From 767375180b25a2ed2402a2ebc12e1fba8722b0c6 Mon Sep 17 00:00:00 2001 From: seanconroy2021 Date: Fri, 6 Oct 2023 12:30:27 +0100 Subject: [PATCH] Add simple 'checks' workflow for PR and Merge events This workflow automates the following tasks: 1. On pull requests to the 'main' branch, it runs a basic CI check. 2. On pushes or merges to the 'main' branch, it runs the CI check. If successful, it triggers the 'release' job, which performs the following actions: - Deletes the 'latest' release and its associated tag. - Determines the current version (e.g., v1.0.1) and increments it to create a new version (e.g., v1.0.2). - Creates a new version release with the updated tag (e.g., v1.0.2). - Create or updates the 'latest' EC Validate Release resolves: HACBS-2725 Signed-off-by: Sean Conroy sconroy@redhat.com -- INSERT -- --- .github/workflows/checks.yaml | 82 +++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 .github/workflows/checks.yaml diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml new file mode 100644 index 00000000..20b55249 --- /dev/null +++ b/.github/workflows/checks.yaml @@ -0,0 +1,82 @@ +name: Checks +on: + pull_request: + branches: + - main + push: + branches: + - main + workflow_dispatch: + +jobs: + ci: + runs-on: ubuntu-latest + outputs: + status: ${{ job.status }} + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name : Run EC Validate (keyless) + uses: ./ + with: + image: ghcr.io/enterprise-contract/golden-container:latest + identity: https:\/\/github\.com\/(slsa-framework\/slsa-github-generator|enterprise-contract\/golden-container)\/ + issuer: https://token.actions.githubusercontent.com + + - name : Run EC Validate (Long_Lived) + uses: ./ + with: + image: quay.io/redhat-appstudio/ec-golden-image:latest + key: ${{ vars.PUBLIC_KEY }} + policy: "" #TODO Ignore until image is fixed + extra-params: --ignore-rekor + + + release: + runs-on: ubuntu-latest + needs: ci + if: needs.ci.outputs.status == 'success' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Setup GitHub Auth for gh cli + run: echo ${{ secrets.GHTOKEN }} | gh auth login --with-token + - name: Delete latest release and tag + run: | + latestTag=$(gh api -H 'Accept: application/vnd.github.v3+json' /repos/${{ github.repository }}/releases/latest -q '.tag_name') + latestId=$(gh api -H 'Accept: application/vnd.github.v3+json' /repos/${{ github.repository }}/releases/latest -q '.id') + + # Delete the latest release + gh api --method DELETE -H 'Accept: application/vnd.github.v3+json' "/repos/${{ github.repository }}/releases/${latestId}" + + # Delete the tag associated with the latest release + git push --delete origin $latestTag + + # Find the version tag and then increment new version with v prefix eg. v1.0.1 -> v1.0.2 + latestVTag=$(gh api -H 'Accept: application/vnd.github.v3+json' /repos/${{ github.repository }}/releases/latest -q '.tag_name') + echo "newVersion=v$(echo ${latestVTag#v} | awk -F. '{$NF = $NF + 1;} 1' OFS=.)" >> $GITHUB_ENV + + - name: Create New Version Release + uses: softprops/action-gh-release@v1 + with: + name: Latest Version ${{ env.newVersion }} Release + body: sha is ${{ github.sha }} + tag_name: ${{ env.newVersion }} + generate_release_notes: true + draft: false + prerelease: false + + - name: Create or Update 'latest' EC Validate Release + uses: softprops/action-gh-release@v1 + with: + name: Latest Release + body: Latest stable release. + tag_name: latest + generate_release_notes: true + draft: false + prerelease: false +