Skip to content

Update github/codeql-action action to v3.27.7 (#454) #1179

Update github/codeql-action action to v3.27.7 (#454)

Update github/codeql-action action to v3.27.7 (#454) #1179

name: Build/Push Image and Release Charts
"on":
pull_request:
paths-ignore:
- chart/**/Chart.yaml
- chart/**/values.yaml
- README.md
push:
branches:
- main
paths-ignore:
- chart/**/Chart.yaml
- chart/**/values.yaml
- README.md
permissions: read-all
jobs:
setenv:
uses: ortelius/workflow-toolkit/.github/workflows/env-config-workflow.yml@f4838576b2f6cc71062002313e23e7be5c636158
with:
gh_head_ref: ${{ github.head_ref }}
gh_ref_name: ${{ github.ref_name }}
gh_event_repo_name: ${{ github.event.repository.name }}
gh_sha: ${{ github.sha }}
gh_repo: ${{ github.repository }}
gh_run_number: ${{ github.run_number }}
release:
permissions:
id-token: write
contents: write
uses: ortelius/workflow-toolkit/.github/workflows/container-release-workflow.yml@f4838576b2f6cc71062002313e23e7be5c636158
needs: setenv
with:
gh_repository_owner: ${{ github.repository_owner }}
gh_event_name: ${{ github.event_name }}
gh_ref: ${{ github.ref }}
gh_handle: ${{ needs.setenv.outputs.gh_handle }}
registry: ${{ needs.setenv.outputs.registry }}
image_repo_tag: ${{ needs.setenv.outputs.image_repo_tag }}
secrets:
QUAY_USERID: ${{ secrets.QUAY_USERID }}
QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
gh_token: ${{ secrets.HELM_INDEXER_TOKEN }}
trivy:
permissions:
security-events: write
statuses: write
uses: ortelius/workflow-toolkit/.github/workflows/trivy-scan-workflow.yml@f4838576b2f6cc71062002313e23e7be5c636158
needs:
- setenv
- release
with:
gh_repository_owner: ${{ github.repository_owner }}
gh_event_name: ${{ github.event_name }}
gh_ref: ${{ github.ref }}
image_repo_tag: ${{ needs.setenv.outputs.image_repo_tag }}
helm:
permissions:
contents: write
uses: ortelius/workflow-toolkit/.github/workflows/helm-release-workflow.yml@f4838576b2f6cc71062002313e23e7be5c636158
needs:
- setenv
- release
with:
gh_repository_owner: ${{ github.repository_owner }}
gh_event_name: ${{ github.event_name }}
gh_ref: ${{ github.ref }}
gh_handle: ${{ needs.setenv.outputs.gh_handle }}
chart: chart/${{ needs.setenv.outputs.compname }}
chart_version: ${{ needs.setenv.outputs.chart_version }}
image_repository: ${{ needs.setenv.outputs.image_repository }}
image_tag: ${{ needs.setenv.outputs.image_tag }}
image_digest: ${{ needs.release.outputs.digest }}
secrets:
GPG_KEYRING_BASE64: ${{ secrets.GPG_KEYRING_BASE64 }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
GPG_KEY: ${{ secrets.GPG_KEY }}
gh_token: ${{ secrets.HELM_INDEXER_TOKEN }}
sbom:
uses: ortelius/workflow-toolkit/.github/workflows/sbom-generation-workflow.yml@f4838576b2f6cc71062002313e23e7be5c636158
needs:
- setenv
- release
with:
gh_repository_owner: ${{ github.repository_owner }}
gh_event_name: ${{ github.event_name }}
gh_ref: ${{ github.ref }}
dhurl: ${{ needs.setenv.outputs.dhurl }}
compname: ${{ needs.setenv.outputs.compname }}
chart_version: ${{ needs.setenv.outputs.chart_version }}
branch: ${{ needs.setenv.outputs.branch }}
digest: ${{ needs.release.outputs.digest }}
image_repo_tag: ${{ needs.setenv.outputs.image_repo_tag }}
image_repository: ${{ needs.setenv.outputs.image_repository }}
image_tag: ${{ needs.setenv.outputs.image_tag }}
image_version: ${{ needs.setenv.outputs.image_version }}
secrets:
DHPASS: ${{ secrets.DHPASS }}
DHUSER: ${{ secrets.DHUSER }}