Skip to content
Test, build and update helm

Git push (#12) #33

Sign in to view logs

Git push (#12)

Git push (#12) #33

Workflow file for this run

.github/workflows/test-build-update-helm.yaml at 68d2fd9
name: Test, build and update helm
on:
push:
branches:
- main
paths-ignore:
- 'charts/fga-operator/values.yaml'
- 'charts/fga-operator/Chart.yaml'
pull_request:
branches:
- main
workflow_dispatch:
inputs:
tag:
description: 'Tag for docker image'
required: true
env:
IMAGE_TAG: ${{ inputs.tag || github.run_id }}
GITHUB_REGISTRY: ghcr.io
jobs:
test:
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '^1.22'
- name: Updating docker compose
run: |
sudo curl -SL https://github.com/docker/compose/releases/download/v2.26.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
- name: Start OpenFGA
run: docker-compose -f development/docker-compose/docker-compose.yaml up --wait
- name: Run tests
working-directory: ./operator
run: make test
build:
permissions:
contents: read
packages: write
runs-on: ubuntu-22.04
needs:
- test
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.GITHUB_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push Docker image
working-directory: ./operator
run: make docker-build docker-push IMG=${{ env.GITHUB_REGISTRY }}/${{ github.repository }}:${{ env.IMAGE_TAG }}
update-helm:
runs-on: ubuntu-22.04
if: github.ref == 'refs/heads/main'
needs:
- build
env:
BRANCH: ${{ github.head_ref || github.ref_name }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ env.BRANCH }}
token: ${{ secrets.GIT_PUSH }}
- name: Configure Git
run: |
git config --global user.email "[email protected]"
git config --global user.name "GitHub Action"
- name: Update values.yaml
run: |
sed -i 's/tag: .*/tag: ${{ github.run_id }}/' charts/fga-operator/values.yaml
- name: Update Chart.yaml version
run: |
sed -i -E 's/(version: [0-9]+\.[0-9]+\.[0-9]+).*/\1-${{ github.run_id }}/' charts/fga-operator/Chart.yaml
- name: Commit updated files
run: |
git add charts/fga-operator/values.yaml charts/fga-operator/Chart.yaml
git commit -m "Update controllerManager.image.tag and chart version to ${{ github.run_id }}"
- name: Push changes
run: |
git push origin HEAD:${{ env.BRANCH }}
scan-image:
permissions:
actions: read
contents: read
packages: read
security-events: write
runs-on: ubuntu-22.04
needs:
- build
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.GITHUB_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker pull
run: |
docker pull ${{ env.GITHUB_REGISTRY }}/${{ github.repository }}:${{ env.IMAGE_TAG }}
- name: Run Snyk to check Docker images for vulnerabilities
id: snyk_scan
uses: snyk/actions/docker@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: ${{ env.GITHUB_REGISTRY }}/${{ github.repository }}:${{ env.IMAGE_TAG }}
args: --file=./operator/Dockerfile --severity-threshold=high --sarif-file-output=snyk.sarif
- name: Upload Snyk report as sarif
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif
scan-repo:
permissions:
security-events: write
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/golang@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: ./operator --severity-threshold=high --sarif-file-output=snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif