diff --git a/.github/workflows/build-rock.yaml b/.github/workflows/build-rock.yaml deleted file mode 100644 index a7eda9f..0000000 --- a/.github/workflows/build-rock.yaml +++ /dev/null @@ -1,17 +0,0 @@ -name: Build ROCK - -on: - workflow_call: - -jobs: - build-rock: - runs-on: ubuntu-22.04 - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - uses: canonical/craft-actions/rockcraft-pack@main - id: rockcraft - - uses: actions/upload-artifact@v4 - with: - name: rock - path: ${{ steps.rockcraft.outputs.rock }} diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 9c817bf..de7f216 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -19,11 +19,11 @@ concurrency: jobs: build: - uses: ./.github/workflows/build-rock.yaml + uses: canonical/identity-credentials-workflows/.github/workflows/build-rock.yaml@v0 scan: needs: build - uses: ./.github/workflows/scan-rock.yaml + uses: canonical/identity-credentials-workflows/.github/workflows/scan-rock.yaml@v0 integration-tests: needs: build @@ -32,4 +32,4 @@ jobs: publish: if: github.ref_name == 'main' || startsWith(github.ref_name, 'release-') needs: [scan, build, integration-tests] - uses: ./.github/workflows/publish-rock.yaml + uses: canonical/identity-credentials-workflows/.github/workflows/publish-rock.yaml@v0 diff --git a/.github/workflows/publish-rock.yaml b/.github/workflows/publish-rock.yaml deleted file mode 100644 index e2c8b33..0000000 --- a/.github/workflows/publish-rock.yaml +++ /dev/null @@ -1,39 +0,0 @@ -name: Publish ROCK - -on: - workflow_call: - -jobs: - publish-rock: - runs-on: ubuntu-22.04 - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Log in to the Container registry - uses: docker/login-action@v3.3.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Install rockcraft - run: | - sudo snap install rockcraft --classic --channel edge - - uses: actions/download-artifact@v4 - with: - name: rock - - - name: Import and push to github package - run: | - image_name="$(yq '.name' rockcraft.yaml)" - version="$(yq '.version' rockcraft.yaml)" - rock_file=$(ls *.rock | tail -n 1) - sudo rockcraft.skopeo \ - --insecure-policy \ - copy \ - oci-archive:"${rock_file}" \ - docker-daemon:"ghcr.io/canonical/${image_name}:${version}" - docker tag ghcr.io/canonical/${image_name}:${version} ghcr.io/canonical/${image_name}:latest - docker push ghcr.io/canonical/${image_name}:${version} - docker push ghcr.io/canonical/${image_name}:latest diff --git a/.github/workflows/scan-rock.yaml b/.github/workflows/scan-rock.yaml deleted file mode 100644 index 2dd7a8c..0000000 --- a/.github/workflows/scan-rock.yaml +++ /dev/null @@ -1,48 +0,0 @@ -name: Scan - -on: - workflow_call: - -jobs: - scan: - runs-on: ubuntu-22.04 - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Install rockcraft - run: | - sudo snap install rockcraft --classic --channel edge - - - name: Install yq - run: | - sudo snap install yq - - - uses: actions/download-artifact@v4 - with: - name: rock - - - name: Import - run: | - image_name="$(yq '.name' rockcraft.yaml)" - echo "image_name=${image_name}" >> $GITHUB_ENV - version="$(yq '.version' rockcraft.yaml)" - echo "version=${version}" >> $GITHUB_ENV - rock_file=$(ls *.rock | tail -n 1) - sudo rockcraft.skopeo \ - --insecure-policy \ - copy \ - oci-archive:"${rock_file}" \ - docker-daemon:"ghcr.io/canonical/${image_name}:${version}" - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: "ghcr.io/canonical/${{env.image_name}}:${{env.version}}" - format: "sarif" - output: "trivy-results.sarif" - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: "trivy-results.sarif"