Skip to content

update python scripts to python3 (#96) #7

update python scripts to python3 (#96)

update python scripts to python3 (#96) #7

Workflow file for this run

name: Release
on:
push:
tags:
- "v*" # Push events to matching v*, i.e. v1.0, v20.15.10
env:
REGISTRY: ghcr.io/sovereigncloudstack
metadata_flavor: latest=true
metadata_tags: type=ref,event=tag
permissions:
contents: write
packages: write
# Required to generate OIDC tokens for `sigstore/cosign-installer` authentication
id-token: write
jobs:
manager-image:
name: Build and push manager image
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 0
- uses: ./.github/actions/setup-go
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3
- name: Generate metadata cspo
id: metacspo
uses: ./.github/actions/metadata
env:
IMAGE_NAME: cspo
with:
metadata_flavor: ${{ env.metadata_flavor }}
metadata_tags: ${{ env.metadata_tags }}
- name: Login to ghcr.io for CI
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Install Cosign
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
- name: Install Bom
shell: bash
run: |
curl -L https://github.com/kubernetes-sigs/bom/releases/download/v0.6.0/bom-amd64-linux -o bom
sudo mv ./bom /usr/local/bin/bom
sudo chmod +x /usr/local/bin/bom
- name: Setup Env
run: |
echo 'DOCKER_BUILD_LDFLAGS<<EOF' >> $GITHUB_ENV
echo $DOCKER_BUILD_LDFLAGS >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
- name: Build and push cspo image
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5
id: docker_build_release_cspo
with:
provenance: false
context: .
file: ./images/cspo/Dockerfile
push: true
build-args: |
LDFLAGS=${{ env.DOCKER_BUILD_LDFLAGS }}
tags: ${{ steps.metacspo.outputs.tags }}
labels: ${{ steps.metacspo.outputs.labels }}
platforms: linux/amd64
cache-from: type=gha, scope=${{ github.workflow }}
cache-to: type=gha, mode=max, scope=${{ github.workflow }}
- name: Sign Container Images
run: |
cosign sign --yes ghcr.io/sovereigncloudstack/cspo@${{ steps.docker_build_release_cspo.outputs.digest }}
- name: Generate SBOM cspo
shell: bash
# To-Do: generate SBOM from source after https://github.com/kubernetes-sigs/bom/issues/202 is fixed
run: |
bom generate --format=json -o sbom_ci_main_cspo_${{ steps.metacspo.outputs.version }}-spdx.json \
--image=ghcr.io/sovereigncloudstack/cspo:${{ steps.metacspo.outputs.version }}
- name: Attest SBOM to Container Images cspo
run: |
cosign attest --yes --type=spdxjson --predicate sbom_ci_main_cspo_${{ steps.metacspo.outputs.version }}-spdx.json ghcr.io/sovereigncloudstack/cspo@${{ steps.docker_build_release_cspo.outputs.digest }}
- name: Sign SBOM Images cspo
run: |
docker_build_release_digest="${{ steps.docker_build_release_cspo.outputs.digest }}"
image_name="ghcr.io/sovereigncloudstack/cspo:${docker_build_release_digest/:/-}.sbom"
docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign --yes "ghcr.io/sovereigncloudstack/cspo@${docker_build_release_sbom_digest}"
- name: Image Releases digests cspo
shell: bash
run: |
mkdir -p image-digest/
echo "ghcr.io/sovereigncloudstack/cspo:{{ steps.metacspo.outputs.version }}@${{ steps.docker_build_release_cspo.outputs.digest }}" >> image-digest/cspo.txt
# Upload artifact digests
- name: Upload artifact digests
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: image-digest cspo
path: image-digest
retention-days: 90
- name: Image Digests Output
shell: bash
run: |
cd image-digest/
find -type f | sort | xargs -d '\n' cat
release:
name: Create draft release
runs-on: ubuntu-latest
permissions:
packages: read
defaults:
run:
shell: bash
needs:
- manager-image
steps:
- name: Set env
shell: bash
run: echo "RELEASE_TAG=${GITHUB_REF:10}" >> $GITHUB_ENV
- name: checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 0
- name: Install go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version-file: "go.mod"
cache: true
cache-dependency-path: go.sum
- name: install kustomize
run: |
make kustomize
- name: generate release artifacts
run: |
make release
- name: generate release notes
run: |
make release-notes
- name: Release
uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2
with:
draft: true
files: out/*
body_path: _releasenotes/${{ env.RELEASE_TAG }}.md