ci: added integration test and added signing to release

MadsRC · web-flow · commit 48e58c123138 · 2024-05-19T22:47:10.000+02:00
diff --git a/.github/workflows/integration-test.yaml b/.github/workflows/integration-test.yaml
@@ -0,0 +1,46 @@
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch: {}
+
+# Declare default permissions as read only.
+permissions: read-all
+
+name: Integration Test
+jobs:
+  integration-test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
+      with:
+        # Disabling shallow clone is recommended for improving relevancy of reporting
+        fetch-depth: 0
+    - uses: jdx/mise-action@0c39a522dfbced3ed83924152c45804a71ce216f # v2.0.4
+      with:
+        experimental: true
+    - name: 'Login to GitHub Container Registry'
+      uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3
+      with:
+        registry: ghcr.io
+        username: ${{github.actor}}
+        password: ${{secrets.GITHUB_TOKEN}}
+    - name: Get syft
+      uses: anchore/sbom-action/download-syft@7ccf588e3cf3cc2611714c2eeae48550fbc17552 # v0.15.11
+    - name: Set up Go
+      uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5
+      with:
+        go-version-file: 'go.mod'
+    - id: snapshot-release
+      name: Run GoReleaser
+      uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5
+      with:
+        args: release --snapshot --clean
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - name: Run integration check
+      run: |
+        image=$(echo '${{ steps.snapshot-release.outputs.artifacts }}' | jq '.[] | select(.type=="Docker Image") | select(.extra.DockerConfig.goos=="linux") | select(.extra.DockerConfig.goarch=="amd64") | select(.name|contains("-SNAPSHOT-")) | .name' -r)
+        echo "Testing image ${image}"
+        mise run test:integration --test-image="${image}"
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -16,6 +16,7 @@ jobs:
     permissions:
       contents: write
       packages: write
+      id-token: write
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -80,6 +80,26 @@ docker_manifests:
 release:
   prerelease: auto
 
+docker_signs:
+  - cmd: "cosign"
+    args:
+      - "sign"
+      - "--upload=false"
+      - "${artifact}"
+      - "--yes"
+    artifacts: all
+    output: true
+
+signs:
+  - cmd: "cosign"
+    args:
+      - "sign-blob"
+      - "--upload=false"
+      - "${artifact}"
+      - "--yes"
+    artifacts: all
+    output: true
+
 changelog:
   sort: asc
   filters:
