Skip to content

Adding go-releaser to spire for systemd support #27

Adding go-releaser to spire for systemd support

Adding go-releaser to spire for systemd support #27

name: spire-server workflow
on:
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+-*"
pull_request_target:
branches:
- "*"
env:
GO_VERSION: 1.20.1
REPO: 956994857092.dkr.ecr.us-east-2.amazonaws.com
IMAGE_NAME: spire-server
CHART_NAME: spire-server
CHART_PATH: ./spire-server-chart
CHART_REVISION_NAME: spire-server
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DEV_ACCESS_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DEV_SECRET_ID }}
AWS_REGION: us-east-2
permissions:
contents: read
jobs:
tag-validate:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/v')
steps:
- uses: rubenesp87/[email protected]
with:
version: ${{ github.ref_name }}
images:
name: images (linux)
runs-on: ubuntu-20.04
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/[email protected]
- name: Setup go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # ratchet:actions/[email protected]
with:
go-version: ${{ env.GO_VERSION }}
- name: Set git token
run: git remote set-url origin https://${{ secrets.V_GIT_KEY }}@github.com/accuknox/spire.git
- name: Update submodules
run: git submodule update --init --recursive
- name: Set up QEMU
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # ratchet:docker/[email protected]
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # ratchet:docker/[email protected]
- name: Build spire-server-sidecar-image
run: make server-sidecar
- name: Tag docker images
run: docker image tag spire-sidecar:latest ${{ env.REPO }}/spire-sidecar:latest
success:
runs-on: ubuntu-20.04
needs: [artifacts]

Check failure on line 61 in .github/workflows/spire-server-action.yaml

View workflow run for this annotation

GitHub Actions / spire-server workflow

Invalid workflow file

The workflow is not valid. .github/workflows/spire-server-action.yaml (Line: 61, Col: 13): Job 'success' depends on unknown job 'artifacts'.
permissions:
contents: read
steps:
- name: Declare victory!
run: echo "# Successful" >> $GITHUB_STEP_SUMMARY
docker-image-scan:
runs-on: ubuntu-latest
needs: [tag-validate]
if: always() && !contains(needs.tag-validate.result, 'failure')
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REPO }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
output: ./trivy-results
severity: CRITICAL,HIGH
exit-code: 0
docker-image-push:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/v')
needs: [docker-image-scan, helm-chart-validate]
steps:
- name: Login to ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Docker push to ECR
shell: bash
run: docker push ${{ env.REPO }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
helm-chart-validate:
runs-on: ubuntu-latest
needs: [tag-validate]
if: always() && !contains(needs.version-validation.result, 'failure')
steps:
- name: Checkout source
uses: accuknox/common-gh-actions/actions/checkout-source@main
- name: Validate helm chart
uses: accuknox/common-gh-actions/actions/helm-check@main
with:
chart-path: ${{ env.CHART_PATH }}
revision-name: ${{ env.CHART_REVISION_NAME }}
helm-chart-push:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/v')
needs: [docker-image-push]
steps:
- name: Checkout source
uses: accuknox/common-gh-actions/actions/checkout-source@main
- name: Push helm chart to ECR
uses: accuknox/common-gh-actions/actions/helm-push@main
with:
chart-path: ${{ env.CHART_PATH }}
version: ${{ github.ref_name }}
ecr-region: ${{ env.AWS_REGION }}
ecr-repo: ${{ env.REPO }}