turn back time. #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
on: | |
push: | |
tags: | |
- '*' | |
permissions: | |
contents: read | |
jobs: | |
release: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write # needed to write releases | |
id-token: write # needed for keyless signing | |
packages: write # needed for ghcr access | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: sigstore/cosign-installer@v3 | |
- uses: fluxcd/flux2/action@main | |
- uses: stefanprodan/timoni/actions/setup@main | |
- name: Setup Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.21.x | |
# - name: Setup Helm | |
# uses: azure/setup-helm@v3 | |
# with: | |
# version: v3.12.3 | |
- name: Setup QEMU | |
uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: all | |
- name: Setup Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
# - name: Login to GitHub Container Registry | |
# uses: docker/login-action@v3 | |
# with: | |
# registry: ghcr.io | |
# username: ${{ github.actor }} | |
# password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_TOKEN }} | |
- name: Prepare | |
id: prep | |
run: | | |
VERSION=sha-${GITHUB_SHA::8} | |
if [[ $GITHUB_REF == refs/tags/* ]]; then | |
VERSION=${GITHUB_REF/refs\/tags\//} | |
fi | |
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT | |
echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT | |
echo "REVISION=${GITHUB_SHA}" >> $GITHUB_OUTPUT | |
- name: Generate images meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
docker.io/osodevops/podinfo | |
# ghcr.io/stefanprodan/podinfo | |
tags: | | |
type=raw,value=${{ steps.prep.outputs.VERSION }} | |
type=raw,value=latest | |
- name: Publish multi-arch image | |
uses: docker/build-push-action@v5 | |
with: | |
sbom: true | |
provenance: true | |
push: true | |
builder: ${{ steps.buildx.outputs.name }} | |
context: . | |
file: ./Dockerfile.xx | |
build-args: | | |
REVISION=${{ steps.prep.outputs.REVISION }} | |
platforms: linux/amd64,linux/arm/v7,linux/arm64 | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
# - name: Publish Timoni module to GHCR | |
# run: | | |
# timoni mod push ./timoni/podinfo oci://ghcr.io/stefanprodan/modules/podinfo \ | |
# --sign cosign \ | |
# --version ${{ steps.prep.outputs.VERSION }} \ | |
# -a 'org.opencontainers.image.source=https://github.com/stefanprodan/podinfo' \ | |
# -a 'org.opencontainers.image.licenses=Apache-2.0' \ | |
# -a 'org.opencontainers.image.description=A timoni.sh module for deploying Podinfo.' \ | |
# -a 'org.opencontainers.image.documentation=https://github.com/stefanprodan/podinfo/blob/main/timoni/podinfo/README.md' | |
# - name: Publish Helm chart to GHCR | |
# run: | | |
# helm package charts/podinfo | |
# helm push podinfo-${{ steps.prep.outputs.VERSION }}.tgz oci://ghcr.io/stefanprodan/charts | |
# rm podinfo-${{ steps.prep.outputs.VERSION }}.tgz | |
# - name: Publish Flux OCI artifact to GHCR | |
# run: | | |
# flux push artifact oci://ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} \ | |
# --path="./kustomize" \ | |
# --source="${{ github.event.repository.html_url }}" \ | |
# --revision="${GITHUB_REF_NAME}/${GITHUB_SHA}" | |
# flux tag artifact oci://ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} --tag latest | |
# - name: Sign OCI artifacts | |
# env: | |
# COSIGN_EXPERIMENTAL: 1 | |
# run: | | |
# cosign sign docker.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }} --yes | |
# cosign sign ghcr.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }} --yes | |
# cosign sign ghcr.io/stefanprodan/charts/podinfo:${{ steps.prep.outputs.VERSION }} --yes | |
# cosign sign ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} --yes | |
- name: Publish base image | |
uses: docker/build-push-action@v5 | |
with: | |
push: true | |
builder: ${{ steps.buildx.outputs.name }} | |
context: . | |
platforms: linux/amd64 | |
file: ./Dockerfile.base | |
tags: docker.io/osodevops/podinfo-base:latest | |
# - name: Publish helm chart | |
# uses: stefanprodan/helm-gh-pages@master | |
# with: | |
# token: ${{ secrets.GITHUB_TOKEN }} | |
# - name: Publish config artifact | |
# run: | | |
# flux push artifact oci://ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} \ | |
# --path="./kustomize" \ | |
# --source="${{ github.event.repository.html_url }}" \ | |
# --revision="${GITHUB_REF_NAME}/${GITHUB_SHA}" | |
# flux tag artifact oci://ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} --tag latest | |
# - name: Sign config artifact | |
# run: | | |
# echo "$COSIGN_KEY" > /tmp/cosign.key | |
# cosign sign -key /tmp/cosign.key ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} --yes | |
# cosign sign -key /tmp/cosign.key ghcr.io/stefanprodan/podinfo-deploy:latest --yes | |
# env: | |
# COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} | |
# COSIGN_KEY: ${{secrets.COSIGN_KEY}} | |
- uses: ./.github/actions/release-notes | |
- name: Generate release notes | |
run: | | |
echo 'CHANGELOG' > /tmp/release.txt | |
github-release-notes -org stefanprodan -repo podinfo -since-latest-release >> /tmp/release.txt | |
- name: Publish release | |
uses: goreleaser/goreleaser-action@v5 | |
with: | |
version: latest | |
args: release --release-notes=/tmp/release.txt --skip-validate | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |