Bump securego/gosec from 2.21.4 to 2.22.0 in the github-actions group #173
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and release images | |
on: | |
push: | |
branches: | |
- main | |
- release-[0-9]+.[0-9]+ | |
tags: | |
- "v*" # tags matching v*, i.e. v0.0.1, v1.0.0-rc.0 | |
jobs: | |
build: | |
name: Image build and push | |
outputs: | |
ff: ${{ steps.ff.outputs.ff }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Fetch all history for all tags and branches | |
- name: Set Up Go to Install OPM | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
# Issue ref: https://github.com/actions/checkout/issues/290. | |
- name: Extract Non-Annotated Version Tag | |
run: | | |
echo "GIT_VERSION=$(git describe --tags --match='v*' --always --dirty)" >> ${GITHUB_ENV} | |
- name: Verify release manifest | |
if: ${{ github.ref_type == 'tag' }} | |
run: | | |
make release | |
git diff --exit-code ./deploy/gatekeeper-operator.yaml | |
- uses: docker/setup-qemu-action@v3 | |
- uses: docker/setup-buildx-action@v3 | |
with: | |
driver-opts: image=moby/buildkit:v0.8-beta | |
- uses: docker/login-action@v3 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_TOKEN }} | |
- name: Build and Push Images | |
run: | | |
echo "::group::gatekeeper-operator" | |
make docker-build | |
make docker-push | |
echo "::endgroup::" | |
echo "::group::gatekeeper-operator-bundle" | |
make bundle-build | |
make bundle-push | |
echo "::endgroup::" | |
echo "::group::gatekeeper-operator-bundle-index" | |
make bundle-index-build | |
make bundle-index-push | |
echo "::endgroup::" | |
- name: Detect fast-forward requirement | |
id: ff | |
if: ${{ github.ref_type == 'tag' }} | |
run: | | |
if [[ "${GITHUB_SHA}" == "$(git rev-parse origin/main)" ]]; then | |
echo "Commit ${GITHUB_SHA} tagged as ${{ github.ref_name }} detected as latest commit on main. Enabling fast-forwarding ..." | |
echo "ff=true" >> $GITHUB_OUTPUT | |
fi | |
ff: | |
name: Fast forward from main to latest release branch | |
runs-on: ubuntu-latest | |
needs: [build] | |
if: ${{ needs.build.outputs.ff == 'true' }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.WORKFLOW_TOKEN }} | |
fetch-depth: 0 # Fetch all history for all tags and branches | |
- name: Fast-forward main to latest release | |
run: | | |
RELEASE_BRANCH="release-$(cut -d '.' -f 1,2 VERSION)" | |
git checkout ${RELEASE_BRANCH} || git checkout -b ${RELEASE_BRANCH} | |
git merge --ff-only origin/main | |
git push origin ${RELEASE_BRANCH} | |
- name: Slack failure report | |
uses: slackapi/[email protected] | |
if: ${{ failure() }} | |
env: | |
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
SLACK_WEBHOOK_URL: ${{ secrets.CODE_HEALTH_SLACK_WEBHOOK }} | |
with: | |
payload: | | |
{"blocks": [{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": ":failed: Gatekeeper Operator fast-forwarding failed: <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View workflow run>" | |
} | |
}]} |