Merge pull request #129 from nirmata/nightly-scan-test

created ngihtly-scan-test
nirmata · Jul 3, 2024 · 8c35ff8 · 8c35ff8
2 parents 00cbdca + 7a5f016
commit 8c35ff8
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 1 deletion.
diff --git a/.github/actions/setup-build-env/action.yaml b/.github/actions/setup-build-env/action.yaml
@@ -2,6 +2,7 @@ name: Setup build env
 
 description: Clone repo, unshallow, setup go, cache and install tools.
 
+
 inputs:
   unshallow:
     description: git unshallow

diff --git a/.github/workflows/check-actions.yaml b/.github/workflows/check-actions.yaml
@@ -26,3 +26,4 @@ jobs:
           # See: https://github.com/slsa-framework/slsa-github-generator#referencing-slsa-builders-and-generators
           allowlist: |
             slsa-framework/slsa-github-generator
+            nirmata/reusable-workflows/.github/actions/image-scanning
diff --git a/.github/workflows/nightly-test.yml b/.github/workflows/nightly-test.yml
@@ -0,0 +1,60 @@
+name: Nightly Scan
+on:
+  schedule:
+    - cron: "*/5 * * *" # UTC
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  publish-scan-branch:
+    name: Publish
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        branch:
+          - main
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          ref: ${{ matrix.branch }}
+
+      - name: Setup Go
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+        with:
+          go-version-file: go.mod
+          cache-dependency-path: go.sum
+
+      - name: Set Image name
+        run: |
+          echo IMAGE_NAME="nirmata/nightly-kyverno-${{ matrix.branch }}" >> $GITHUB_ENV
+      
+      # - name: Log into registry ${{env.REGISTRY}}
+      #   uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+      #   with:
+      #     registry: ${{env.REGISTRY}}
+      #     username: ${{github.actor}}
+      #     password: ${{secrets.GITHUB_TOKEN}}
+
+
+      - name: Build and Push 
+        run: |
+          make ko-build-kyverno KO_DOCKER_REPO=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: image scanning
+        id: scan
+        uses: nirmata/reusable-workflows/.github/actions/image-scanning@cleanup
+        with:
+          pcc_url: ${{ secrets.PCC_URL }}
+          pcc_user: ${{ secrets.PCC_USER }}
+          pcc_pass: ${{ secrets.PCC_PASS }}
+          image_name: ${{env.REGISTRY}}/${{env.IMAGE_NAME}}
+          free-disk: 'true'
+
+
diff --git a/Makefile b/Makefile
@@ -263,7 +263,7 @@ build-all: build-kyverno-init build-kyverno build-cli build-cleanup-controller b
 ##############
 
 LOCAL_PLATFORM      := linux/$(GOARCH)
-KO_REGISTRY         := ko.local
+KO_REGISTRY         ?= ko.local
 ifndef VERSION
 KO_TAGS             := $(GIT_SHA)
 else ifeq ($(VERSION),main)