feat: split pipelines into ci and release (#230) (#561)

Signed-off-by: Denis Makarenkov <denm15221@gmail.com>

Author: makdeniss

.github/workflows/ci.yml

@@ -0,0 +1,53 @@
+name: ci
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ci-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    uses: platform-mesh/.github/.github/workflows/job-golang-lint.yml@main
+    with:
+      useTask: true
+
+  test:
+    uses: platform-mesh/.github/.github/workflows/job-golang-test-source.yml@main
+    with:
+      useTask: true
+      useLocalCoverageConfig: true
+
+  docker-build:
+    uses: platform-mesh/.github/.github/workflows/job-docker-build.yml@main
+    with:
+      imageTagName: ghcr.io/platform-mesh/security-operator
+
+  quality-gate:
+    if: always()
+    permissions: {}
+    needs: [lint, test, docker-build]
+    runs-on: ubuntu-latest
+    timeout-minutes: 1
+    steps:
+      - name: Check results
+        run: |
+          if [[ "${{ needs.lint.result }}" != "success" ]]; then
+            echo "lint failed"
+            exit 1
+          fi
+          if [[ "${{ needs.test.result }}" != "success" ]]; then
+            echo "test failed"
+            exit 1
+          fi
+          if [[ "${{ needs.docker-build.result }}" != "success" ]]; then
+            echo "docker-build failed"
+            exit 1
+          fi

.github/workflows/pipeline.yaml

@@ -0,0 +1,69 @@
+name: release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  id-token: write
+  issues: write
+  packages: write
+  pull-requests: write
+  attestations: write
+
+concurrency:
+  group: release-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  lint:
+    uses: platform-mesh/.github/.github/workflows/job-golang-lint.yml@main
+    with:
+      useTask: true
+
+  test:
+    uses: platform-mesh/.github/.github/workflows/job-golang-test-source.yml@main
+    secrets: inherit
+    with:
+      useTask: true
+      useLocalCoverageConfig: true
+
+  create-version:
+    uses: platform-mesh/.github/.github/workflows/job-create-version.yml@main
+    secrets: inherit
+
+  docker-build-push:
+    needs: [create-version, lint, test]
+    uses: platform-mesh/.github/.github/workflows/job-docker-build-push.yml@main
+    with:
+      imageTagName: ghcr.io/platform-mesh/security-operator
+      version: ${{ needs.create-version.outputs.version }}
+      multiarch: true
+    secrets: inherit
+
+  update-version:
+    needs: [create-version, docker-build-push]
+    uses: platform-mesh/.github/.github/workflows/job-chart-version-update.yml@main
+    secrets: inherit
+    with:
+      appVersion: ${{ needs.create-version.outputs.version }}
+      chart: security-operator
+      targetRepository: platform-mesh/helm-charts
+
+  sbom:
+    needs: [create-version, docker-build-push]
+    uses: platform-mesh/.github/.github/workflows/job-sbom.yml@main
+    with:
+      imageReference: ghcr.io/platform-mesh/security-operator:${{ needs.create-version.outputs.version }}
+
+  image-ocm:
+    needs: [create-version, docker-build-push, sbom]
+    uses: platform-mesh/.github/.github/workflows/job-image-ocm.yml@main
+    secrets: inherit
+    with:
+      imageReference: ghcr.io/platform-mesh/security-operator:${{ needs.create-version.outputs.version }}
+      appVersion: ${{ needs.create-version.outputs.version }}
+      repoName: security-operator
+      commit: ${{ github.sha }}

.github/workflows/release.yml

@@ -3,7 +3,7 @@
 
 # platform-mesh - security-operator
 [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/platform-mesh/security-operator/badge)](https://scorecard.dev/viewer/?uri=github.com/platform-mesh/security-operator)
-![build status](https://github.com/platform-mesh/security-operator/actions/workflows/pipeline.yaml/badge.svg)
+![build status](https://github.com/platform-mesh/security-operator/actions/workflows/ci.yml/badge.svg)
 
 ## Description
 Security-operator is responsible for security related configuration in Platform-mesh.