cloudforet-io
diff --git a/‎test/__init__.py‎ ‎.github/workflows/__init__.py‎test/__init__.py renamed to .github/workflows/__init__.py b/‎test/__init__.py‎ ‎.github/workflows/__init__.py‎test/__init__.py renamed to .github/workflows/__init__.py
diff --git a/‎.github/workflows/check-pull-request.yml‎
Lines changed: 24 additions & 0 deletions b/‎.github/workflows/check-pull-request.yml‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎.github/workflows/check_pull_request.yml‎
Lines changed: 0 additions & 11 deletions b/‎.github/workflows/check_pull_request.yml‎
Lines changed: 0 additions & 11 deletions
diff --git a/‎.github/workflows/dispatch_build_dev.yml‎
Lines changed: 0 additions & 9 deletions b/‎.github/workflows/dispatch_build_dev.yml‎
Lines changed: 0 additions & 9 deletions
diff --git a/‎.github/workflows/dispatch_create_branch.yaml‎
Lines changed: 20 additions & 0 deletions b/‎.github/workflows/dispatch_create_branch.yaml‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎.github/workflows/dispatch_daily_build.yaml‎
Lines changed: 150 additions & 0 deletions b/‎.github/workflows/dispatch_daily_build.yaml‎
Lines changed: 150 additions & 0 deletions
diff --git a/‎.github/workflows/dispatch_make_helm_chart.yaml‎
Lines changed: 78 additions & 0 deletions b/‎.github/workflows/dispatch_make_helm_chart.yaml‎
Lines changed: 78 additions & 0 deletions
diff --git a/‎.github/workflows/dispatch_make_helm_chart.yml‎
Lines changed: 0 additions & 11 deletions b/‎.github/workflows/dispatch_make_helm_chart.yml‎
Lines changed: 0 additions & 11 deletions
@@ -0,0 +1,24 @@
+# .github/workflows/check-pull-request.yml
+name: Check Pull Request
+
+on:
+  pull_request_target:
+
+jobs:
+  check-pull-request:
+    name: Check Pull Request
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Check signed commits
+        id: review
+        uses: cloudforet-io/check-pr-action@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Notify Result
+        if: ${{ steps.review.outputs.signedoff == 'false' }}
+        run: |
+          echo "The review result is ${{ steps.review.outputs.signedoff }}"
+          exit 1
@@ -0,0 +1,20 @@
+name: "[Dispatch] Create Branch"
+
+on:
+  workflow_dispatch:
+    inputs:
+      branch_name:
+        description: enter branch (release-x.y)
+        required: true
+        default: 'release-1.0'
+
+jobs:
+  create_branch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: create branch
+        uses: peterjgrainger/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.PAT_TOKEN }}
+        with:
+          branch: '${{ github.event.inputs.branch_name }}'
@@ -0,0 +1,150 @@
+name: "[Dispatch] Daily build"
+
+on:
+  workflow_dispatch:
+
+env:
+  BRANCH_NAME: master
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    outputs:
+      TIME: ${{ steps.get_date.outputs.TIME }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+          token: ${{ secrets.PAT_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.CLOUDFORET_DEV_DOCKER_USERNAME }}
+          password: ${{ secrets.CLOUDFORET_DEV_DOCKER_PASSWORD }}
+
+      - name: Get Date
+        id: get_date
+        run: |
+          sudo ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime
+          CURRENT_TIME=$(date +'%Y%m%d.%H%M%S')
+          
+          echo "TIME=$CURRENT_TIME" >> $GITHUB_ENV
+          echo "TIME=$CURRENT_TIME" >> $GITHUB_OUTPUT
+
+      - name: Build and push to dockerhub
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          tags: |
+            cloudforetdev/${{ github.event.repository.name }}:latest
+            cloudforetdev/${{ github.event.repository.name }}:${{ env.TIME }}
+          build-args: |
+            PACKAGE_VERSION=${{ env.PACKAGE_VERSION }}
+            BRANCH_NAME=${{ env.BRANCH_NAME }}
+          provenance: false
+
+      - name: Notice when job fails
+        if: failure()
+        uses: 8398a7/[email protected]
+        with:
+          status: ${{job.status}}
+          fields: repo,workflow,job
+          author_name: Github Action Slack
+
+  scan:
+    needs: docker
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run Trivy vulnerability scanner
+        id: trivy-scan
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: cloudforetdev/${{ github.event.repository.name }}:${{ needs.docker.outputs.TIME }}
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+      - name: Count vulnerabilities
+        id: vulnerabilities
+        run: |
+          count=$(jq '.runs[].results[].ruleId' ./trivy-results.sarif | wc -c)
+          echo "result_count=$count" >> $GITHUB_OUTPUT
+          echo "$count"
+
+      - name: slack
+        if: ${{ steps.vulnerabilities.outputs.result_count != 0 }}
+        uses: 8398a7/action-slack@v3
+        with:
+          status: custom
+          fields: workflowRun
+          custom_payload: |
+            {
+              "blocks": [
+                {
+                  "type": "section",
+                  "text": {
+                    "type": "mrkdwn",
+                    "text": ":warning: Image vulnerability detected"
+                  }
+                },
+                {
+                  "type": "section",
+                  "fields": [
+                    {
+                      "type": "mrkdwn",
+                      "text": "*Image:*\ncloudforetdev/${{ github.event.repository.name }}:${{ needs.docker.outputs.TIME }}"
+                    },
+                    {
+                      "type": "mrkdwn",
+                      "text": "*Repo name:*\n${{ github.repository }}"
+                    }
+                  ]
+                },
+                {
+                  "type": "actions",
+                  "elements": [
+                    {
+                      "type": "button",
+                      "text": {
+                        "type": "plain_text",
+                        "emoji": true,
+                        "text": "View Detail"
+                      },
+                      "style": "danger",
+                      "url": "https://github.com/${{ github.repository }}/security/code-scanning"
+                    }
+                  ]
+                }
+              ]
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{secrets.VULNERABILITY_SLACK_WEBHOOK_URL}}
+
+  notification:
+    needs: docker
+    runs-on: ubuntu-latest
+    steps:
+      - name: Slack
+        if: always()
+        uses: 8398a7/[email protected]
+        with:
+          status: ${{job.status}}
+          fields: repo,message,commit,author,action,ref,workflow,job
+          author_name: Github Action Slack
@@ -0,0 +1,78 @@
+name: "[Dispatch] Make Helm Chart"
+on:
+  workflow_dispatch:
+  repository_dispatch:
+    types: [make_helm_chart]
+
+env:
+  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_GITHUB_HELM_CHART_WEBHOOK_URL }}
+
+jobs:
+  helm_cloudforet:
+    if: github.repository_owner == 'cloudforet-io'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+          
+      - name: Install Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: '3.4.0'
+
+      - name: Run Helm packaging
+        run: |
+          export cache_dir=/tmp/helm
+          mkdir -p "$cache_dir"
+          echo "Installing chart-releaser..."
+          curl -sSLo cr.tar.gz "https://github.com/helm/chart-releaser/releases/download/v1.2.0/chart-releaser_1.2.0_linux_amd64.tar.gz"
+          tar -xzf cr.tar.gz -C "$cache_dir"
+          rm -f cr.tar.gz
+          echo 'Adding cr directory to PATH...'
+          export PATH="$cache_dir:$PATH"
+          rm -rf .deploy
+          echo 'Print Version ...'
+          export SERVICE=$(echo ${{ github.repository }} | cut -d '/' -f2)
+          echo 'Update helm version in chart.yaml and values.yaml'
+          echo "SERVICE=${SERVICE}" >> $GITHUB_ENV
+          helm package deploy/helm --destination .deploy
+          cr upload -o cloudforet-io -r charts -p .deploy --token ${{ secrets.PAT_TOKEN }}
+          cr index -i ./index.yaml -p .deploy/ -o cloudforet-io -r charts -c https://cloudforet-io.github.io/charts --token ${{ secrets.PAT_TOKEN }}
+          cp index.yaml /tmp/index.yaml
+
+      - name: Check out chart repo
+        uses: actions/checkout@master
+        with:
+          repository: cloudforet-io/charts
+          ref: gh-pages
+          token: ${{ secrets.PAT_TOKEN }}
+
+      - name: Update Helm repository index.yaml
+        run: |
+          git config --global user.email [email protected]
+          git config --global user.name cloudforet-admin
+          cp /tmp/index.yaml ./
+          git add index.yaml
+          git pull
+          git commit -m "Add ${SERVICE} chart"
+          git push origin gh-pages
+
+      - name: Notice when job fails
+        if: failure()
+        uses: 8398a7/[email protected]
+        with:
+          status: ${{job.status}}
+          fields: repo,workflow,job
+          author_name: Github Action Slack
+
+  notify_to_slack:
+    if: github.repository_owner == 'cloudforet-io'
+    needs: [helm_cloudforet]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Slack
+        if: always()
+        uses: 8398a7/[email protected]
+        with:
+          status: ${{job.status}}
+          fields: repo,message,commit,author,action,eventName,ref,workflow,job,took
+          author_name: Github Action Slack