forked from stefanprodan/podinfo
-
Notifications
You must be signed in to change notification settings - Fork 0
151 lines (148 loc) · 6 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: release
on:
push:
tags:
- '*'
permissions:
contents: read
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
steps:
- uses: actions/checkout@v4
- uses: sigstore/cosign-installer@v3
- uses: fluxcd/flux2/action@main
- uses: stefanprodan/timoni/actions/setup@main
- name: Setup Go
uses: actions/setup-go@v4
with:
go-version: 1.21.x
# - name: Setup Helm
# uses: azure/setup-helm@v3
# with:
# version: v3.12.3
- name: Setup QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: all
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
# - name: Login to GitHub Container Registry
# uses: docker/login-action@v3
# with:
# registry: ghcr.io
# username: ${{ github.actor }}
# password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Prepare
id: prep
run: |
VERSION=sha-${GITHUB_SHA::8}
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF/refs\/tags\//}
fi
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
echo "REVISION=${GITHUB_SHA}" >> $GITHUB_OUTPUT
- name: Generate images meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
docker.io/osodevops/podinfo
# ghcr.io/stefanprodan/podinfo
tags: |
type=raw,value=${{ steps.prep.outputs.VERSION }}
type=raw,value=latest
- name: Publish multi-arch image
uses: docker/build-push-action@v5
with:
sbom: true
provenance: true
push: true
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./Dockerfile.xx
build-args: |
REVISION=${{ steps.prep.outputs.REVISION }}
platforms: linux/amd64,linux/arm/v7,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# - name: Publish Timoni module to GHCR
# run: |
# timoni mod push ./timoni/podinfo oci://ghcr.io/stefanprodan/modules/podinfo \
# --sign cosign \
# --version ${{ steps.prep.outputs.VERSION }} \
# -a 'org.opencontainers.image.source=https://github.com/stefanprodan/podinfo' \
# -a 'org.opencontainers.image.licenses=Apache-2.0' \
# -a 'org.opencontainers.image.description=A timoni.sh module for deploying Podinfo.' \
# -a 'org.opencontainers.image.documentation=https://github.com/stefanprodan/podinfo/blob/main/timoni/podinfo/README.md'
# - name: Publish Helm chart to GHCR
# run: |
# helm package charts/podinfo
# helm push podinfo-${{ steps.prep.outputs.VERSION }}.tgz oci://ghcr.io/stefanprodan/charts
# rm podinfo-${{ steps.prep.outputs.VERSION }}.tgz
# - name: Publish Flux OCI artifact to GHCR
# run: |
# flux push artifact oci://ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} \
# --path="./kustomize" \
# --source="${{ github.event.repository.html_url }}" \
# --revision="${GITHUB_REF_NAME}/${GITHUB_SHA}"
# flux tag artifact oci://ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} --tag latest
# - name: Sign OCI artifacts
# env:
# COSIGN_EXPERIMENTAL: 1
# run: |
# cosign sign docker.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }} --yes
# cosign sign ghcr.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }} --yes
# cosign sign ghcr.io/stefanprodan/charts/podinfo:${{ steps.prep.outputs.VERSION }} --yes
# cosign sign ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} --yes
- name: Publish base image
uses: docker/build-push-action@v5
with:
push: true
builder: ${{ steps.buildx.outputs.name }}
context: .
platforms: linux/amd64
file: ./Dockerfile.base
tags: docker.io/osodevops/podinfo-base:latest
# - name: Publish helm chart
# uses: stefanprodan/helm-gh-pages@master
# with:
# token: ${{ secrets.GITHUB_TOKEN }}
# - name: Publish config artifact
# run: |
# flux push artifact oci://ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} \
# --path="./kustomize" \
# --source="${{ github.event.repository.html_url }}" \
# --revision="${GITHUB_REF_NAME}/${GITHUB_SHA}"
# flux tag artifact oci://ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} --tag latest
# - name: Sign config artifact
# run: |
# echo "$COSIGN_KEY" > /tmp/cosign.key
# cosign sign -key /tmp/cosign.key ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} --yes
# cosign sign -key /tmp/cosign.key ghcr.io/stefanprodan/podinfo-deploy:latest --yes
# env:
# COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
# COSIGN_KEY: ${{secrets.COSIGN_KEY}}
- uses: ./.github/actions/release-notes
- name: Generate release notes
run: |
echo 'CHANGELOG' > /tmp/release.txt
github-release-notes -org stefanprodan -repo podinfo -since-latest-release >> /tmp/release.txt
- name: Publish release
uses: goreleaser/goreleaser-action@v5
with:
version: latest
args: release --release-notes=/tmp/release.txt --skip-validate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}