diff --git a/.github/workflows/action.yaml b/.github/workflows/action.yaml new file mode 100644 index 0000000..0496309 --- /dev/null +++ b/.github/workflows/action.yaml @@ -0,0 +1,123 @@ +name: Accuknox-Job Workflow +on: + push: + tags: + - "v[0-9]+.[0-9]+.[0-9]+" + - "v[0-9]+.[0-9]+.[0-9]+-*" + pull_request_target: + branches: + - "*" + + +env: + REPO: public.ecr.aws/k9v9d5v2 + CHART_NAME_K8S: accuknox-cis-k8s + CHART_PATH_K8S: ./accuknox-cis-k8s + CHART_REVISION_NAME_K8S: accuknox-cis-k8s + CHART_NAME_K8TLS: accuknox-k8tls-job + CHART_PATH_K8TLS: ./accuknox-k8tls-job + CHART_REVISION_NAME_K8TLS: accuknox-k8tls-job + CHART_NAME_KIEM: accuknox-kiem-job + CHART_PATH_KIEM: ./accuknox-kiem-job + CHART_REVISION_NAME_KIEM: accuknox-kiem-job + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DEV_ACCESS_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DEV_SECRET_ID }} + AWS_REGION: us-east-1 + + +jobs: + tag-validate: + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/tags/v') + steps: + - uses: rubenesp87/semver-validation-action@0.1.0 + with: + version: ${{ github.ref_name }} + + + chart-validate-k8s: + runs-on: ubuntu-latest + if: always() && !contains(needs.tag-validate.result, 'failure') + needs: [tag-validate] + steps: + - name: Checkout source + uses: accuknox/common-gh-actions/actions/checkout-source@main + - name: Validate helm chart + uses: accuknox/common-gh-actions/actions/helm-check@main + with: + chart-path: ${{ env.CHART_PATH_K8S }} + revision-name: ${{ env.CHART_REVISION_NAME_K8S }} + + chart-validate-k8tls: + runs-on: ubuntu-latest + if: always() && !contains(needs.tag-validate.result, 'failure') + needs: [tag-validate] + steps: + - name: Checkout source + uses: accuknox/common-gh-actions/actions/checkout-source@main + - name: Validate helm chart + uses: accuknox/common-gh-actions/actions/helm-check@main + with: + chart-path: ${{ env.CHART_PATH_K8TLS }} + revision-name: ${{ env.CHART_REVISION_NAME_K8TLS }} + + chart-validate-kiem: + runs-on: ubuntu-latest + if: always() && !contains(needs.tag-validate.result, 'failure') + needs: [tag-validate] + steps: + - name: Checkout source + uses: accuknox/common-gh-actions/actions/checkout-source@main + - name: Validate helm chart + uses: accuknox/common-gh-actions/actions/helm-check@main + with: + chart-path: ${{ env.CHART_PATH_KIEM }} + revision-name: ${{ env.CHART_REVISION_NAME_KIEM}} + + chart-push-k8s: + runs-on: ubuntu-latest + needs: [chart-validate-k8s] + if: startsWith(github.ref, 'refs/tags/v') + steps: + - name: Checkout source + uses: accuknox/common-gh-actions/actions/checkout-source@main + - name: Push helm chart to ECR + uses: accuknox/common-gh-actions/actions/helm-push@main + with: + chart-path: ${{ env.CHART_PATH_K8S }} + version: ${{ github.ref_name }} + ecr-region: ${{ env.AWS_REGION }} + ecr-repo: ${{ env.REPO }} + type: public + + chart-push-k8tls: + runs-on: ubuntu-latest + needs: [chart-validate-k8tls] + if: startsWith(github.ref, 'refs/tags/v') + steps: + - name: Checkout source + uses: accuknox/common-gh-actions/actions/checkout-source@main + - name: Push helm chart to ECR + uses: accuknox/common-gh-actions/actions/helm-push@main + with: + chart-path: ${{ env.CHART_PATH_K8TLS }} + version: ${{ github.ref_name }} + ecr-region: ${{ env.AWS_REGION }} + ecr-repo: ${{ env.REPO }} + type: public + + chart-push-kiem: + runs-on: ubuntu-latest + needs: [chart-validate-kiem] + if: startsWith(github.ref, 'refs/tags/v') + steps: + - name: Checkout source + uses: accuknox/common-gh-actions/actions/checkout-source@main + - name: Push helm chart to ECR + uses: accuknox/common-gh-actions/actions/helm-push@main + with: + chart-path: ${{ env.CHART_PATH_KIEM }} + version: ${{ github.ref_name }} + ecr-region: ${{ env.AWS_REGION }} + ecr-repo: ${{ env.REPO }} + type: public \ No newline at end of file