.github/workflows/ci.yml

name: CI
on:
  push:
    branches:
      - main
    paths:
      - "deployment/**"
      - ".github/**"
  pull_request:
    branches:
      - main
    paths:
      - "deployment/**"
      - ".github/**"
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - name: Check out repository code
      uses: actions/checkout@v4
    - name: Run Trivy vulnerability scanner
      uses: aquasecurity/trivy-action@master
      with:
        scan-type: 'config'
        scan-ref: '.'
        format: 'sarif'
        output: 'trivy-results.sarif'
    - name: Upload Trivy scan results to GitHub Security tab
      uses: github/codeql-action/upload-sarif@v3
      with:
        sarif_file: 'trivy-results.sarif'

  k8s-test:
    runs-on: ubuntu-latest
    needs: [build]
    if: ${{ github.event_name == 'pull_request' }}
    steps:
      - name: Create k8s Kind Cluster
        uses: helm/kind-action@v1.10.0
      - name: Check out repository code
        uses: actions/checkout@v4
      - name: Run K8s test
        run: |
          kubectl cluster-info
          kubectl apply -k deployment/
          kubectl get all -A

  auto-approve:
    runs-on: ubuntu-latest
    needs: [build, k8s-test]
    if: ${{ github.event_name == 'pull_request' }}
    steps:
    - name: Auto Approve PR
      uses: actions/github-script@v7
      with:
       github-token: ${{ github.token }}
       script: |
        github.rest.pulls.createReview({
          owner: context.repo.owner,
          repo: context.repo.repo,
          pull_number: context.issue.number,
          event: "APPROVE"
        })

  # auto-merge:
  #   runs-on: ubuntu-latest
  #   needs: [auto-approve]
  #   if: ${{ github.event_name == 'pull_request' }}
  #   env:
  #     PR_NUMBER: ${{ github.event.number }}
  #   steps:
  #   - name: Check out repository code
  #     uses: actions/checkout@v4
  #   - name: Auto Merge PR
  #     uses: actions/github-script@v7
  #     with:
  #       github-token: ${{ github.token }}
  #       script: |
  #         await github.rest.pulls.merge({
  #           merge_method: 'squash',
  #           owner: context.repo.owner,
  #           pull_number: process.env.PR_NUMBER,
  #           repo: context.repo.repo
  #         });