From 69cb06f8bc358ae5c5e3f571d6fb08cc85d8648b Mon Sep 17 00:00:00 2001 From: Santosh Date: Fri, 28 Jun 2024 15:40:30 +0530 Subject: [PATCH] Update Artifact release wction Signed-off-by: Santosh --- .../publish-argocd-latest-modules.yaml | 40 ----- .../publish-dockerfile-input-policies.yaml | 40 ----- .../publish-dockerfile-policies.yaml | 40 ----- .../workflows/publish-infrafile-policies.yaml | 40 ----- .../workflows/publish-k8s-latest-module.yaml | 40 ----- .../publish-tektoncd-latest-modules.yaml | 40 ----- .../workflows/publish-terraform-policies.yaml | 40 ----- .../workflows/relese-genval-artifacts.yaml | 144 ++++++++++++++++++ 8 files changed, 144 insertions(+), 280 deletions(-) delete mode 100644 .github/workflows/publish-argocd-latest-modules.yaml delete mode 100644 .github/workflows/publish-dockerfile-input-policies.yaml delete mode 100644 .github/workflows/publish-dockerfile-policies.yaml delete mode 100644 .github/workflows/publish-infrafile-policies.yaml delete mode 100644 .github/workflows/publish-k8s-latest-module.yaml delete mode 100644 .github/workflows/publish-tektoncd-latest-modules.yaml delete mode 100644 .github/workflows/publish-terraform-policies.yaml create mode 100644 .github/workflows/relese-genval-artifacts.yaml diff --git a/.github/workflows/publish-argocd-latest-modules.yaml b/.github/workflows/publish-argocd-latest-modules.yaml deleted file mode 100644 index 152867c..0000000 --- a/.github/workflows/publish-argocd-latest-modules.yaml +++ /dev/null @@ -1,40 +0,0 @@ -name: ci -on: - push: - branches: - - main - paths: - - genval/modules/cuemod-argocd*/** - -permissions: - contents: write - security-events: write - # Optional: allow read access to pull request. Use with `only-new-issues` option. - packages: write - -jobs: - push-artifact: - name: CI - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 - with: - go-version: '1.22' - cache: false - - - name: inetall genval - run: go install github.com/intelops/genval@main - - - name: Login to Github Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: push-rego-policies - run: | - genval artifact push --reqinput ./genval/modules/cuemod-argocd:v2.11.3 \ - --dest oci://ghcr.io/intelops/policyhub/genval/argocd-cuemods:v0.0.1 \ - --annotations="authors=intelops Inc." diff --git a/.github/workflows/publish-dockerfile-input-policies.yaml b/.github/workflows/publish-dockerfile-input-policies.yaml deleted file mode 100644 index 631895c..0000000 --- a/.github/workflows/publish-dockerfile-input-policies.yaml +++ /dev/null @@ -1,40 +0,0 @@ -name: ci -on: - push: - branches: - - main - paths: - - genval/defaultpolicies/rego/input_policies/** - -permissions: - contents: write - security-events: write - # Optional: allow read access to pull request. Use with `only-new-issues` option. - packages: write - -jobs: - push-artifact: - name: CI - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 - with: - go-version: '1.22' - cache: false - - - name: install genval - run: go install github.com/intelops/genval@main - - - name: Login to Github Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: push-rego-policies - run: | - genval artifact push --reqinput ./genval/defaultpolicies/rego/input_policies \ - --dest oci://ghcr.io/intelops/policyhub/genval/input_policies:v0.0.1 \ - --annotations="authors=intelops Inc." diff --git a/.github/workflows/publish-dockerfile-policies.yaml b/.github/workflows/publish-dockerfile-policies.yaml deleted file mode 100644 index 80f997b..0000000 --- a/.github/workflows/publish-dockerfile-policies.yaml +++ /dev/null @@ -1,40 +0,0 @@ -name: ci -on: - push: - branches: - - main - paths: - - genval/defaultpolicies/rego/dockerfile_policies/** - -permissions: - contents: write - security-events: write - # Optional: allow read access to pull request. Use with `only-new-issues` option. - packages: write - -jobs: - push-artifact: - name: CI - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 - with: - go-version: '1.22' - cache: false - - - name: inetall genval - run: go install github.com/intelops/genval@main - - - name: Login to Github Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: push-rego-policies - run: | - genval artifact push --reqinput ./genval/defaultpolicies/rego/dockerfile_policies \ - --dest oci://ghcr.io/intelops/policyhub/genval/dockerfile_policies:v0.0.1 \ - --annotations="authors=intelops Inc." diff --git a/.github/workflows/publish-infrafile-policies.yaml b/.github/workflows/publish-infrafile-policies.yaml deleted file mode 100644 index 904ec1d..0000000 --- a/.github/workflows/publish-infrafile-policies.yaml +++ /dev/null @@ -1,40 +0,0 @@ -name: ci-infrafile -on: - push: - branches: - - main - paths: - - genval/defaultpolicies/rego/infrafile_policies/** - -permissions: - contents: write - security-events: write - # Optional: allow read access to pull request. Use with `only-new-issues` option. - packages: write - -jobs: - push-artifact: - name: CI - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 - with: - go-version: '1.22' - cache: false - - - name: inetall genval - run: go install github.com/intelops/genval@main - - - name: Login to Github Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: push-rego-policies - run: | - genval artifact push --reqinput ./genval/defaultpolicies/rego/infrafile_policies/k8s/ \ - --dest oci://ghcr.io/intelops/policyhub/genval/infrafile_policies:v0.0.1 \ - --annotations="authors=intelops Inc." diff --git a/.github/workflows/publish-k8s-latest-module.yaml b/.github/workflows/publish-k8s-latest-module.yaml deleted file mode 100644 index dccfb5b..0000000 --- a/.github/workflows/publish-k8s-latest-module.yaml +++ /dev/null @@ -1,40 +0,0 @@ -name: ci -on: - push: - branches: - - main - paths: - - genval/modules/cuemod-k8s*/** - -permissions: - contents: write - security-events: write - # Optional: allow read access to pull request. Use with `only-new-issues` option. - packages: write - -jobs: - push-artifact: - name: CI - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 - with: - go-version: '1.22' - cache: false - - - name: inetall genval - run: go install github.com/intelops/genval@main - - - name: Login to Github Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: push-rego-policies - run: | - genval artifact push --reqinput ./genval/modules/cuemod-k8s:v1.30 \ - --dest oci://ghcr.io/intelops/policyhub/genval/k8s-cuemods:v0.0.1 \ - --annotations="authors=intelops Inc." diff --git a/.github/workflows/publish-tektoncd-latest-modules.yaml b/.github/workflows/publish-tektoncd-latest-modules.yaml deleted file mode 100644 index a07eae2..0000000 --- a/.github/workflows/publish-tektoncd-latest-modules.yaml +++ /dev/null @@ -1,40 +0,0 @@ -name: ci -on: - push: - branches: - - main - paths: - - genval/modules/cuemod-tektoncd*/** - -permissions: - contents: write - security-events: write - # Optional: allow read access to pull request. Use with `only-new-issues` option. - packages: write - -jobs: - push-artifact: - name: CI - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 - with: - go-version: '1.22' - cache: false - - - name: inetall genval - run: go install github.com/intelops/genval@main - - - name: Login to Github Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: push-rego-policies - run: | - genval artifact push --reqinput ./genval/modules/cuemod-tektoncd:v0.60.2 \ - --dest oci://ghcr.io/intelops/policyhub/genval/tektoncd-cuemods:v0.0.1 \ - --annotations="authors=intelops Inc." diff --git a/.github/workflows/publish-terraform-policies.yaml b/.github/workflows/publish-terraform-policies.yaml deleted file mode 100644 index 6e46de8..0000000 --- a/.github/workflows/publish-terraform-policies.yaml +++ /dev/null @@ -1,40 +0,0 @@ -name: ci -on: - push: - branches: - - main - paths: - - genval/defaultpolicies/rego/terraform_policies/** - -permissions: - contents: write - security-events: write - # Optional: allow read access to pull request. Use with `only-new-issues` option. - packages: write - -jobs: - push-artifact: - name: CI - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 - with: - go-version: '1.22' - cache: false - - - name: inetall genval - run: go install github.com/intelops/genval@main - - - name: Login to Github Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: push-rego-policies - run: | - genval artifact push --reqinput ./genval/defaultpolicies/rego/terraform_policies/ \ - --dest oci://ghcr.io/intelops/policyhub/genval/terraform_policies:v0.0.1 \ - --annotations="authors=intelops Inc." diff --git a/.github/workflows/relese-genval-artifacts.yaml b/.github/workflows/relese-genval-artifacts.yaml new file mode 100644 index 0000000..bcd19ba --- /dev/null +++ b/.github/workflows/relese-genval-artifacts.yaml @@ -0,0 +1,144 @@ +name: release-genval-artifacts +on: + push: + tags: + - 'v*' + contents: write + security-events: write + # Optional: allow read access to pull request. Use with `only-new-issues` option. + packages: write + +jobs: + push-artifact: + name: CI + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-go@v4 + with: + go-version: '1.22' + cache: false + + - name: install genval + run: go install github.com/intelops/genval@main + + - name: Login to Github Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + + - name: Fetch Git tag + id: get_tag + run: echo "tag=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV + + # Publish Genval Rego polcies + + - name: Push Dockerfile policies + id: push_dockerfile_policies + if: ${{ contains(github.event.head.commit_modified, 'genval/defaultpolicies/rego/dockerfile_policies/**') }} + run: | + GIT_TAG=${{ env.tag }} + GENVAL_OUTPUT=$(genval artifact push --reqinput ./genval/defaultpolicies/rego/dockerfile_policies\ \ + --dest oci://ghcr.io/intelops/policyhub/genval/dockerfile_policies:${GIT_TAG} \ + --annotations="authors=intelops inc") + echo "${GENVAL_OUTPUT}" + echo "dockerfile_artifact_url=oci://ghcr.io/intelops/policyhub/genval/dockerfile_policies:${GIT_TAG}" >> $GITHUB_ENV + + - name: Use Dockerfile URL + run: | + echo "Dockerfile artifact URL: ${{ env.dockerfile_artifact_url }}" + + - name: Push Dockerfile Input policies + id: push_dockerfile_input_policies + if: ${{ contains(github.event.head.commit_modified, 'genval/defaultpolicies/rego/input_policies/**') }} + run: | + GIT_TAG=${{ env.tag }} + GENVAL_OUTPUT=$(genval artifact push --reqinput ./genval/defaultpolicies/rego/input_policies\ \ + --dest oci://ghcr.io/intelops/policyhub/genval/dockerfile_input_policies:${GIT_TAG} \ + --annotations="authors=intelops inc") + echo "${GENVAL_OUTPUT}" + echo "dockerfile_input_artifact_url=oci://ghcr.io/intelops/policyhub/genval/dockerfile_input_policies:${GIT_TAG}" >> $GITHUB_ENV + + - name: Use Dockerfile Input URL + run: | + echo "Dockerfile artifact URL: ${{ env.dockerfile_input_artifact_url }}" + + - name: Push Infrafile policies + id: push_infrafile_policies + if: ${{ contains(github.event.head.commit_modified, 'genval/defaultpolicies/rego/infrafile_policies/**') }} + run: | + GIT_TAG=${{ env.tag }} + GENVAL_OUTPUT=$(genval artifact push --reqinput ./genval/defaultpolicies/rego/infrafile_policies\ \ + --dest oci://ghcr.io/intelops/policyhub/genval/infrafile_policies:${GIT_TAG} \ + --annotations="authors=intelops inc) + echo "${GENVAL_OUTPUT}" + echo "infrafile_artifact_url=oci://ghcr.io/intelops/policyhub/genval/infrafile_policies:${GIT_TAG}" >> $GITHUB_ENV + + - name: Use Dockerfile Input URL + run: | + echo "Dockerfile artifact URL: ${{ env.infrafile_artifact_url }}" + + - name: Push Terraform policies + id: push_terraform_policies + if: ${{ contains(github.event.head.commit_modified, 'genval/defaultpolicies/rego/terrraform_policies/**') }} + run: | + GIT_TAG=${{ env.tag }} + GENVAL_OUTPUT=$(genval artifact push --reqinput ./genval/defaultpolicies/rego/terraform_policies\ \ + --dest oci://ghcr.io/intelops/policyhub/genval/terraform_policies:${GIT_TAG} \ + --annotations="authors=intelops inc") + echo "${GENVAL_OUTPUT}" + echo "terraform_artifact_url=oci://ghcr.io/intelops/policyhub/genval/terraform_policies:${GIT_TAG}" >> $GITHUB_ENV + + - name: Use Dockerfile Input URL + run: | + echo "Dockerfile artifact URL: ${{ env.terraform_artifact_url }}" + +# Publish Genval cuemods + + - name: Push k8s module + id: push_k8s_module + if: ${{ contains(github.event.head.commit_modified, 'genval/modules/cuemod-k8s:*/**') }} + run: | + GIT_TAG=${{ env.tag }} + GENVAL_OUTPUT=$(genval artifact push --reqinput ./genval/modules/cuemod-k8s:v1.30 \ + --dest oci://ghcr.io/intelops/policyhub/genval/k8s-cuemods:${GIT_TAG} \ + --annotations="authors=intelops inc") + echo "${GENVAL_OUTPUT}" + echo "k8s-module_artifact_url=oci://ghcr.io/intelops/policyhub/genval/k8s-cuemods:${GIT_TAG}" >> $GITHUB_ENV + + - name: Use Dockerfile Input URL + run: | + echo "Dockerfile artifact URL: ${{ env.k8s_module_artifact_url }}" + + - name: Push ArgoCD module + id: push_argocd_module + if: ${{ contains(github.event.head.commit_modified, 'genval/modules/cuemod-argocd:*/**') }} + run: | + GIT_TAG=${{ env.tag }} + GENVAL_OUTPUT=$(genval artifact push --reqinput ./genval/modules/cuemod-argocd:v2.11.3 \ + --dest oci://ghcr.io/intelops/policyhub/genval/argocd-cuemods:$GIT_TAG} \ + --annotations="authors=intelops Inc." + echo "${GENVAL_OUTPUT}" + echo "argocd_module_artifact_url=oci://ghcr.io/intelops/policyhub/genval/argocd-cuemods:$GIT_TAG}" >> $GITHUB_ENV + + - name: Use Dockerfile Input URL + run: | + echo "Dockerfile artifact URL: ${{ env.argocd_module_artifact_url }}" + + - name: Push TektonCD module + id: push_tektoncd_module + if: ${{ contains(github.event.head.commit_modified, 'genval/modules/cuemod-tektoncd:*/**') }} + run: | + GIT_TAG=${{ env.tag }} + GENVAL_OUTPUT=$(genval artifact push --reqinput ./genval/modules/cuemod-tektoncd:v0.60.2 \ + --dest oci://ghcr.io/intelops/policyhub/genval/argocd-cuemods:$GIT_TAG} \ + --annotations="authors=intelops Inc." + echo "${GENVAL_OUTPUT}" + echo "tektoncd_module_artifact_url=oci://ghcr.io/intelops/policyhub/genval/tektoncd-cuemods:$GIT_TAG}" >> $GITHUB_ENV + + - name: Use Dockerfile Input URL + run: | + echo "Dockerfile artifact URL: ${{ env.tektoncd_module_artifact_url }}"