-
Notifications
You must be signed in to change notification settings - Fork 0
158 lines (138 loc) · 5.51 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
name: release
on:
push:
tags:
- 'v*'
env:
IMAGE_REPO: openpolicyagent/gatekeeper
CRD_IMAGE_REPO: openpolicyagent/gatekeeper-crds
GATOR_IMAGE_REPO: openpolicyagent/gator
permissions:
contents: read
jobs:
tagged-release:
name: "Tagged Release"
runs-on: "ubuntu-22.04"
permissions:
contents: write
if: startsWith(github.ref, 'refs/tags/v') && github.repository == 'open-policy-agent/gatekeeper'
timeout-minutes: 45
steps:
- name: Cleanup disk
run: |
# Filter out local helm-gh-pages image so we don't delete it
docker system prune -a -f --filter "label!=org.opencontainers.image.source=https://github.com/stefanprodan/alpine-base"
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Set up Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: "1.21"
check-latest: true
- name: Get tag
id: get_version
run: |
echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
- name: Publish release
run: |
make docker-login
tokenUri="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${{ env.IMAGE_REPO }}:pull&scope=repository:${{ env.CRD_IMAGE_REPO }}:pull&scope=repository:${{ env.GATOR_IMAGE_REPO }}:pull"
bearerToken="$(curl --silent --get $tokenUri | jq --raw-output '.token')"
listUri="https://registry-1.docker.io/v2/${{ env.IMAGE_REPO }}/tags/list"
authz="Authorization: Bearer $bearerToken"
version_list="$(curl --silent --get -H "Accept: application/json" -H $authz $listUri | jq --raw-output '.')"
exists=$(echo $version_list | jq --arg t ${TAG} '.tags | index($t)')
if [[ $exists == null ]]
then
make docker-buildx-release \
VERSION=${TAG} \
PLATFORM="linux/amd64,linux/arm64,linux/arm/v7" \
OUTPUT_TYPE=type=registry \
GENERATE_ATTESTATIONS=true
fi
listUri="https://registry-1.docker.io/v2/${{ env.CRD_IMAGE_REPO }}/tags/list"
version_list="$(curl --silent --get -H "Accept: application/json" -H $authz $listUri | jq --raw-output '.')"
exists=$(echo $version_list | jq --arg t ${TAG} '.tags | index($t)')
if [[ $exists == null ]]
then
make docker-buildx-crds-release \
VERSION=${TAG} \
PLATFORM="linux/amd64,linux/arm64" \
OUTPUT_TYPE=type=registry \
GENERATE_ATTESTATIONS=true
fi
listUri="https://registry-1.docker.io/v2/${{ env.GATOR_IMAGE_REPO }}/tags/list"
version_list="$(curl --silent --get -H "Accept: application/json" -H $authz $listUri | jq --raw-output '.')"
exists=$(echo $version_list | jq --arg t ${TAG} '.tags | index($t)')
if [[ $exists == null ]]
then
make docker-buildx-gator-release \
VERSION=${TAG} \
PLATFORM="linux/amd64,linux/arm64,linux/arm/v7" \
OUTPUT_TYPE=type=registry \
GENERATE_ATTESTATIONS=true
fi
env:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
- name: Bootstrap e2e
run: |
mkdir -p $GITHUB_WORKSPACE/bin
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
make e2e-bootstrap
- name: Verify release
run: |
make e2e-verify-release IMG=${{ env.IMAGE_REPO }}:${TAG} USE_LOCAL_IMG=false
- name: Build gator-cli
shell: bash
run: |
set -e
build() {
export GOOS="$(echo ${1} | cut -d '-' -f 1)"
export GOARCH="$(echo ${1} | cut -d '-' -f 2)"
FILENAME=${GITHUB_WORKSPACE}/_dist/gator-${TAG}-${GOOS}-${GOARCH}
# build the binary
make bin/gator-${GOOS}-${GOARCH}
# rename the binary to gator
tmp_dir=$(mktemp -d)
cp bin/gator-${GOOS}-${GOARCH} ${tmp_dir}/gator
pushd ${tmp_dir}
tar -czf ${FILENAME}.tar.gz gator*
popd
}
mkdir -p _dist
i=0
for os_arch_extension in $PLATFORMS; do
build ${os_arch_extension} &
pids[${i}]=$!
((i=i+1))
done
# wait for all pids
for pid in ${pids[*]}; do
wait $pid
done
pushd _dist
# consolidate tar's sha256sum into a single file
find . -type f -name '*.tar.gz' | sort | xargs sha256sum >> sha256sums.txt
popd
env:
PLATFORMS: "linux-amd64 linux-arm64 darwin-amd64 darwin-arm64"
- name: Create GitHub release
uses: marvinpinto/action-automatic-releases@919008cf3f741b179569b7a6fb4d8860689ab7f0 # v1.2.1
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
prerelease: false
files: |
_dist/sha256sums.txt
_dist/*.tar.gz
- name: Publish Helm chart
uses: stefanprodan/helm-gh-pages@0ad2bb377311d61ac04ad9eb6f252fb68e207260 # v1.7.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
charts_dir: charts
target_dir: charts
linting: off