release-alpha.yml

# Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: release-alpha

on:
  push:
    branches:
      - main

permissions: read-all
jobs:
  ReleaseAlpha:
    permissions:
      contents: write
      packages: write
      issues:   write
    runs-on: ubuntu-latest
    env:
      COSIGN_KEY_LOCATION: "/tmp/cosign.key"

    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Set up Go
        uses: actions/setup-go@v3
        with:
          go-version: 1.17

      - name: Install Mage
        run: go install github.com/magefile/mage@v1.11

      - name: Docker Login
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Cosign Installer
        uses: sigstore/cosign-installer@main
        with:
          cosign-release: 'v1.2.0'

      # Install consing private key using mage
      - name: Install cosign private key
        run: mage WriteCosignKeyToFile
        env:
          COSIGN_KEY: ${{secrets.COSIGN_KEY}}

      # Build and push docker operator alpha image
      - name: Build and push
        uses: docker/build-push-action@v2
        with:
          push: true
          context: .
          file: ./deployments/dockerfiles/Dockerfile
          tags: horuszup/horusec-operator:alpha

      # Sign alpha operator using mage
      - name: Sign image
        run: mage SignImage alpha
        env:
          COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}

      # Delete the latest alpha pre-release
      - name: Delete outdate release
        uses: dev-drprasad/delete-tag-and-release@v0.2.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          delete_release: true
          tag_name: alpha

      # Create a new alpha pre-release
      - name: Update alpha release
        uses: softprops/action-gh-release@v1
        with:
          name: alpha
          tag_name: alpha
          prerelease: true
          draft: false
          target_commitish: ${{ github.sha }}
          token: ${{ secrets.GITHUB_TOKEN }}
          files: |
            ./deployments/cosign.pub
          body: |
            ## Description

            This tag it's updated every time there's a change in the main branch. It's a developement tag and should not be used in production.

            ## Docker images

            - `docker pull horuszup/horusec-operator:alpha`