Skip to content

chore: Apply security suggestions for gha #2135

chore: Apply security suggestions for gha

chore: Apply security suggestions for gha #2135

Workflow file for this run

name: Build Image
on:
merge_group:
pull_request_target:
types: [opened, synchronize, reopened, ready_for_review]
branches:
- "main"
- "release-[0-9]+.[0-9]+"
paths-ignore:
- 'docs/**'
- 'dependencies/**'
- '**/*.md'
- 'OWNERS'
- 'CODEOWNERS'
- 'external-images.yaml'
push:
branches:
- "main"
- "release-[0-9]+.[0-9]+"
tags:
- "[0-9]+.[0-9]+.[0-9]+"
paths-ignore:
- 'docs/**'
- 'dependencies/**'
- '**/*.md'
- 'OWNERS'
- 'CODEOWNERS'
- 'external-images.yaml'
jobs:
envs:
runs-on: ubuntu-latest
outputs:
tags: ${{ steps.create-tags.outputs.tags }}
steps:
- name: create tags
id: create-tags
run: |
if [[ $GITHUB_EVENT_NAME == 'push' ]]; then
echo 'TAGS=${{ github.ref_name }}' >> "$GITHUB_OUTPUT"
elif [[ $GITHUB_EVENT_NAME == 'merge_group' ]]; then
echo 'TAGS=${{ github.event.merge_group.head_sha }}' >> "$GITHUB_OUTPUT"
else
{
echo 'tags<<TAGS'
echo 'PR-${{ github.event.pull_request.number }}'
echo '${{ github.event.pull_request.head.sha }}'
echo 'TAGS'
} >> "$GITHUB_OUTPUT"
fi
build-image:
needs: envs
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main # Usage: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: telemetry-manager
dockerfile: Dockerfile
context: .
tags: ${{ needs.envs.outputs.tags }}
notify-on-failure:
needs: build-image
runs-on: ubuntu-latest
if: ${{ always() && (needs.build-image.result == 'failure') }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Send slack message on failure
uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117
with:
payload-file-path: ".github/workflows/slack-message.json"
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_HUSKIES_NOTIF_WEBHOOK_URL }}