fix: CI fixes for diagnostics (#6049) #963
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release kubectl-testkube | |
on: | |
push: | |
tags: | |
- "v[0-9]+.[0-9]+.[0-9]+" | |
permissions: | |
id-token: write # needed for keyless signing | |
contents: write | |
env: | |
TESTKUBE_CHOCO_REPO: https://chocolatey.kubeshop.io/ | |
ALPINE_IMAGE: alpine:3.20.3 | |
BUSYBOX_IMAGE: busybox:1.36.1-musl | |
jobs: | |
pre_build: | |
name: Pre-build | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- name: "linux" | |
path: .builds-linux.goreleaser.yml | |
- name: "windows" | |
path: .builds-windows.goreleaser.yml | |
- name: "darwin" | |
path: .builds-darwin.goreleaser.yml | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up QEMU | |
if: matrix.name == 'linux' | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
if: matrix.name == 'linux' | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: stable | |
- name: Go Cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Login to DockerHub | |
if: matrix.name == 'linux' | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Get tag | |
id: tag | |
uses: dawidd6/action-get-tag@v1 | |
with: | |
strip_v: true | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@v6 | |
with: | |
distribution: goreleaser-pro | |
version: 'v2.3.2' # 2.4.4 fails with "no such file or directory" | |
args: release -f ${{ matrix.path }} --skip=publish | |
env: | |
GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }} | |
ANALYTICS_TRACKING_ID: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_ID}}" | |
ANALYTICS_API_KEY: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_SECRET}}" | |
KEYGEN_PUBLIC_KEY: "${{secrets.KEYGEN_PUBLIC_KEY}}" | |
# Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution | |
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} | |
DOCKER_BUILDX_BUILDER: "${{ steps.buildx.outputs.name }}" | |
DOCKER_BUILDX_CACHE_FROM: "type=gha" | |
DOCKER_BUILDX_CACHE_TO: "type=gha,mode=max" | |
ALPINE_IMAGE: ${{ env.ALPINE_IMAGE }} | |
BUSYBOX_IMAGE: ${{ env.BUSYBOX_IMAGE }} | |
DOCKER_IMAGE_TAG: ${{steps.tag.outputs.tag}} | |
- name: Push Docker images | |
if: matrix.name == 'linux' | |
run: | | |
docker push kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-arm64v8 | |
docker push kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-amd64 | |
# adding the docker manifest for the latest image tag | |
docker manifest create kubeshop/testkube-cli:latest --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-amd64 --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-arm64v8 | |
docker manifest push -p kubeshop/testkube-cli:latest | |
docker manifest create kubeshop/testkube-cli:${{steps.tag.outputs.tag}} --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-amd64 --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-arm64v8 | |
docker manifest push -p kubeshop/testkube-cli:${{steps.tag.outputs.tag}} | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@master | |
with: | |
name: testkube_${{ matrix.name }} | |
path: | | |
${{ matrix.name }}/testkube_${{ matrix.name }}_* | |
retention-days: 1 | |
build_agent_image: | |
name: Build a Docker image for Testkube Agent | |
runs-on: ubuntu-latest | |
env: | |
TESTKUBE_CLOUD_URL: "agent.testkube.io:443" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Get tag | |
id: tag | |
uses: dawidd6/action-get-tag@v1 | |
with: | |
strip_v: true | |
- name: Preload kind images | |
run: | | |
mkdir -p build/kind/images/arm | |
mkdir -p build/kind/images/amd | |
docker pull --platform linux/arm64 kindest/node:v1.31.0 | |
docker save kindest/node:v1.31.0 > build/kind/images/arm/node.tar | |
docker pull --platform linux/amd64 kindest/node:v1.31.0 | |
docker save kindest/node:v1.31.0 > build/kind/images/amd/node.tar | |
- name: Build and push | |
uses: docker/build-push-action@v6 | |
with: | |
build-args: | | |
segmentio_key=${{secrets.TESTKUBE_SEGMENTIO_KEY}} | |
ga_id=${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_ID}} | |
ga_secret=${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_SECRET}} | |
docker_image_version=${{steps.tag.outputs.tag}} | |
cloud_url=${{ env.TESTKUBE_CLOUD_URL }} | |
context: build/kind | |
file: build/kind/kind.Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
provenance: mode=max | |
push: true | |
sbom: true | |
tags: kubeshop/testkube-agent:${{steps.tag.outputs.tag}},kubeshop/testkube-agent:latest | |
release: | |
name: Create and upload release-artifacts | |
needs: pre_build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: sigstore/[email protected] | |
- uses: anchore/sbom-action/[email protected] | |
- name: Download Artifacts for Linux | |
uses: actions/download-artifact@master | |
with: | |
name: testkube_linux | |
path: linux | |
- name: Download Artifacts for Windows | |
uses: actions/download-artifact@master | |
with: | |
name: testkube_windows | |
path: windows | |
- name: Download Artifacts for Darwin | |
uses: actions/download-artifact@master | |
with: | |
name: testkube_darwin | |
path: darwin | |
# Added as a workaround since files lose their permissions when being moved from one stage to another in GH. A bug was reported | |
# and will be fixed in the next release of GoReleaser, thus we will be able to remove this code. | |
- name: Add executable mode | |
run: chmod -R +x linux/ darwin/ | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: stable | |
- name: Go Cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@v6 | |
with: | |
distribution: goreleaser-pro | |
version: 'v2.3.2' # 2.4.4 fails with "no such file or directory" | |
args: release -f .goreleaser.yml | |
env: | |
GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }} | |
ANALYTICS_TRACKING_ID: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_ID}}" | |
ANALYTICS_API_KEY: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_SECRET}}" | |
SLACK_BOT_CLIENT_ID: "${{secrets.TESTKUBE_SLACK_BOT_CLIENT_ID}}" | |
SLACK_BOT_CLIENT_SECRET: "${{secrets.TESTKUBE_SLACK_BOT_CLIENT_SECRET}}" | |
# Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution | |
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} | |
- name: Store Intermediate Artifacts | |
uses: actions/upload-artifact@master | |
with: | |
name: bin-artifacts | |
path: dist | |
retention-days: 1 | |
build-and-publish-windows-installer: | |
needs: release | |
runs-on: windows-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get Intermediate Artifacts | |
uses: actions/download-artifact@master | |
with: | |
name: testkube_windows | |
path: windows | |
- name: Create and Sign MSI | |
run: | | |
Copy-Item 'windows\testkube_windows_386\kubectl-testkube.exe' '.\kubectl-testkube.exe' | |
Copy-Item 'build\installer\windows\testkube.wxs' '.\testkube.wxs' | |
Copy-Item 'build\installer\windows\tk.bat' '.\tk.bat' | |
Copy-Item 'build\installer\windows\testkube.bat' '.\testkube.bat' | |
& "$env:WIX\bin\candle.exe" *.wxs | |
& "$env:WIX\bin\light.exe" *.wixobj | |
- name: Sign Artifact with CodeSignTool | |
uses: sslcom/esigner-codesign@develop | |
with: | |
command: sign | |
username: ${{ secrets.ES_USERNAME }} | |
password: ${{ secrets.ES_PASSWORD }} | |
totp_secret: ${{ secrets.ES_TOTP_SECRET }} | |
file_path: testkube.msi | |
output_path: ${GITHUB_WORKSPACE}\artifacts | |
malware_block: false | |
- name: Get tag | |
id: tag | |
uses: dawidd6/action-get-tag@v1 | |
with: | |
# Optionally strip `v` prefix | |
strip_v: true | |
- name: Get release | |
id: get_release | |
uses: bruceadams/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
- name: Calculate Checksum | |
id: checksum | |
run: | | |
$installer_name = $env:MSI_NAME | |
$installer_path = $env:MSI_PATH | |
$hash=Get-FileHash $installer_path | |
$hash.Hash + " " + $installer_name + ".msi" >> msi_checksum.txt | |
echo "::set-output name=INSTALLER_NAME::${installer_name}" | |
echo "::set-output name=INSTALLER_PATH::${installer_path}" | |
#export MSI hash to environment | |
$hashsum = $hash.Hash | |
echo "::set-output name=CHECKSUM::${hashsum}" | |
#copy MSI to choco directory to build a nuget package | |
Copy-Item -Path "$installer_path" -Destination ".\choco\tools\$env:MSI_NAME.msi" | |
env: | |
MSI_NAME: testkube_${{steps.tag.outputs.tag}}_Windows_i386 | |
MSI_PATH: D:\a\testkube\testkube\artifacts\testkube.msi | |
- name: Upload release binary | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
upload_url: ${{ steps.get_release.outputs.upload_url }} | |
asset_path: ${{steps.checksum.outputs.INSTALLER_PATH}} | |
asset_name: ${{steps.checksum.outputs.INSTALLER_NAME}}.msi | |
asset_content_type: application/octet-stream | |
- name: Upload Checksum | |
uses: actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
upload_url: ${{ steps.get_release.outputs.upload_url }} | |
asset_path: msi_checksum.txt | |
asset_name: ${{steps.checksum.outputs.INSTALLER_NAME}}_checksum.txt | |
asset_content_type: text/plain | |
- name: Update checksum in chocolateyInstall.ps1 file | |
working-directory: ./choco | |
run: | | |
$file_content = Get-Content .\tools\chocolateyInstall.ps1 -Raw | |
$update_version = $file_content -replace "(?i)(\schecksum\s*=\s*)('.*')", "`$1'${{steps.checksum.outputs.CHECKSUM}}'" | |
Set-Content -Path .\tools\chocolateyInstall.ps1 -Value $update_version -NoNewline | |
- name: Bump versions and push package to chocolatey repo | |
working-directory: ./choco | |
run: | | |
./update.ps1 ${{steps.tag.outputs.tag}} ${{ secrets.COMMOM_CHOCO_API_KEY }} ${{ env.TESTKUBE_CHOCO_REPO }} | |
build-and-publish-linux-installer: | |
needs: release | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get Intermediate Artifacts | |
uses: actions/download-artifact@master | |
with: | |
name: bin-artifacts | |
path: dist | |
- name: Get tag | |
id: tag | |
uses: dawidd6/action-get-tag@v1 | |
with: | |
strip_v: true | |
- name: Publish package | |
env: | |
USERNAME: "aptly" | |
PASSWORD: ${{ secrets.APTLY_PASSWORD }} | |
APTLY_URL: "repo.testkube.io:8080" | |
VERSION: ${{steps.tag.outputs.tag}} | |
run: | | |
### Upload files | |
curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -F file=@dist/testkube_${VERSION}_linux_386.deb http://${APTLY_URL}/api/files/testkube | |
curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -F file=@dist/testkube_${VERSION}_linux_arm64.deb http://${APTLY_URL}/api/files/testkube | |
curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -F file=@dist/testkube_${VERSION}_linux_amd64.deb http://${APTLY_URL}/api/files/testkube | |
### Add file to repo | |
curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST http://${APTLY_URL}/api/repos/testkube/file/testkube?forceReplace=1 | |
### Create snapshot | |
curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -H 'Content-Type: application/json' --data '{"Name":"testkube-'${VERSION}'"}' http://${APTLY_URL}/api/repos/testkube/snapshots | |
### Publish repo | |
curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X PUT -H 'Content-Type: application/json' --data '{"Snapshots": [{"Component": "main", "Name": "testkube-'${VERSION}'"}]}'}], http://repo.testkube.io:8080/api/publish/:linux/linux | |
trigger-argocd-image-build: | |
needs: release | |
runs-on: ubuntu-latest | |
steps: | |
- name: Release tag | |
id: release_tag | |
run: | | |
echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/} | |
- name: Set env | |
env: | |
SOURCE_TAG: ${{ steps.release_tag.outputs.SOURCE_TAG }} | |
run: | | |
echo RELEASE_TAG=${SOURCE_TAG:1} >> $GITHUB_ENV | |
- name: Repository Dispatch | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ secrets.CI_BOT_TOKEN }} | |
repository: kubeshop/testkube-argocd | |
event-type: trigger-argocd-image-build | |
client-payload: '{"release_version": "${{ env.RELEASE_TAG }}"}' |