.github/workflows/alpha.yaml

name: alpha

on:
  push:
    branches:
      - main

jobs:

  generate-tag:
    runs-on: ubuntu-20.04
    outputs:
      tag: ${{ steps.get_tag.outputs.GIT_TAG }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Get tags
        id: get_tag
        uses: ./.github/actions/version-tag


  build-migrations-melange-packages:
    needs: [generate-tag]
    strategy:
      fail-fast: true
      matrix:
        runner: [
          {name: ubuntu-20.04, arch: amd64},
          {name: arm64-runner-set, arch: arm64}
        ]
    runs-on: ${{ matrix.runner.name }}
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/build-custom-melange-package
        with:
          context: migrations/deploy
          component: kotsadm-migrations
          git-tag: ${{ needs.generate-tag.outputs.tag }}
          arch: ${{ matrix.runner.arch }}

  build-migrations:
    runs-on: ubuntu-20.04
    needs: [generate-tag, build-migrations-melange-packages]
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/build-custom-image-with-apko
        with:
          context: migrations/deploy
          component: kotsadm-migrations
          git-tag: ${{ needs.generate-tag.outputs.tag }}
          image-name: index.docker.io/kotsadm/kotsadm-migrations:alpha
          registry-username: ${{ secrets.DOCKERHUB_USER }}
          registry-password: ${{ secrets.DOCKERHUB_PASSWORD }}


  build-kotsadm-melange-packages:
    needs: [generate-tag]
    strategy:
      fail-fast: true
      matrix:
        runner: [
          {name: ubuntu-20.04, arch: amd64},
          {name: arm64-runner-set, arch: arm64}
        ]
    runs-on: ${{ matrix.runner.name }}
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/build-custom-melange-package
        with:
          context: deploy
          component: kotsadm
          git-tag: ${{ needs.generate-tag.outputs.tag }}
          arch: ${{ matrix.runner.arch }}

  build-kotsadm:
    runs-on: ubuntu-20.04
    needs: [generate-tag, build-kotsadm-melange-packages]
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/build-custom-image-with-apko
        with:
          context: deploy
          component: kotsadm
          git-tag: ${{ needs.generate-tag.outputs.tag }}
          image-name: index.docker.io/kotsadm/kotsadm:alpha
          registry-username: ${{ secrets.DOCKERHUB_USER }}
          registry-password: ${{ secrets.DOCKERHUB_PASSWORD }}


  build-kurl-proxy-melange-packages:
    needs: [generate-tag]
    strategy:
      fail-fast: true
      matrix:
        runner: [
          {name: ubuntu-20.04, arch: amd64},
          {name: arm64-runner-set, arch: arm64}
        ]
    runs-on: ${{ matrix.runner.name }}
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/build-custom-melange-package
        with:
          context: kurl_proxy/deploy
          component: kurl-proxy
          git-tag: ${{ needs.generate-tag.outputs.tag }}
          arch: ${{ matrix.runner.arch }}

  build-kurl-proxy:
    runs-on: ubuntu-20.04
    needs: [generate-tag, build-kurl-proxy-melange-packages]
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/build-custom-image-with-apko
        with:
          context: kurl_proxy/deploy
          component: kurl-proxy
          git-tag: ${{ needs.generate-tag.outputs.tag }}
          image-name: index.docker.io/kotsadm/kurl-proxy:alpha
          registry-username: ${{ secrets.DOCKERHUB_USER }}
          registry-password: ${{ secrets.DOCKERHUB_PASSWORD }}


  scan_rqlite:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Read image tags from env file
        uses: falti/dotenv-action@v1
        id: dotenv
        with:
          path: .image.env
      - name: Scan rqlite for vulnerabilities
        id: scan
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: "docker.io/kotsadm/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }}"
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'rqlite-scan-output.sarif'
          exit-code: '0'
          ignore-unfixed: true
          severity: 'CRITICAL,HIGH,MEDIUM'
      - name: Print scan report
        run: cat rqlite-scan-output.sarif
      - name: Upload scan report
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: rqlite-scan-output.sarif


  scan_minio:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Read image tags from env file
        uses: falti/dotenv-action@v1
        id: dotenv
        with:
          path: .image.env
      - name: Scan minio for vulnerabilities
        id: scan
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: "docker.io/kotsadm/minio:${{ steps.dotenv.outputs.MINIO_TAG }}"
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'minio-scan-output.sarif'
          exit-code: '0'
          ignore-unfixed: true
          severity: 'CRITICAL,HIGH,MEDIUM'
      - name: Print scan report
        run: cat minio-scan-output.sarif
      - name: Upload scan report
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: 'minio-scan-output.sarif'


  scan_dex:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Read image tags from env file
        uses: falti/dotenv-action@v1
        id: dotenv
        with:
          path: .image.env
      - name: Scan dex for vulnerabilities
        id: scan
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: "docker.io/kotsadm/dex:${{ steps.dotenv.outputs.DEX_TAG }}"
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'dex-scan-output.sarif'
          exit-code: '0'
          ignore-unfixed: true
          severity: 'CRITICAL,HIGH,MEDIUM'
      - name: Print scan report
        run: cat dex-scan-output.sarif
      - name: Upload scan report
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: dex-scan-output.sarif


  scan_kurl_proxy:
    runs-on: ubuntu-20.04
    needs: [build-kurl-proxy]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Scan kurl-proxy for vulnerabilities
        id: scan
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'docker.io/kotsadm/kurl-proxy:alpha'
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'kurl-proxy-scan-output.sarif'
          exit-code: '0'
          ignore-unfixed: true
          severity: 'CRITICAL,HIGH,MEDIUM'
      - name: Print scan report
        run: cat kurl-proxy-scan-output.sarif
      - name: Upload scan report
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: kurl-proxy-scan-output.sarif


  scan_local_volume_provider:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Read image tags from env file
        uses: falti/dotenv-action@v1
        id: dotenv
        with:
          path: .image.env
      - name: Scan replicated/local-volume-provider for vulnerabilities
        id: scan
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: "docker.io/replicated/local-volume-provider:${{ steps.dotenv.outputs.LVP_TAG }}"
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'scan-output.sarif'
          exit-code: '0'
          ignore-unfixed: true
          severity: 'CRITICAL,HIGH,MEDIUM'
      - name: Print scan report
        run: cat scan-output.sarif
      - name: Upload scan report
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: scan-output.sarif


  scan_kotsadm:
    runs-on: ubuntu-20.04
    needs: [build-kotsadm]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Scan kotsadm for vulnerabilities
        id: scan
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'docker.io/kotsadm/kotsadm:alpha'
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'kotsadm-scan-output.sarif'
          exit-code: '0'
          ignore-unfixed: true
          severity: 'CRITICAL,HIGH,MEDIUM'
      - name: Print scan report
        run: cat kotsadm-scan-output.sarif
      - name: Upload scan report
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: kotsadm-scan-output.sarif


  scan_kotsadm_migrations:
    runs-on: ubuntu-20.04
    needs: [build-migrations]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Scan migrations for vulnerabilities
        id: scan
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: 'docker.io/kotsadm/kotsadm-migrations:alpha'
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'kotsadm-migration-scan-output.sarif'
          exit-code: '0'
          ignore-unfixed: true
          severity: 'CRITICAL,HIGH,MEDIUM'
      - name: Print scan report
        run: cat kotsadm-migration-scan-output.sarif
      - name: Upload scan report
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: kotsadm-migration-scan-output.sarif