From 1f5a1387550219b9d8bb17034c2a13a84179d630 Mon Sep 17 00:00:00 2001
From: seanconroy2021 <sconroy@redhat.com>
Date: Fri, 6 Oct 2023 12:30:27 +0100
Subject: [PATCH] Add simple  'checks' workflow for PR and Merge events

This workflow automates the following tasks:

1. On pull requests to the 'main' branch, it runs a basic CI check.

2. On pushes or merges to the 'main' branch, it runs the CI check. If successful, it triggers the 'release' job, which performs the following actions:
   - Determines the current version (e.g., v1.0.1) and increments it to create a new version (e.g., v1.0.2).
   - Creates a new version release with the updated tag (e.g., v1.0.2).
resolves: HACBS-2725
Signed-off-by: Sean Conroy sconroy@redhat.com
---
 .github/workflows/checks.yaml | 58 +++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 .github/workflows/checks.yaml

diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml
new file mode 100644
index 00000000..bd8353a2
--- /dev/null
+++ b/.github/workflows/checks.yaml
@@ -0,0 +1,58 @@
+name: Checks
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  ci: 
+    runs-on: ubuntu-latest
+    outputs:
+      status: ${{ job.status }}
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name : Run EC Validate (keyless)
+      uses: ./
+      with:
+        image: ghcr.io/enterprise-contract/golden-container:latest
+        identity: https:\/\/github\.com\/(slsa-framework\/slsa-github-generator|enterprise-contract\/golden-container)\/
+        issuer: https://token.actions.githubusercontent.com
+
+    # - name : Run EC Validate (Long_Lived)
+    #   uses: ./
+    #   with:
+    #     image: quay.io/redhat-appstudio/ec-golden-image:latest
+    #     key: ${{ vars.PUBLIC_KEY }}
+    #     policy: github.com/enterprise-contract/config//slsa3 #FIXME Commented out because the golden-image on quay.io is failing due to a violation in the image. 
+    #     extra-params: --ignore-rekor
+
+  release:
+    runs-on: ubuntu-latest
+    needs: ci 
+    permissions:
+      contents: write
+    if: needs.ci.outputs.status == 'success' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request'
+    steps:
+    - name: Setup GitHub Auth for gh cli
+      run: echo ${{ secrets.GHTOKEN }} | gh auth login --with-token
+    - name: Get Latest Version Tag and Increment 
+      run: |
+        # Find the version tag and then increment new version with v prefix eg. v1.0.1 -> v1.0.2
+        latestVTag=$(gh api -H 'Accept: application/vnd.github.v3+json' /repos/${{ github.repository }}/releases/latest -q '.tag_name')
+        echo "newVersion=v$(echo ${latestVTag#v} | awk -F. '{$NF = $NF + 1;} 1' OFS=.)" >> $GITHUB_ENV
+    
+    - name: Create New Version Release
+      uses: softprops/action-gh-release@v1
+      with:
+        name: ${{ env.newVersion }} Release
+        body: ""
+        tag_name: ${{ env.newVersion }}
+        generate_release_notes: true
+        draft: false
+        prerelease: false
\ No newline at end of file