Release snapshot #253
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Release snapshot on CRON schedule (every night) or on demand. | |
| name: Release snapshot | |
| on: | |
| workflow_dispatch: {} | |
| schedule: | |
| - cron: "0 0 * * *" | |
| env: | |
| GO_VERSION: "1.19" | |
| # Disable permissions granted to the GITHUB_TOKEN for all the available scopes. | |
| permissions: {} | |
| jobs: | |
| release-snapshot: | |
| name: Release unversioned snapshot | |
| runs-on: ubuntu-20.04 | |
| env: | |
| DOCKER_CLI_EXPERIMENTAL: "enabled" | |
| steps: | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| - name: Setup Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - uses: actions/cache@v3 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Release snapshot | |
| uses: goreleaser/goreleaser-action@v3 | |
| with: | |
| version: v1.7.0 | |
| args: release --snapshot --skip-publish --rm-dist | |
| - name: Scan Starboard CLI image for vulnerabilities | |
| uses: khulnasoft-lab/vul-action@master | |
| with: | |
| image-ref: 'docker.io/khulnasoft/starboard:${{ github.sha }}-amd64' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| severity: 'CRITICAL,HIGH' | |
| - name: Scan Starboard Operator image for vulnerabilities | |
| uses: khulnasoft-lab/vul-action@master | |
| with: | |
| image-ref: 'docker.io/khulnasoft/starboard-operator:${{ github.sha }}-amd64' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| severity: 'CRITICAL,HIGH' | |
| - name: Notify dedicated teams channel | |
| uses: jdcargile/ms-teams-notification@v1.3 | |
| if: failure() | |
| with: | |
| github-token: ${{ secrets.ORG_REPO_TOKEN }} | |
| ms-teams-webhook-uri: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} | |
| notification-summary: vulnerabilities has been found in starboard-operator image | |
| notification-color: 17a2b8 | |
| timezone: America/Denver |