update gh workflows now that goreleaser is used (#117)

* update gh workflows now that goreleaser is used

This aligns further with the other repos workflow actions.

Signed-off-by: Mike Mason <[email protected]>

* add required schema.graphql file for goreleaser

Signed-off-by: Mike Mason <[email protected]>

---------

Signed-off-by: Mike Mason <[email protected]>

.github/workflows/image-main-latest.yml

@@ -0,0 +1,38 @@
+name: Publish main-latest image
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+    steps:
+      - name: Log in to GHCR
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
+
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - run: git fetch --force --tags
+
+      - uses: actions/setup-go@v4
+        with:
+          go-version-file: go.mod
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          distribution: goreleaser-pro
+          version: latest
+          args: release --nightly --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}

.github/workflows/lint-helm.yml

@@ -0,0 +1,20 @@
+name: Lint - Helm
+on:
+  push:
+  pull_request:
+permissions:
+  contents: read
+  pull-requests: read
+jobs:
+  helm-lint:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Setup Helm
+        uses: azure/[email protected]
+
+      - name: Run helm lint
+        run: helm lint chart/permissions-api

.github/workflows/test.yaml

@@ -29,35 +29,3 @@ jobs:
           token: ${{ secrets.CODECOV_TOKEN }}
           file: ./coverage.out
           name: codecov-umbrella
-
-  image-scan:
-    name: image-scan
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Registry login
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Docker metadata
-        id: metadata
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ghcr.io/${{ github.repository }}
-          tags: |
-            type=sha
-
-      - name: Build
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          push: false
-          load: true
-          tags: ${{ steps.metadata.outputs.tags }}

Dockerfile

@@ -1,26 +1,8 @@
-FROM golang:1.20 as builder
+FROM gcr.io/distroless/static
 
-# Create and change to the app directory.
-WORKDIR /app
-
-# Retrieve application dependencies using Go modules.
-COPY go.* ./
-RUN go mod download && go mod verify
-
-# Copy local code to the container image.
-COPY . ./
-
-# Build the binary.
-# -mod=readonly ensures immutable go.mod and go.sum in container builds.
-RUN CGO_ENABLED=0 GOOS=linux go build -mod=readonly -v -o permissions-api
-
-FROM gcr.io/distroless/base:nonroot AS runner
-
-# `nonroot` coming from distroless
-USER 65532:65532
-
-COPY --from=builder /app/permissions-api /app/permissions-api
+# Copy the binary that goreleaser built
+COPY permissions-api /permissions-api
 
 # Run the web service on container startup.
-ENTRYPOINT ["/app/permissions-api"]
+ENTRYPOINT ["/permissions-api"]
 CMD ["server"]

schema.graphql

@@ -0,0 +1,3 @@
+"""
+TODO: Add generated schema.
+"""