-
Notifications
You must be signed in to change notification settings - Fork 109
146 lines (133 loc) · 5.41 KB
/
release-process.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: kapp-controller release
on:
workflow_dispatch:
push:
tags:
- 'v*'
jobs:
kapp-controller-release:
name: kapp-controller release
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Carvel Tools
run: ./hack/install-deps.sh
- name: Install imgpkg
uses: carvel-dev/setup-action@v2
with:
only: imgpkg
token: ${{ secrets.GITHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/[email protected]
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Go 1.x
uses: actions/setup-go@v4
with:
go-version: 1.21.9
- name: Set up Cosign
uses: sigstore/[email protected]
- name: Run release script
run: |
set -e -x
minikube start --driver=docker --wait=all
docker buildx create --name minikube --use --driver=kubernetes --bootstrap
./hack/build-release.sh
# Create release folder to store all the output artifacts
mkdir release
cp ./tmp/release.yml release/release.yml
cd cli
./hack/build-binaries.sh
cp ./kctrl-* ../release/
- name: Run Package build
run: |
constraintVersion="${{ github.ref_name }}"
./cli/kctrl-linux-amd64 pkg release -y -v ${constraintVersion:1} --debug
mv ./carvel-artifacts/packages/kapp-controller.carvel.dev/metadata.yml ./carvel-artifacts/packages/kapp-controller.carvel.dev/package-metadata.yml
mv ./carvel-artifacts/packages/kapp-controller.carvel.dev/* release/
- name: Add to formatted checksum
run: |
pushd release
shasum -a 256 ./release.yml ./kctrl-* ./package.yml ./package-metadata.yml | tee ../tmp/checksums.txt
popd
echo "# :open_file_folder: Files Checksum" | tee ./tmp/checksums-formatted.txt
echo '```' | tee -a ./tmp/checksums-formatted.txt
cat ./tmp/checksums.txt | tee -a ./tmp/checksums-formatted.txt
echo '```' | tee -a ./tmp/checksums-formatted.txt
- name: Create release draft and upload release yaml
uses: softprops/[email protected]
with:
name: ${{ github.ref_name }}
token: ${{ secrets.GITHUB_TOKEN }}
body_path: ./tmp/checksums-formatted.txt
files: |
./release/*
./tmp/checksums.txt
draft: true
prerelease: true
- name: Get uploaded release YAML checksum
uses: actions/[email protected]
id: get-checksums-from-draft-release
if: startsWith(github.ref, 'refs/tags/')
with:
github-token: ${{secrets.GITHUB_TOKEN}}
result-encoding: string
script: |
var crypto = require('crypto');
const { owner, repo } = context.repo;
// https://docs.github.com/en/rest/reference/repos#list-releases
// https://octokit.github.io/rest.js/v18#repos-list-releases
var releases = await github.rest.repos.listReleases({
owner: owner,
repo: repo
});
var crypto = require('crypto')
var fs = require('fs')
const url = require('url');
const https = require('https');
checksums = {}
for (const r of releases["data"]) {
if (r.draft && `refs/tags/${r.tag_name}` == "${{ github.ref }}") {
for (const asset of r.assets) {
var release_asset = await github.rest.repos.getReleaseAsset({ headers: {accept: `application/octet-stream`}, accept: `application/octet-stream`, owner: owner, repo: repo, asset_id: asset.id });
const hash = crypto.createHash('sha256');
let http_promise = new Promise((resolve, reject) => {
https.get(release_asset.url, (stream) => {
stream.on('data', function (data) {
hash.update(data);
});
stream.on('end', function () {
checksums[asset.name]= hash.digest('hex');
resolve(`${asset.name}`);
});
});
});
await http_promise;
}
}
}
console.log(checksums)
return `${checksums['release.yml']} ./release.yml
${checksums['kctrl-darwin-amd64']} ./kctrl-darwin-amd64
${checksums['kctrl-darwin-arm64']} ./kctrl-darwin-arm64
${checksums['kctrl-linux-amd64']} ./kctrl-linux-amd64
${checksums['kctrl-linux-arm64']} ./kctrl-linux-arm64
${checksums['kctrl-windows-amd64.exe']} ./kctrl-windows-amd64.exe
${checksums['package.yml']} ./package.yml
${checksums['package-metadata.yml']} ./package-metadata.yml`
- name: Verify uploaded artifacts
if: startsWith(github.ref, 'refs/tags/')
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: |
set -e -x
cat ./tmp/checksums.txt
diff ./tmp/checksums.txt <(cat <<EOF
${{steps.get-checksums-from-draft-release.outputs.result}}
EOF
)