Merge pull request #50 from Azure/aaqib-m/updated-workflows

build: update ci/cd workflows

.github/workflows/build.yml

@@ -0,0 +1,42 @@
+name: Build and Test
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version-file: 'go.mod'
+        cache: true
+
+    - name: Linter
+      uses: golangci/golangci-lint-action@v4
+      with:
+        version: v1.54
+      continue-on-error: true
+
+    - name: Build
+      run: make all
+
+    - name: Test
+      run: make test
+
+    - name: Upload code coverage
+      uses: codecov/codecov-action@v1
+      with:
+        file: ./cover.out
+        flags: unittests

.github/workflows/release.yml

@@ -0,0 +1,77 @@
+name: Release and Publish
+
+on:
+  push:
+    tags:
+    - "v*"
+  workflow_dispatch:
+    inputs:
+      releaseTag:
+        description: "Release tag to publish"
+        type: string
+        required: true
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+
+    - name: Get image metadata
+      id: get_metadata
+      run: |
+        if [ "${{ github.event_name }}" == "push" ]; then
+          IMG_TAG="${{ github.ref }}"
+        else
+          IMG_TAG=${{ github.event.inputs.releaseTag }}
+        fi
+        IMG="${{ secrets.AZURE_CONTAINER_REGISTRY }}/public/aks/msi-acrpull:${IMG_TAG}"
+        echo "IMG_TAG=${IMG_TAG}" >> ${GITHUB_OUTPUT}
+        echo "IMG=${IMG}" >> ${GITHUB_OUTPUT}
+    outputs:
+      IMG_TAG: ${{ steps.get_metadata.outputs.IMG_TAG }}
+      IMG: ${{ steps.get_metadata.outputs.IMG }}
+
+  release:
+    runs-on: ubuntu-latest
+    needs: setup
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+
+    - name: Create release
+      uses: actions/create-release@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        tag_name: ${{ needs.setup.outputs.IMG_TAG }}
+        release_name: Release ${{ needs.setup.outputs.IMG_TAG }}
+        draft: true
+
+  publish:
+    runs-on:
+      labels: ["self-hosted", "1ES.Pool=${{ vars.RUNNER_BASE_NAME}}-ubuntu"]
+    needs: setup
+    env:
+      IMG: ${{ needs.setup.outputs.IMG }}
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+
+    - name: Build the Docker image
+      run: make docker-build
+
+    - name: Run vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: ${{ env.IMG }}
+        format: table
+
+    - name: Azure Container Registry Login
+      run: |
+        az login --identity -o none
+        az acr login -n ${{ secrets.AZURE_CONTAINER_REGISTRY }}
+
+    - name: Push to CI ACR
+      run: make docker-push

.github/workflows/trivy-scan.yml

@@ -0,0 +1,24 @@
+name: Image Vulnerabilities Scan
+
+on:
+  schedule:
+    - cron: "0 12 * * 1"
+
+jobs:
+  scan:
+    name: Check image vulnerabilities
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Build Docker image
+        env:
+          IMG: "msi-acrpull:${{ github.sha }}"
+        run: make docker-build
+
+      - name: Run vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: "msi-acrpull:${{ github.sha }}"
+          format: "table"