diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 18a339b..23b3b68 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -3,7 +3,7 @@ on: pull_request: concurrency: - group: ghas-security-scan-${{ github.ref }} + group: ghas-ci-${{ github.ref }} cancel-in-progress: true jobs: @@ -14,7 +14,7 @@ jobs: security-events: write uses: notdodo/github-actions/.github/workflows/infra-security-scan.yml@infra-scan-v0 - python-ci-pulumi: + python-ci: permissions: contents: read uses: notdodo/github-actions/.github/workflows/python-ci.yml@python-ci-v0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..b86c663 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,46 @@ +name: Release Connector Image +on: + push: + branches: + - main + +jobs: + infra-scan: + permissions: + contents: read + pull-requests: write + security-events: write + uses: notdodo/github-actions/.github/workflows/infra-security-scan.yml@infra-scan-v0 + + python-ci: + permissions: + contents: read + uses: notdodo/github-actions/.github/workflows/python-ci.yml@python-ci-v0 + with: + working-directory: '.' + + build-docker-image: + needs: [infra-scan, python-ci] + permissions: + attestations: write + contents: read + id-token: write + packages: write + security-events: write + uses: notdodo/github-actions/.github/workflows/docker-build-and-push.yml@docker-build-and-push-v0 + with: + registry: docker.io + image: digintlab/opencti-connector + platforms: linux/amd64,linux/arm64 + tags: | + type=raw,value=latest + type=sha + egress-policy-allowlist: > + deb.debian.org:443 + deb.debian.org:80 + files.pythonhosted.org:443 + pypi.org:443 + push: true + secrets: + registry-username: ${{ secrets.DOCKERHUB_USERNAME }} + registry-password: ${{ secrets.DOCKERHUB_TOKEN }}