search

carvel-dev / release-scripts

contains scripts for releasing carvel tools
Apache License 2.0
4 stars 3 forks source link
carvel

readme

release-scripts

Overview

release-scripts contains scripting assets related to distributing carvel's binaries to the various distribution channels. i.e. Homebrew, carvel.dev install.sh script etc.

How can a tool start using this release process:

  1. The following step need to be added to the current release-published.yml of the tools repository

for e.g.

- run: |
  curl -X POST https://api.github.com/repos/carvel-dev/release-scripts/dispatches \
  -H 'Accept: application/vnd.github.everest-preview+json' \
  -u ${{ secrets.ACCESS_TOKEN }} \
  --data '{"event_type": "<YourToolName>_released", "client_payload": { "tagName": "${{ github.event.release.tag_name }}", "repo": "${{ github.repository }}", "toolName": "<YourToolName>" }}'

Need to change in the above:

How can a new carvel tool start using this release process:

  1. Enable in the tool the published workflow and add the step in this question
  2. Edit releases.yaml and add the following entry to it:
- product: YourProductName
  1. Release the new tool on the tools Github Repository and the automation will start running

Note: This automated release process will make the tool installable via installation script from the website

Start using the trivy scanning for CLI tools

Pre-requirements

Steps

  1. Create a secret named SLACK_WEBHOOK_URL that points to a slack webhook or slack workflow.
  2. Create a new workflow that looks like this: 
    
name: Trivy CVE Dependency Scanner

on: schedule:

jobs: trivy-scan: uses: carvel-dev/release-scripts/.github/workflows/trivy-scan.yml@main with: repo: carvel-dev/imgpkg tool: imgpkg goVersion: 1.17.0 secrets: githubToken: ${{ secrets.GITHUB_TOKEN }} slackWebhookURL: ${{ secrets.SLACK_WEBHOOK_URL }}