiff line numberDiff line change
@@ -3,22 +3,18 @@
33
name: Build and sign image
44

55
on:
6-
pull_request:
7-
types:
8-
- closed
9-
branches:
10-
- "main"
11-
6+
push:
7+
tags:
8+
- "v[0-9]+.[0-9]+.[0-9]+"
129
env:
1310
REGISTRY: ghcr.io
1411
IMAGE_NAME: ${{ github.repository }}
1512

1613
jobs:
1714
build_and_sign_image:
18-
if: ${{ github.event.pull_request.merged }}
1915
runs-on: ubuntu-latest
2016
permissions:
21-
contents: read
17+
contents: write
2218
packages: write
2319
id-token: write
2420
security-events: write
@@ -27,6 +23,13 @@ jobs:
2723
- name: Checkout
2824
uses: actions/checkout@v4
2925

26+
- uses: anchore/sbom-action@v0
27+
with:
28+
image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
29+
output-file: ./nginx-loadbalancer-kubernetes-${{env.GITHUB_REF_NAME}}.spdx.json
30+
registry-username: ${{ github.actor }}
31+
registry-password: ${{ secrets.GITHUB_TOKEN }}
32+
3033
- name: Install cosign
3134
uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.0.2
3235
with:
@@ -79,3 +82,17 @@ jobs:
7982
sarif_file: 'trivy-results-${{ inputs.image }}.sarif'
8083
sha: ${{ github.sha }}
8184
ref: ${{ github.ref }}
85+
86+
- name: Generate Release
87+
uses: ncipollo/release-action@v1
88+
with:
89+
artifacts: |
90+
trivy-results-${{ inputs.image }}.sarif
91+
./nginx-loadbalancer-kubernetes-${{env.GITHUB_REF_NAME}}.spdx.json
92+
body: |
93+
# Release ${{env.GITHUB_REF_NAME}}
94+
## Changelog
95+
${{ steps.meta.outputs.changelog }}
96+
generateReleaseNotes: true
97+
makeLatest: false
98+
name: "${{env.GITHUB_REF_NAME}}"

.github/workflows/scorecard.yml renamed to .github/workflows/run-scorecard.yml

File renamed without changes.

.github/workflows/build-test.yml renamed to .github/workflows/run-tests.yml

+8-2
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,17 @@
11
# This workflow will build a golang project
22
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
33

4-
name: CI
4+
name: Run tests
55

66
on:
7+
branch_protection_rule:
8+
types:
9+
- created
10+
711
push:
8-
branches: [ "main", "*" ]
12+
branches:
13+
- main
14+
- *
915

1016
jobs:
1117

0 commit comments

Comments
 (0)