kiwigrid · ChristianGeie · Sep 27, 2024 · Sep 10, 2024 · Sep 10, 2024 · Sep 10, 2024
diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml
@@ -7,11 +7,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Build sidecar
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           push: false
           outputs: type=docker,dest=/tmp/k8s-sidecar.tar
@@ -20,14 +20,14 @@ jobs:
         run: |
           cp test/kubelogo.png test/server/static/
       - name: Build dummy server
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           context: "test/server"
           push: false
           outputs: type=docker,dest=/tmp/dummy-server.tar
           tags: "dummy-server:1.0.0"
       - name: Upload artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: images
           path: /tmp/*.tar
@@ -49,9 +49,9 @@ jobs:
           - maj_min: v1.25
             digest: sha256:9d0a62b55d4fe1e262953be8d406689b947668626a357b5f9d0cfbddbebbc727
           - maj_min: v1.26
-            digest: sha256:15ae92d507b7d4aec6e8920d358fc63d3b980493db191d7327541fbaaed1f789
+            digest: sha256:5d548739ddef37b9318c70cb977f57bf3e5015e4552be4e27e57280a8cbb8e4f
           - maj_min: v1.27
-            digest: sha256:3700c811144e24a6c6181065265f69b9bf0b437c45741017182d7c82b908918f
+            digest: sha256:681253009e68069b8e01aad36a1e0fa8cf18bb0ab3e5c4069b2e65cafdd70843
           - maj_min: v1.28
             digest: sha256:b7e1cf6b2b729f604133c667a6be8aab6f4dde5bb042c1891ae248d9154f665b            
           - maj_min: v1.29
@@ -60,7 +60,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Create k8s Kind Cluster
         # make sure the k8s versions match the kind version of the action version 🤯
         uses: helm/[email protected]
@@ -70,7 +70,7 @@ jobs:
           cluster_name: sidecar-testing
           wait: 5m
       - name: Download artifact
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: images
           path: /tmp
@@ -128,7 +128,7 @@ jobs:
           kubectl logs sidecar-pythonscript-logfile > /tmp/logs/sidecar-pythonscript-logfile.log
           kubectl logs dummy-server-pod > /tmp/logs/dummy-server.log
       - name: Upload artifacts (pod logs)
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: pod-logs_${{ matrix.k8s.maj_min }}
           path: /tmp/logs/*
@@ -151,10 +151,10 @@ jobs:
           kubectl cp sidecar:/tmp/secured.txt /tmp/sidecar/secured.txt
           kubectl cp sidecar:/tmp/similar-configmap.txt /tmp/sidecar/similar-configmap.txt
           kubectl cp sidecar:/tmp/similar-secret.txt /tmp/sidecar/similar-secret.txt
-          
+
           echo "Downloading resource files from sidecar-basicauth-args pod"
           kubectl cp sidecar-basicauth-args:/tmp/secured.txt /tmp/sidecar-basicauth-args/secured.txt
-          
+
           echo "Downloading resource files from sidecar-5xx..."
           kubectl cp sidecar-5xx:/tmp-5xx/hello.world /tmp/sidecar-5xx/hello.world
           kubectl cp sidecar-5xx:/tmp-5xx/cm-kubelogo.png /tmp/sidecar-5xx/cm-kubelogo.png
@@ -171,7 +171,7 @@ jobs:
           kubectl cp sidecar-5xx:/tmp-5xx/similar-configmap.txt /tmp/sidecar-5xx/similar-configmap.txt
           kubectl cp sidecar-5xx:/tmp-5xx/similar-secret.txt /tmp/sidecar-5xx/similar-secret.txt
       - name: Upload artifacts (expected files from cluster)
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: expected-files_${{ matrix.k8s.maj_min }}
           path: |
@@ -212,7 +212,7 @@ jobs:
           ls /tmp/sidecar/script_result
       - name: Verify sidecar-basicauth-args pod file after initial sync
         run: |
-          echo -n "allowed" | diff - /tmp/sidecar-basicauth-args/secured.txt
+          echo -n "allowed" | diff - /tmp/sidecar-basicauth-args/secured.txt          
       - name: Verify sidecar-5xx files after initial sync
         run: |
           echo -n '{"detail":"Not authenticated"}' | diff - /tmp/sidecar-5xx/secured.txt &&

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -7,12 +7,12 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: '0'
       - name: Bump version and push tag
         id: tagging
-        uses: anothrNick/github-tag-action@1.55.0
+        uses: anothrNick/github-tag-action@1.59.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           INITIAL_VERSION: 1.0.0
@@ -23,7 +23,7 @@ jobs:
         uses: docker/setup-qemu-action@v2
       - name: "Set up Docker Buildx"
         if: steps.tagging.outputs.part
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: "Login to DockerHub"
         if: steps.tagging.outputs.part
         uses: docker/login-action@v2
@@ -47,7 +47,7 @@ jobs:
       - name: "Build and push"
         if: steps.tagging.outputs.part
         id: docker_build
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           push: true
           platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/ppc64le,linux/s390x

diff --git a/.github/workflows/release_test.yaml b/.github/workflows/release_test.yaml
@@ -0,0 +1,83 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Release Workflow Tests
+# This workflow tests the tag and changelog action and can be used to detect (some) breaking changes.
+on:
+  workflow_dispatch:
+
+env:
+  TEST_TAG: testing
+
+jobs:
+  build-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: '0'
+      - name: Bump version and push tag
+        id: tagging
+        uses: anothrNick/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          INITIAL_VERSION: 1.0.0
+          DEFAULT_BUMP: none
+          BRANCH_HISTORY: last
+          DRY_RUN: true
+      - name: "Set up QEMU"
+        if: steps.tagging.outputs.part
+        uses: docker/setup-qemu-action@v2
+      - name: "Set up Docker Buildx"
+        if: steps.tagging.outputs.part
+        uses: docker/setup-buildx-action@v3
+      - name: "Login to DockerHub"
+        if: steps.tagging.outputs.part
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: "Login to Quay.io"
+        if: steps.tagging.outputs.part
+        uses: docker/login-action@v2
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_BOT_USERNAME }}
+          password: ${{ secrets.QUAY_BOT_PASSWORD }}
+      - name: "Login to ghcr.io"
+        if: steps.tagging.outputs.part
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: "Build and push"
+        if: steps.tagging.outputs.part
+        id: docker_build
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/ppc64le,linux/s390x
+          tags: |
+            docker.io/kiwigrid/k8s-sidecar:${{ steps.tagging.outputs.tag }}-${{ env.TEST_TAG }}
+            quay.io/kiwigrid/k8s-sidecar:${{ steps.tagging.outputs.tag }}-${{ env.TEST_TAG }}
+            ghcr.io/kiwigrid/k8s-sidecar:${{ steps.tagging.outputs.tag }}-${{ env.TEST_TAG }}
+      - name: "Build Changelog"
+        if: steps.tagging.outputs.part
+        id: build_changelog
+        uses: mikepenz/release-changelog-builder-action@v4
+        with:
+          configuration: ".github/workflows/release-notes-config.json"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: "Create Github Release"
+        if: steps.tagging.outputs.part
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          tag_name: ${{ steps.tagging.outputs.tag }}-${{ env.TEST_TAG }}
+          release_name: v${{ steps.tagging.outputs.tag }}-${{ env.TEST_TAG }}
+          body: ${{ steps.build_changelog.outputs.changelog }}
+          draft: true
+          prerelease: false