diff --git a/.github/workflows/test-build-update-helm.yaml b/.github/workflows/test-build-update-helm.yaml index 99bc12e..784250e 100644 --- a/.github/workflows/test-build-update-helm.yaml +++ b/.github/workflows/test-build-update-helm.yaml @@ -6,7 +6,7 @@ on: - main paths-ignore: - 'charts/fga-operator/values.yaml' - - 'charts/fga-operator/Chart.yaml' + - 'charts/fga-operator/Chart.yaml' pull_request: branches: - main @@ -59,7 +59,7 @@ jobs: with: go-version-file: './operator/go.mod' cache-dependency-path: './operator/go.sum' - check-latest: true + check-latest: true - name: Build working-directory: ./operator @@ -70,7 +70,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v4 - name: Build Docker image working-directory: ./operator @@ -127,7 +127,7 @@ jobs: - name: Pust new tag run: | - git push --tags + git push --tags helm-update: runs-on: ubuntu-24.04 @@ -167,6 +167,7 @@ jobs: if: github.ref == 'refs/heads/main' permissions: contents: write + packages: write needs: - helm-update steps: @@ -195,7 +196,7 @@ jobs: git merge origin/main git push origin gh-pages - + git checkout main - name: Run chart-releaser @@ -205,6 +206,24 @@ jobs: env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + - name: Login to GHCR + uses: docker/login-action@v3.2.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push chart to GHCR + run: | + shopt -s nullglob + for pkg in .cr-release-packages/*.tgz; do + if [ -z "${pkg:-}" ]; then + break + fi + helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/fga-operator" + done + + scan-image: permissions: actions: read @@ -249,7 +268,7 @@ jobs: with: image: ${{ env.GITHUB_REGISTRY }}/${{ github.repository }}:${{ env.IMAGE_TAG }} args: --file=./operator/Dockerfile.goreleaser --severity-threshold=high --sarif-file-output=snyk.sarif - + - name: Upload Snyk report as sarif uses: github/codeql-action/upload-sarif@v3 with: