feat(workflow): add workflow to push rules in registry #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Rulesfile | |
| on: push | |
| jobs: | |
| Release-Rulesfile: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| packages: write | |
| env: | |
| # Only one ruleset file for our demo | |
| RULESET_FILE: nsenter.yaml | |
| # Used to setup Auth and OCI artifact location | |
| OCI_REGISTRY: ghcr.io | |
| # Assuming we are in the main branch, our OCI artifact will | |
| # look something like ghcr.io/user/repo/custom-rules:main | |
| OCI_ARTIFACT_NAME: custom-rules | |
| OCI_ARTIFACT_VERSION: ${{ github.ref_name }} | |
| steps: | |
| - name: Checkout Falcoctl Repo | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: falcosecurity/falcoctl | |
| ref: main | |
| path: tools/falcoctl | |
| - name: Setup Golang | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '^1.20' | |
| cache-dependency-path: tools/falcoctl/go.sum | |
| - name: Build falcoctl | |
| run: make | |
| working-directory: tools/falcoctl | |
| - name: Checkout Rules Repo | |
| uses: actions/checkout@v3 | |
| with: | |
| path: rules | |
| - name: Upload OCI artifacts to GitHub packages | |
| run: | | |
| tools/falcoctl/falcoctl registry push \ | |
| --config /dev/null \ | |
| --type rulesfile \ | |
| --version ${OCI_ARTIFACT_VERSION} \ | |
| ${OCI_REGISTRY}/${GITHUB_REPOSITORY}/${OCI_ARTIFACT_NAME}:${OCI_ARTIFACT_VERSION} \ | |
| rules/${RULESET_FILE} | |
| env: | |
| FALCOCTL_REGISTRY_AUTH_BASIC: ${{ env.OCI_REGISTRY }},${{ github.repository_owner }},${{ secrets.GITHUB_TOKEN }} |