Prepare for release 0.5.4 #65
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| # also run after hotfixes etc. pushed directly to main | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| build-and-test: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| # ct needs history to compare | |
| fetch-depth: 0 | |
| # needed for multiarch builds | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Go Build Cache for Docker | |
| uses: actions/cache@v3 | |
| with: | |
| path: go-build-cache | |
| key: ${{ runner.os }}-go-build-cache-${{ hashFiles('**/go.sum') }} | |
| - name: inject go-build-cache into docker | |
| uses: reproducible-containers/[email protected] | |
| with: | |
| cache-source: go-build-cache | |
| - name: Build Docker AMD64 image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: false | |
| load: true | |
| platforms: linux/amd64 | |
| tags: okteto/civo-webhook:${{ github.sha }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # we need to duplicate because the load param doesn't work when building multiarch images | |
| - name: Build Docker ARM64 image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: false | |
| platforms: linux/arm64 | |
| tags: okteto/civo-webhook:${{ github.sha }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: "okteto/civo-webhook:${{ github.sha }}" | |
| format: "table" | |
| exit-code: "1" | |
| ignore-unfixed: true | |
| vuln-type: "os,library" | |
| severity: "CRITICAL" | |
| - name: Install Helm | |
| uses: azure/setup-helm@v1 | |
| with: | |
| version: v3.12.1 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.10" | |
| check-latest: true | |
| - name: Set up chart-testing | |
| uses: helm/[email protected] | |
| - name: Run chart-testing (list-changed) | |
| id: list-changed | |
| run: | | |
| changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }} --chart-dirs chart) | |
| if [[ -n "$changed" ]]; then | |
| echo "changed=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| exit 0 | |
| - name: Run chart-testing (lint) | |
| if: steps.list-changed.outputs.changed == 'true' | |
| run: ct lint --target-branch ${{ github.event.repository.default_branch }} | |
| - name: Create kind cluster | |
| if: steps.list-changed.outputs.changed == 'true' | |
| uses: helm/[email protected] | |
| - name: Run chart-testing (install) | |
| if: steps.list-changed.outputs.changed == 'true' | |
| run: ct install --target-branch ${{ github.event.repository.default_branch }} |