55 - " v*"
66
77permissions :
8- contents : read
8+ contents : write
99 pull-requests : write
1010 packages : write
1111
2222 runs-on : ubuntu-latest
2323 needs : [tests]
2424 steps :
25- - uses : actions/checkout@v4
26-
27- - name : Set up containerd
28- uses : crazy-max/ghaction-setup-containerd@v3
29-
30- - name : Fix containerd socket permissions
31- run : |
32- sudo chgrp docker /run/containerd/containerd.sock
25+ - uses : actions/checkout@v6
3326
3427 - name : Set up QEMU
3528 uses : docker/setup-qemu-action@v3
5649 with :
5750 images : ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE_NAME }}
5851
59- - name : Build and push
60- uses : docker/build-push-action@v6
61- with :
62- push : false
63- tags : ${{ steps.docker-metadata.outputs.tags }}
64- labels : ${{ steps.docker-metadata.outputs.labels }}
65- platforms : linux/amd64,linux/arm64
66- build-args : |
67- VERSION=${{ steps.get-version.outputs.tagged_version }}
68- # Export the image to a tar so it can be imported into containerd so gokakashi can scan it
69- outputs : type=oci,dest=/tmp/image.tar
70-
71- - name : Import docker image into containerd store
72- run : |
73- ctr images import --base-name ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE_NAME }} --digests --all-platforms /tmp/image.tar
74-
75- name : Get first docker tag for gokakashi
76- id : first-docker-tag
77- run : |
78- FIRST_TAG=$(echo "${{ steps.docker-metadata.outputs.tags }}" | head -n 1)
79- echo "First docker tag: $FIRST_TAG"
80- echo "tag=$FIRST_TAG" >> $GITHUB_OUTPUT
81-
82- name : Push docker image
52+ - name : Build and Push docker image
8353 uses : docker/build-push-action@v6
8454 with :
8555 push : true
@@ -89,35 +59,14 @@ jobs:
8959 build-args : |
9060 VERSION=${{ steps.get-version.outputs.tagged_version }}
9161
92- name : Scan docker image with gokakashi
93- uses : shinobistack/gokakashi-action@v0.2.0
94- continue-on-error : true
95- with :
96- image : ${{ steps.first-docker-tag.outputs.tag }}
97- labels : agentKey=${{ github.run_id }}
98- policy : ci-platform
99- server : https://gokakashi-server.hasura-app.io
100- token : ${{ secrets.GOKAKASHI_API_TOKEN }}
101- cf_client_id : ${{ secrets.CF_ACCESS_CLIENT_ID }}
102- cf_client_secret : ${{ secrets.CF_ACCESS_CLIENT_SECRET }}
103- interval : 10
104- retries : 8
105-
106- - name : Upload Trivy report as artifact
107- uses : actions/upload-artifact@v4
108- continue-on-error : true
109- with :
110- name : trivy-report
111- path : /tmp/trivy-report-*.json
112-
11362build-cli-and-manifests :
11463 name : Build the CLI binaries and manifests
11564 runs-on : ubuntu-latest
11665 needs : [release-image]
11766 steps :
11867 - name : Checkout
119- uses : actions/checkout@v4
120- - uses : actions/setup-go@v5
68+ uses : actions/checkout@v6
69+ - uses : actions/setup-go@v6
12170 with :
12271 go-version-file : ./go.mod
12372 - name : Build the CLI
0 commit comments