Skip to content

Commit

Permalink
Add simple 'checks' workflow for PR and Merge events
Browse files Browse the repository at this point in the history
This workflow automates the following tasks:

1. On pull requests to the 'main' branch, it runs a basic CI check.

2. On pushes or merges to the 'main' branch, it runs the CI check. If successful, it triggers the 'release' job, which performs the following actions:
   - Determines the current version (e.g., v1.0.1) and increments it to create a new version (e.g., v1.0.2).
   - Creates a new version release with the updated tag (e.g., v1.0.2).
resolves: HACBS-2725
Signed-off-by: Sean Conroy [email protected]
  • Loading branch information
seanconroy2021 committed Oct 10, 2023
1 parent 8e39760 commit 1f5a138
Showing 1 changed file with 58 additions and 0 deletions.
58 changes: 58 additions & 0 deletions .github/workflows/checks.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
name: Checks
on:
pull_request:
branches:
- main
push:
branches:
- main
workflow_dispatch:

jobs:
ci:
runs-on: ubuntu-latest
outputs:
status: ${{ job.status }}
steps:
- name: Checkout code
uses: actions/checkout@v2

- name : Run EC Validate (keyless)
uses: ./
with:
image: ghcr.io/enterprise-contract/golden-container:latest
identity: https:\/\/github\.com\/(slsa-framework\/slsa-github-generator|enterprise-contract\/golden-container)\/
issuer: https://token.actions.githubusercontent.com

# - name : Run EC Validate (Long_Lived)
# uses: ./
# with:
# image: quay.io/redhat-appstudio/ec-golden-image:latest
# key: ${{ vars.PUBLIC_KEY }}
# policy: github.com/enterprise-contract/config//slsa3 #FIXME Commented out because the golden-image on quay.io is failing due to a violation in the image.
# extra-params: --ignore-rekor

release:
runs-on: ubuntu-latest
needs: ci
permissions:
contents: write
if: needs.ci.outputs.status == 'success' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request'
steps:
- name: Setup GitHub Auth for gh cli
run: echo ${{ secrets.GHTOKEN }} | gh auth login --with-token
- name: Get Latest Version Tag and Increment
run: |
# Find the version tag and then increment new version with v prefix eg. v1.0.1 -> v1.0.2
latestVTag=$(gh api -H 'Accept: application/vnd.github.v3+json' /repos/${{ github.repository }}/releases/latest -q '.tag_name')
echo "newVersion=v$(echo ${latestVTag#v} | awk -F. '{$NF = $NF + 1;} 1' OFS=.)" >> $GITHUB_ENV
- name: Create New Version Release
uses: softprops/action-gh-release@v1
with:
name: ${{ env.newVersion }} Release
body: ""
tag_name: ${{ env.newVersion }}
generate_release_notes: true
draft: false
prerelease: false

0 comments on commit 1f5a138

Please sign in to comment.