Skip to content

Merge pull request #228 from canonical/IAM-1715 #390

Merge pull request #228 from canonical/IAM-1715

Merge pull request #228 from canonical/IAM-1715 #390

Workflow file for this run

name: CI
# When pushing to the "main" branch or a tag, we:
# * build the rock image
# * publish the image
# * scan the image and upload the artifacts to the repository
# if not any of those conditions apply, we simply build
on:
push:
branches:
- "main"
- "release-**"
tags:
- "v**"
paths:
- "rockcraft.yaml"
- ".github/workflows/**.yaml"
pull_request:
branches:
- "*"
workflow_dispatch:
jobs:
build:
uses: canonical/identity-team/.github/workflows/_rock-build.yaml@f18247249f506f3c9210b86e43a2c4dd063088c5 # v1.8.7
with:
structure-tests-enabled: true
gh-publish:
if: ${{ (github.ref == 'refs/heads/main') || (github.ref_type == 'tag') }}
needs: build
uses: canonical/identity-team/.github/workflows/_rock-gh-publish.yaml@f18247249f506f3c9210b86e43a2c4dd063088c5 # v1.8.7
with:
rock: ${{ needs.build.outputs.rock }}
oci-publish:
# only release to oci-factory in case of release
if: github.ref_type == 'tag'
needs: build
uses: canonical/identity-team/.github/workflows/_rock-oci-publish.yaml@f18247249f506f3c9210b86e43a2c4dd063088c5 # v1.8.7
with:
edge-release: false
eol-stable-release: "3 month"
secrets:
PAT_TOKEN: ${{ secrets.PAT_TOKEN }}
scan:
if: ${{ (github.ref == 'refs/heads/main') || (github.ref_type == 'tag') }}
needs: gh-publish
uses: canonical/identity-team/.github/workflows/_rock-scan.yaml@f18247249f506f3c9210b86e43a2c4dd063088c5 # v1.8.7
with:
image: ${{ needs.gh-publish.outputs.image }}