chore: (automate) housekeeping #861

Workflow file for this run

	name: Continuous Integration

	on:
	push:
	pull_request:

	permissions:
	contents: write
	packages: write
	security-events: write

	jobs:
	rel:
	name: Build, scan & push Snapshot
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Set up Go
	uses: actions/setup-go@v4
	with:
	go-version-file: go.mod

	- name: Build snapshot artifacts
	uses: goreleaser/goreleaser-action@v5
	with:
	version: latest
	args: release --snapshot --clean --config .goreleaser-ci.yaml
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Get Version
	id: version
	run: echo "value=commit-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: "ghcr.io/${{ github.repository }}:${{ steps.version.outputs.value }}"
	format: "sarif"
	output: "trivy-results.sarif"

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: "trivy-results.sarif"

	- name: GHCR login
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Login to MTR
	uses: docker/login-action@v3
	with:
	registry: mtr.devops.telekom.de
	username: ${{ secrets.MTR_USERNAME }}
	password: ${{ secrets.MTR_PASSWORD }}

	- name: Push snapshot container image
	run: \|
	docker push ghcr.io/${{ github.repository }}:${{ steps.version.outputs.value }}
	docker push mtr.devops.telekom.de/sparrow/sparrow:${{ steps.version.outputs.value }}


	helm:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repo
	uses: actions/checkout@v4
	with:
	fetch-tags: true

	- name: Fetch tags explicitly
	run: git fetch --tags

	- name: Get App Version
	id: appVersion
	run: echo "value=commit-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT

	- name: Get Chart Version
	id: chartVersion
	# produces a tag like: 0.2.2-commit-asdf3
	run: echo "value=$(git tag --sort=taggerdate \| tail -1 \| cut -c 2-)-commit-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT

	- name: Registry login
	run: \|
	helm registry login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }}
	helm registry login mtr.devops.telekom.de -u ${{ secrets.MTR_USERNAME }} -p ${{ secrets.MTR_PASSWORD }}

	- name: Helm lint
	run: helm lint ./chart

	- name: Helm package
	run: helm package ./chart -d ./chart --version ${{ steps.chartVersion.outputs.value }} --app-version ${{ steps.appVersion.outputs.value }}

	- name: Push helm package
	run: \|
	helm push $(ls ./chart/*.tgz\| head -1) oci://ghcr.io/${{ github.repository_owner }}/charts
	helm push $(ls ./chart/*.tgz\| head -1) oci://mtr.devops.telekom.de/sparrow/charts

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: (automate) housekeeping #861

Workflow file

chore: (automate) housekeeping #861

Jobs

Run details

Workflow file for this run