aquasecurity-trivy/.github/workflows/release.yaml

name: Release
on:
  push:
    tags:
      - "v*"

jobs:
  release:
    name: Release
    uses: ./.github/workflows/reusable-release.yaml
    with:
      goreleaser_config: goreleaser.yml
      goreleaser_options: '--clean --timeout 90m'
    secrets: inherit

  deploy-packages:
    name: Deploy rpm/dep packages
    needs: release # run this job after 'release' job completes
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v4.1.6
        with:
          fetch-depth: 0

      - name: Restore Trivy binaries from cache
        uses: actions/cache@v4
        with:
          path: dist/
          key: ${{ runner.os }}-bins-${{github.workflow}}-${{github.sha}}

      - name: Install dependencies
        run: |
          sudo apt-get -y update
          sudo apt-get -y install rpm reprepro createrepo-c distro-info

      - name: Checkout trivy-repo
        uses: actions/checkout@v4.1.6
        with:
          repository: ${{ github.repository_owner }}/trivy-repo
          path: trivy-repo
          fetch-depth: 0
          token: ${{ secrets.ORG_REPO_TOKEN }}

      - name: Setup git settings
        run: |
          git config --global user.email "knqyf263@gmail.com"
          git config --global user.name "Teppei Fukuda"

      - name: Create rpm repository
        run: ci/deploy-rpm.sh

      - name: Import GPG key
        run: echo -e "${{ secrets.GPG_KEY }}" | gpg --import

      - name: Create deb repository
        run: ci/deploy-deb.sh

  # `update-chart-version` creates a new PR for updating the helm chart
  update-chart-version:
    needs: deploy-packages
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4.1.6
        with:
          fetch-depth: 0

      - name: Set up Git user
        run: |
          git config --global user.email "actions@github.com"
          git config --global user.name "GitHub Actions"

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version-file: go.mod

      - name: Install Go tools
        run: go install tool # GOBIN is added to the PATH by the setup-go action

      - name: Create a PR with Trivy version
        run: mage helm:updateVersion
        env:
          # Use ORG_REPO_TOKEN instead of GITHUB_TOKEN
          # This allows the created PR to trigger tests and other workflows
          GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}