2021-04-30 22:23:51 +00:00
|
|
|
name: Create Release
|
|
|
|
|
|
|
|
|
|
on:
|
|
|
|
|
workflow_dispatch:
|
|
|
|
|
inputs:
|
|
|
|
|
version:
|
|
|
|
|
description: 'version to release, e.g. v1.5.13'
|
|
|
|
|
required: true
|
|
|
|
|
default: 'v0.1.0'
|
2023-05-15 07:06:15 +00:00
|
|
|
source_ref:
|
|
|
|
|
description: 'source ref to publish from. E.g.: main or release-x.y'
|
|
|
|
|
required: true
|
|
|
|
|
default: 'main'
|
2021-04-30 22:23:51 +00:00
|
|
|
|
|
|
|
|
env:
|
2022-10-06 17:14:13 +00:00
|
|
|
IMAGE_NAME: ghcr.io/${{ github.repository }}
|
2021-04-30 22:23:51 +00:00
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
|
release:
|
|
|
|
|
name: Create Release
|
|
|
|
|
runs-on: ubuntu-latest
|
2022-03-19 20:07:50 +00:00
|
|
|
|
2021-04-30 22:23:51 +00:00
|
|
|
steps:
|
|
|
|
|
- name: Checkout
|
2024-06-17 15:53:09 +00:00
|
|
|
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
2021-04-30 22:23:51 +00:00
|
|
|
with:
|
|
|
|
|
fetch-depth: 0
|
2023-06-22 20:07:29 +00:00
|
|
|
ref: ${{ github.event.inputs.source_ref }}
|
2021-04-30 22:23:51 +00:00
|
|
|
|
|
|
|
|
- name: Create Release
|
2024-05-13 16:41:41 +00:00
|
|
|
uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5
|
2021-04-30 22:23:51 +00:00
|
|
|
with:
|
|
|
|
|
tag_name: ${{ github.event.inputs.version }}
|
2023-06-22 20:07:29 +00:00
|
|
|
target_commitish: ${{ github.event.inputs.source_ref }}
|
|
|
|
|
generate_release_notes: true
|
|
|
|
|
body: |
|
|
|
|
|
Image: `${{ env.IMAGE_NAME }}:${{ github.event.inputs.version }}`
|
|
|
|
|
Image: `${{ env.IMAGE_NAME }}:${{ github.event.inputs.version }}-ubi`
|
|
|
|
|
Image: `${{ env.IMAGE_NAME }}:${{ github.event.inputs.version }}-ubi-boringssl`
|
2021-04-30 22:23:51 +00:00
|
|
|
env:
|
|
|
|
|
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
|
|
|
|
|
|
2022-12-11 12:32:50 +00:00
|
|
|
- name: Configure Git
|
|
|
|
|
run: |
|
|
|
|
|
git config user.name "$GITHUB_ACTOR"
|
|
|
|
|
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
|
|
|
|
|
|
2022-02-01 18:59:14 +00:00
|
|
|
- name: Update Docs
|
2023-05-15 07:06:15 +00:00
|
|
|
if: github.ref == 'refs/heads/main'
|
2022-02-01 18:59:14 +00:00
|
|
|
run: make docs.publish DOCS_VERSION=${{ github.event.inputs.version }} DOCS_ALIAS=latest
|
|
|
|
|
env:
|
|
|
|
|
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
|
|
|
|
|
|
2021-04-30 22:23:51 +00:00
|
|
|
promote:
|
|
|
|
|
name: Promote Container Image
|
|
|
|
|
runs-on: ubuntu-latest
|
2022-10-06 17:14:13 +00:00
|
|
|
strategy:
|
|
|
|
|
matrix:
|
|
|
|
|
include:
|
|
|
|
|
- tag_suffix: "" # distroless image
|
|
|
|
|
- tag_suffix: "-ubi" # ubi image
|
2022-11-23 20:25:19 +00:00
|
|
|
- tag_suffix: "-ubi-boringssl" # ubi image
|
2022-03-19 20:07:50 +00:00
|
|
|
|
|
|
|
|
permissions:
|
|
|
|
|
id-token: write
|
2022-10-27 06:59:19 +00:00
|
|
|
contents: write
|
2022-03-19 20:07:50 +00:00
|
|
|
|
2022-10-06 17:14:13 +00:00
|
|
|
env:
|
2023-05-15 07:06:15 +00:00
|
|
|
SOURCE_TAG: ${{ github.event.inputs.source_ref }}${{ matrix.tag_suffix }}
|
2022-10-06 17:14:13 +00:00
|
|
|
RELEASE_TAG: ${{ github.event.inputs.version }}${{ matrix.tag_suffix }}
|
|
|
|
|
|
2021-04-30 22:23:51 +00:00
|
|
|
steps:
|
|
|
|
|
- name: Checkout
|
2024-06-17 15:53:09 +00:00
|
|
|
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
2021-04-30 22:23:51 +00:00
|
|
|
with:
|
|
|
|
|
fetch-depth: 0
|
|
|
|
|
|
2022-04-05 12:38:57 +00:00
|
|
|
- name: Setup Go
|
2024-05-06 23:26:37 +00:00
|
|
|
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
|
2023-11-01 15:54:27 +00:00
|
|
|
id: setup-go
|
2022-04-05 12:38:57 +00:00
|
|
|
with:
|
2022-09-15 15:17:52 +00:00
|
|
|
go-version-file: "go.mod"
|
2022-04-05 12:38:57 +00:00
|
|
|
|
2023-11-01 15:54:27 +00:00
|
|
|
- name: Download Go modules
|
|
|
|
|
if: ${{ steps.setup-go.outputs.cache-hit != 'true' }}
|
|
|
|
|
run: go mod download
|
2022-04-05 12:38:57 +00:00
|
|
|
|
2021-04-30 22:23:51 +00:00
|
|
|
- name: Login to Docker
|
2024-06-03 20:35:32 +00:00
|
|
|
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
|
2021-04-30 22:23:51 +00:00
|
|
|
with:
|
|
|
|
|
registry: ghcr.io
|
|
|
|
|
username: ${{ secrets.GHCR_USERNAME }}
|
|
|
|
|
password: ${{ secrets.GHCR_TOKEN }}
|
|
|
|
|
|
|
|
|
|
- name: Promote Container Image
|
|
|
|
|
run: make docker.promote
|
2022-03-19 20:07:50 +00:00
|
|
|
|
2022-11-23 19:10:15 +00:00
|
|
|
- name: Build release manifests
|
2023-05-22 21:56:25 +00:00
|
|
|
run: |
|
|
|
|
|
# temporarily patch the version so we generate manifests with the new version
|
|
|
|
|
yq e -i '.version = "${{ github.event.inputs.version }}"' ./deploy/charts/external-secrets/Chart.yaml
|
|
|
|
|
yq e -i '.appVersion = "${{ github.event.inputs.version }}"' ./deploy/charts/external-secrets/Chart.yaml
|
|
|
|
|
make manifests
|
2022-11-23 19:10:15 +00:00
|
|
|
|
2022-10-06 17:14:13 +00:00
|
|
|
- name: Sign promoted image
|
2022-10-27 06:59:19 +00:00
|
|
|
id: sign
|
2022-10-06 17:14:13 +00:00
|
|
|
uses: ./.github/actions/sign
|
|
|
|
|
with:
|
|
|
|
|
image-name: ${{ env.IMAGE_NAME }}
|
|
|
|
|
image-tag: ${{ env.RELEASE_TAG }}
|
|
|
|
|
GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
|
|
|
|
|
GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
|
|
|
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
2022-10-27 06:59:19 +00:00
|
|
|
|
|
|
|
|
- name: Update Release
|
2024-05-13 16:41:41 +00:00
|
|
|
uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5
|
2022-10-27 06:59:19 +00:00
|
|
|
with:
|
|
|
|
|
tag_name: ${{ github.event.inputs.version }}
|
|
|
|
|
files: |
|
|
|
|
|
provenance.${{ env.RELEASE_TAG }}.intoto.jsonl
|
|
|
|
|
sbom.${{ env.RELEASE_TAG }}.spdx.json
|
2022-11-23 19:10:15 +00:00
|
|
|
bin/deploy/manifests/external-secrets.yaml
|
2022-10-27 06:59:19 +00:00
|
|
|
env:
|
|
|
|
|
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
|
