Skip to content

Merge pull request #1235 from akselleirv/tilt-local-binary-build #126

Merge pull request #1235 from akselleirv/tilt-local-binary-build

Merge pull request #1235 from akselleirv/tilt-local-binary-build #126

Workflow file for this run

name: release
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
tag:
description: 'image tag prefix'
default: 'rc'
required: true
permissions:
contents: read # for actions/checkout to fetch code
env:
CONTROLLER: ${{ github.event.repository.name }}
LIBCRYPTO_VERSION: "3.1.4-r5"
jobs:
build-push:
runs-on: ubuntu-latest
permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
steps:
- name: Check out
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Set up yq
uses: frenck/action-setup-yq@c4b5be8b4a215c536a41d436757d9feb92836d4f # v1.0.2
with:
version: 4.14.1
- name: Setup Kustomize
uses: fluxcd/pkg/actions/kustomize@6c0b4426ba7809a9406c1a4e07aa4be4984ea72f # main
- name: Setup Cosign
uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
- name: Setup Syft
uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
- name: Prepare
id: prep
run: |
VERSION="${{ github.event.inputs.tag }}-${GITHUB_SHA::8}"
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF/refs\/tags\//}
fi
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "$GITHUB_OUTPUT"
echo "VERSION=${VERSION}" >> "$GITHUB_OUTPUT"
- name: Setup QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
with:
platforms: all
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
with:
buildkitd-flags: "--debug"
- name: Login to GitHub Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Publish multi-arch tf-controller container image
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
push: true
no-cache: true
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./Dockerfile
build-args: |
LIBCRYPTO_VERSION=${{ env.LIBCRYPTO_VERSION }}
platforms: linux/amd64,linux/arm64 #,linux/arm/v7
tags: |
ghcr.io/flux-iac/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }}
ghcr.io/flux-iac/${{ env.CONTROLLER }}:latest
labels: |
org.opencontainers.image.title=${{ github.event.repository.name }}
org.opencontainers.image.description=${{ github.event.repository.description }}
org.opencontainers.image.url=${{ github.event.repository.html_url }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
- name: Publish multi-arch tf-runner base image
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
push: true
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./runner-base.Dockerfile
build-args: |
LIBCRYPTO_VERSION=${{ env.LIBCRYPTO_VERSION }}
platforms: linux/amd64,linux/arm64 #,linux/arm/v7
tags: |
ghcr.io/flux-iac/tf-runner:${{ steps.prep.outputs.VERSION }}-base
labels: |
org.opencontainers.image.title=${{ github.event.repository.name }}
org.opencontainers.image.description=${{ github.event.repository.description }}
org.opencontainers.image.url=${{ github.event.repository.html_url }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
- name: Publish multi-arch tf-runner container image
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
push: true
no-cache: true
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./runner.Dockerfile
platforms: linux/amd64,linux/arm64 #,linux/arm/v7
build-args: |
BASE_IMAGE=ghcr.io/flux-iac/tf-runner:${{ steps.prep.outputs.VERSION }}-base
tags: |
ghcr.io/flux-iac/tf-runner:${{ steps.prep.outputs.VERSION }}
ghcr.io/flux-iac/tf-runner:latest
labels: |
org.opencontainers.image.title=${{ github.event.repository.name }}
org.opencontainers.image.description=${{ github.event.repository.description }}
org.opencontainers.image.url=${{ github.event.repository.html_url }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
- name: Publish multi-arch tf-runner-azure container image
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
push: true
no-cache: true
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./runner-azure.Dockerfile
platforms: linux/amd64,linux/arm64 #,linux/arm/v7 - azure-cli does not install correctly on 32 bit arm
build-args: |
BASE_IMAGE=ghcr.io/flux-iac/tf-runner:${{ steps.prep.outputs.VERSION }}-base
tags: |
ghcr.io/flux-iac/tf-runner-azure:${{ steps.prep.outputs.VERSION }}
ghcr.io/flux-iac/tf-runner-azure:latest
labels: |
org.opencontainers.image.title=${{ github.event.repository.name }}
org.opencontainers.image.description=${{ github.event.repository.description }}
org.opencontainers.image.url=${{ github.event.repository.html_url }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
- name: Publish multi-arch branch-planner container image
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
push: true
no-cache: true
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./planner.Dockerfile
build-args: |
LIBCRYPTO_VERSION=${{ env.LIBCRYPTO_VERSION }}
platforms: linux/amd64,linux/arm64 #,linux/arm/v7 - azure-cli does not install correctly on 32 bit arm
tags: |
ghcr.io/flux-iac/branch-planner:${{ steps.prep.outputs.VERSION }}
ghcr.io/flux-iac/branch-planner:latest
labels: |
org.opencontainers.image.title=${{ github.event.repository.name }}
org.opencontainers.image.description=${{ github.event.repository.description }}
org.opencontainers.image.url=${{ github.event.repository.html_url }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
- name: Check images
run: |
docker buildx imagetools inspect ghcr.io/flux-iac/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }}
docker pull ghcr.io/flux-iac/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }}
docker buildx imagetools inspect ghcr.io/flux-iac/tf-runner:${{ steps.prep.outputs.VERSION }}
docker pull ghcr.io/flux-iac/tf-runner:${{ steps.prep.outputs.VERSION }}
docker buildx imagetools inspect ghcr.io/flux-iac/tf-runner-azure:${{ steps.prep.outputs.VERSION }}
docker pull ghcr.io/flux-iac/tf-runner-azure:${{ steps.prep.outputs.VERSION }}
docker buildx imagetools inspect ghcr.io/flux-iac/branch-planner:${{ steps.prep.outputs.VERSION }}
docker pull ghcr.io/flux-iac/branch-planner:${{ steps.prep.outputs.VERSION }}
- name: Sign images
env:
COSIGN_EXPERIMENTAL: 1
run: |
cosign sign --yes ghcr.io/flux-iac/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }}
cosign sign --yes ghcr.io/flux-iac/tf-runner:${{ steps.prep.outputs.VERSION }}-base
cosign sign --yes ghcr.io/flux-iac/tf-runner:${{ steps.prep.outputs.VERSION }}
cosign sign --yes ghcr.io/flux-iac/tf-runner-azure:${{ steps.prep.outputs.VERSION }}
cosign sign --yes ghcr.io/flux-iac/branch-planner:${{ steps.prep.outputs.VERSION }}
- name: Generate release manifests
if: startsWith(github.ref, 'refs/tags/v')
run: |
mkdir -p config/release
kustomize build ./config/crd > ./config/release/${{ env.CONTROLLER }}.crds.yaml
kustomize build ./config/rbac > ./config/release/${{ env.CONTROLLER }}.rbac.yaml
kustomize build ./config/manager | yq e '.spec.template.spec.containers[0].env[1].value="ghcr.io/flux-iac/tf-runner:${{ steps.prep.outputs.VERSION }}"' - > ./config/release/${{ env.CONTROLLER }}.deployment.yaml
kustomize build ./config/package > ./config/release/${{ env.CONTROLLER }}.packages.yaml
echo '[CHANGELOG](https://github.com/weaveworks/${{ env.CONTROLLER }}/blob/main/CHANGELOG.md)' > ./config/release/notes.md
- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: 1.20.X
- name: Create release
if: startsWith(github.ref, 'refs/tags/v')
uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
with:
version: latest
args: release --release-notes=./config/release/notes.md --skip-validate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.TF_CONTROLLER_WEAVEWORKSBOT }}
- name: Publish Helm chart
uses: stefanprodan/helm-gh-pages@0ad2bb377311d61ac04ad9eb6f252fb68e207260 # v1.7.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Trigger the release-runners workflow
run: |
curl -XPOST -u "${{ secrets.GITHUB_TOKEN }}:" \
-H "Accept: application/vnd.github.everest-preview+json" \
"https://api.github.com/repos/${{ github.repository }}/dispatches" \
-d '{
"event_type": "release-runners",
"client_payload": {
"controller": "${{ env.CONTROLLER }}",
"version": "${{ steps.prep.outputs.VERSION }}",
"build_date": "${{ steps.prep.outputs.BUILD_DATE }}",
"sha": "${{ github.sha }}",
"repo_desc": "${{ github.event.repository.description }}",
"repo_url": "${{ github.event.repository.html_url }}"
}
}'