-
Notifications
You must be signed in to change notification settings - Fork 2
111 lines (91 loc) · 3.54 KB
/
build-push-images.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: Build and Push images
on:
push:
branches:
- main
tags:
- v*
jobs:
build:
runs-on: ubuntu-latest
env:
TOOLS_PATH: "/opt/tools/bin"
steps:
- name: Check out
uses: actions/checkout@v4
- name: Set up Go release
uses: actions/setup-go@v3
with:
go-version: '1.21'
check-latest: true
- name: Install operator-sdk
run: |
mkdir -p $TOOLS_PATH
echo $TOOLS_PATH >> $GITHUB_PATH
export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac)
export OS=$(uname | awk '{print tolower($0)}')
export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v1.25.2
curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH}
gpg --keyserver keyserver.ubuntu.com --recv-keys 052996E2A20B5C7E
curl -LO ${OPERATOR_SDK_DL_URL}/checksums.txt
curl -LO ${OPERATOR_SDK_DL_URL}/checksums.txt.asc
gpg -u "Operator SDK (release) <[email protected]>" --verify checksums.txt.asc
grep operator-sdk_${OS}_${ARCH} checksums.txt | sha256sum -c -
chmod +x operator-sdk_${OS}_${ARCH}
mv operator-sdk_${OS}_${ARCH} $TOOLS_PATH/operator-sdk
- name: Make operator and bundle
run: |
make build manifests bundle
- name: Docker operator meta
id: meta
uses: docker/metadata-action@v4
with:
images: |
percona/everest-operator,enable=${{ github.ref_type == 'tag' && !contains(github.ref_name, 'rc') }}
perconalab/everest-operator
tags: |
type=match,pattern=v(.*),group=1
type=match,pattern=v(\d.\d),group=1,enable=${{ !contains(github.ref_name, 'main') }}
type=raw,value=latest,enable=${{ !contains(github.ref_name, 'rc') }}
type=raw,value=0.0.0,enable=${{ contains(github.ref_name, 'main') }}
- name: Docker bundle meta
id: bundle_meta
uses: docker/metadata-action@v4
with:
images: |
percona/everest-operator-bundle,enable=${{ github.ref_type == 'tag' && !contains(github.ref_name, 'rc') }}
perconalab/everest-operator-bundle
tags: |
type=match,pattern=v(.*),group=1
type=match,pattern=v(\d.\d),group=1,enable=${{ !contains(github.ref_name, 'main') }}
type=raw,value=latest,enable=${{ !contains(github.ref_name, 'rc') }}
type=raw,value=0.0.0,enable=${{ contains(github.ref_name, 'main') }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and Push operator image
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
- name: Build and Push bundle image
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ steps.bundle_meta.outputs.tags }}
file: bundle.Dockerfile
scan:
runs-on: ubuntu-latest
needs: [build]
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
image-ref: 'docker.io/percona/everest-operator:latest'
format: 'table'
exit-code: '1'
severity: 'CRITICAL,HIGH'