aquasecurity-trivy/.github/workflows/canary.yaml

name: Canary build
on:
  push:
    branches:
      - 'main'
    paths:
      - '**.go'
      - 'go.mod'
      - 'Dockerfile.canary'
      - '.github/workflows/canary.yaml'
  workflow_dispatch:

jobs:
  build-binaries:
    name: Build binaries
    uses: ./.github/workflows/reusable-release.yaml
    with:
      goreleaser_config: goreleaser-canary.yml
      goreleaser_options: '--snapshot --clean --timeout 60m' # will not release
    secrets: inherit

  upload-binaries:
    name: Upload binaries
    needs: build-binaries # run this job after 'build-binaries' job completes
    runs-on: ubuntu-latest
    steps:
      - name: Restore Trivy binaries from cache
        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
        with:
          path: dist/
          key: ${{ runner.os }}-bins-${{ github.workflow }}-${{ github.sha }}

        # Upload artifacts
      - name: Upload artifacts (trivy_Linux-64bit)
        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: trivy_Linux-64bit
          path: dist/trivy_*_Linux-64bit.tar.gz
          if-no-files-found: error

      - name: Upload artifacts (trivy_Linux-ARM64)
        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: trivy_Linux-ARM64
          path: dist/trivy_*_Linux-ARM64.tar.gz
          if-no-files-found: error

      - name: Upload artifacts (trivy_macOS-64bit)
        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: trivy_macOS-64bit
          path: dist/trivy_*_macOS-64bit.tar.gz
          if-no-files-found: error

      - name: Upload artifacts (trivy_macOS-ARM64)
        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: trivy_macOS-ARM64
          path: dist/trivy_*_macOS-ARM64.tar.gz
          if-no-files-found: error

      - name: Delete cache after upload
        run: |
          gh cache delete "$CACHE_KEY" --repo "${{ github.repository }}"
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CACHE_KEY: ${{ runner.os }}-bins-${{ github.workflow }}-${{ github.sha }}