Setup release branches

Author: pmacik

.github/workflows/merge-to-master.yaml

@@ -10,6 +10,7 @@ env:
   GO111MODULE: on
   K8S_VERSION: "1.19.2"
   CONTAINER_RUNTIME: "docker"
+  OPERATOR_REPO_REF: "quay.io/pmacik/sbo-test"
 
 jobs:
   release:

.github/workflows/merge-to-release-branch.yaml

@@ -0,0 +1,112 @@
+name: Merge to release branches
+
+on:
+  push:
+    branches:
+      - 'release/**'
+
+env:
+  SDK_VERSION: "1.16.0"
+  GO111MODULE: on
+  K8S_VERSION: "1.19.2"
+  CONTAINER_RUNTIME: "docker"
+  OPERATOR_REPO_REF: "quay.io/pmacik/sbo-test"
+
+jobs:
+  release:
+    name: Release operator on Quay.io
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Git Repository
+        uses: actions/checkout@v2
+
+      - name: Set up PATH
+        run: |
+          mkdir -p $GITHUB_WORKSPACE/bin/
+          echo "PATH=$PATH:$GITHUB_WORKSPACE/bin/" >> $GITHUB_ENV
+
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: "^1.16"
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: "3.7"
+          architecture: "x64"
+
+      - name: Setup CLI
+        uses: ./.github/actions/setup-cli
+        with:
+          operator-sdk: true
+          kubectl: true
+
+      - name: Release operator on Quay.io
+        env:
+          QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
+          QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }}
+        run: |
+          export OPERATOR_INDEX_IMAGE_REF=$OPERATOR_REPO_REF:index-${GITHUB_REF_NAME#release/}
+          make release-operator
+
+  unit-tests-with-coverage:
+    name: Unit tests with code coverage for merge-to-master commits
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Git Repository
+        uses: actions/checkout@v2
+
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: "^1.16"
+
+      - name: Unit Tests with Code Coverage
+        run: |
+          make test
+
+      - name: Upload Code Coverage Report
+        uses: codecov/codecov-action@v3
+        with:
+          file: cover.out
+          verbose: true
+          fail_ci_if_error: true
+
+  security-scan:
+    name: Security vulnerability scan
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Wait for push
+        uses: lewagon/wait-on-check-action@1b1630e169116b58a4b933d5ad7effc46d3d312d
+        with:
+          ref: ${{ github.ref }}
+          check-name: "Release operator on Quay.io"
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          wait-interval: 60
+
+      - name: Extract operator image ref
+        id: operator-image-ref
+        run: |
+          export OIR=${OPERATOR_REPO_REF}:$(git rev-parse --short=8 HEAD)
+          echo "::set-output name=operator-image-ref::${OIR}"
+
+      - name: Run Trivy vulnerability scanner in IaC mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ steps.operator-image-ref.outputs.operator-image-ref }}
+          format: 'sarif'
+          severity: 'CRITICAL,HIGH'
+          ignore-unfixed: true
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        if: always()
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'

.github/workflows/pr-checks-build-images.yaml

@@ -4,13 +4,14 @@ on:
   pull_request:
     branches:
       - master
+      - 'release/**'
 
 env:
   SDK_VERSION: "1.16.0"
   CONTAINER_RUNTIME: "podman"
   ARTIFACTS: "artifacts"
-  REGISTRY_PREFIX: quay.io/redhat-developer
-  REPO: servicebinding-operator
+  REGISTRY_PREFIX: quay.io/pmacik
+  REPO: sbo-test
 
 jobs:
   build-operator-images:

.github/workflows/pr-checks-clean-images.yaml

@@ -4,10 +4,11 @@ on:
   pull_request_target:
     branches:
       - master
+      - 'release/**'
     types: [closed]
 
 env:
-  OPERATOR_REPO_REF: quay.io/redhat-developer/servicebinding-operator
+  OPERATOR_REPO_REF: quay.io/pmacik/sbo-test
 
 jobs:
   clean-operator-images:

.github/workflows/pr-checks-push-images.yaml

@@ -4,10 +4,11 @@ on:
   pull_request_target:
     branches:
       - master
+      - 'release/**'
 
 env:
-  REGISTRY_PREFIX: quay.io/redhat-developer
-  REPO: servicebinding-operator
+  REGISTRY_PREFIX: quay.io/pmacik
+  REPO: sbo-test
 
 jobs:
   push-operator-images:

.github/workflows/pr-checks.yaml

@@ -4,6 +4,7 @@ on:
   pull_request:
     branches:
       - master
+      - 'release/**'
 
 env:
   GO111MODULE: on

.github/workflows/pr-cherry-pick-clean.yaml

@@ -0,0 +1,23 @@
+name: "Clean cherry-pick PR branch"
+
+on:
+  pull_request_target:
+    branches:
+      - 'release/**'
+    types: [closed]
+
+env:
+  OPERATOR_REPO_REF: quay.io/pmacik/sbo-test
+
+jobs:
+  delete-cherry-pick-branch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Delete cherry-pick branch
+        uses: SvanBoxel/delete-merged-branch@main
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          delete_closed_pr: true
+          exclude:
+            master, release/*

.github/workflows/pr-cherry-picks.yaml

@@ -0,0 +1,34 @@
+name: "Cherry pick PR to release branches"
+
+on:
+  pull_request_target:
+    branches:
+      - master
+    types: [closed]
+
+env:
+  OPERATOR_REPO_REF: quay.io/pmacik/sbo-test
+
+jobs:
+  cherry_pick_release_v1_1_x:
+    runs-on: ubuntu-latest
+    name: Cherry pick into release/v1.1.x
+    if: contains(github.event.pull_request.labels.*.name, 'release/v1.1.x') && github.event.pull_request.merged
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Setup SSH for cherry-pick repo
+        uses: webfactory/[email protected]
+        with:
+          ssh-private-key: ${{ secrets.SBO_CHERRY_PICK_REPO_SSH_PRIVATE_KEY }}
+      - name: Cherry pick into release/v1.1.x
+        uses: pmacik/github-cherry-pick-action@exclude-pr-labels
+        with:
+          cherry-pick-repo: ${{ secrets.SBO_CHERRY_PICK_REPO }}
+          token: ${{ secrets.SBO_CHERRY_PICK_BOT_TOKEN }}
+          branch: release/v1.1.x
+          labels: |
+            cherry-pick
+          title-prefix: "[cherry-pick(release/1.1.x)] "

.github/workflows/pr-labels.yaml

@@ -4,6 +4,7 @@ on:
   pull_request_target:
     branches:
       - master
+      - 'release/**'
 
 jobs:
   acceptance-tests-skipped-label: