Merge pull request #31 from ironpeakservices/fix/ci

Feature: GitHub Container Registry
ironpeakservices · Oct 15, 2020 · 11a93e9 · 11a93e9
2 parents de71d7c + 7bb8c15
commit 11a93e9
Show file tree

Hide file tree

Showing 4 changed files with 98 additions and 38 deletions.
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,38 @@
+on:
+  push:
+    branches:
+    - master
+
+name: Publish Image
+jobs:
+  dockerpush:
+    name: docker build
+    runs-on: ubuntu-latest
+    steps:
+    - 
+      uses: actions/checkout@v2.0.0
+    - 
+      uses: go-semantic-release/action@v1
+      id: version
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+    - 
+      run: echo "Pushing version ${{ steps.version.outputs.version }}"
+    - 
+      name: Publish to Registry
+      uses: elgohr/Publish-Docker-Github-Action@2.22
+      with:
+        registry: ghcr.io
+        name: "ghcr.io/ironpeakservices/iron-cockroachdb:${{ steps.version.outputs.version }}"
+        username: hazcod
+        password: ${{ secrets.PACKAGE_TOKEN }}
+    - 
+      name: Create GitHub release
+      uses: actions/create-release@v1.1.4
+      with:
+          tag_name: ${{ steps.version.outputs.version }}
+          release_name: iron-cockroachdb
+          draft: false
+          prerelease: false
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -0,0 +1,60 @@
+name: Security
+
+on:
+  push:
+    branches: [master]
+  schedule:
+    - cron: '0 11 * * 2'
+
+jobs:
+  dockerscan:
+    name: Docker Scan
+    runs-on: ubuntu-latest
+    steps:
+      - 
+        uses: actions/checkout@v1
+      - 
+        name: Set env
+        run: echo ::set-env name=RELEASE_VERSION::$(git describe --tags $(git rev-list --tags --max-count=1))
+      -
+         name: Docker login
+         env:
+           USER: hazcod
+           REGISTRY: docker.pkg.github.com
+         run: echo "${{ secrets.PACKAGE_TOKEN }}" | docker login -u "${USER}" --password-stdin "${REGISTRY}"
+      -
+         name: Docker pull
+         run: docker pull "docker.pkg.github.com/ironpeakservices/iron-debian:${{ env.RELEASE_VERSION }}" 
+      -
+        name: Run vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'docker.pkg.github.com/ironpeakservices/iron-debian:${{ env.RELEASE_VERSION }}'
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: 'trivy-results.sarif'
+          ignore-unfixed: true
+          severity: 'CRITICAL,HIGH,MEDIUM'
+      - 
+        name: Upload Trivy scan results to Security tab
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+  goscan:
+    name: Go Scan
+    runs-on: ubuntu-latest
+    steps:
+    - 
+      uses: actions/checkout@v2
+    - 
+      run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
+    - 
+      name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: go
+    - 
+      name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
diff --git a/.whitesource b/.whitesource