external-secrets/.github/workflows/release.yml

name: Create Release

on:
  workflow_dispatch:
    inputs:
      version:
        description: 'version to release, e.g. v1.5.13'
        required: true
        default: 'v0.1.0'
      source_ref:
        description: 'source ref to publish from. E.g.: main or release-x.y'
        required: true
        default: 'main'

env:
  IMAGE_NAME: ghcr.io/${{ github.repository }}

jobs:
  release:
    name: Create Release
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Create Release
        uses: softprops/action-gh-release@v1
        with:
          tag_name: ${{ github.event.inputs.version }}
        env:
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

      - name: Build Changelog
        id: build_changelog
        uses: mikepenz/release-changelog-builder-action@v3
        with:
          configuration: "changelog.json"
          toTag: ${{ github.event.inputs.version }}
          commitMode: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: create changelog file
        run: |
          echo "Image: \`${{ env.IMAGE_NAME }}:${{ github.event.inputs.version }}\`" >> .changelog
          echo "Image: \`${{ env.IMAGE_NAME }}:${{ github.event.inputs.version }}-ubi\`" >> .changelog
          echo "Image: \`${{ env.IMAGE_NAME }}:${{ github.event.inputs.version }}-ubi-boringssl\`" >> .changelog
          echo "${{ steps.build_changelog.outputs.changelog }}" >> .changelog

      - name: Update Release
        uses: softprops/action-gh-release@v1
        with:
          tag_name: ${{ github.event.inputs.version }}
          body_path: .changelog
        env:
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

      - name: Setup Go
        uses: actions/setup-go@v4
        with:
          go-version-file: "go.mod"

      - name: Configure Git
        run: |
          git config user.name "$GITHUB_ACTOR"
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

      - name: Update Docs
        if: github.ref == 'refs/heads/main'
        run: make docs.publish DOCS_VERSION=${{ github.event.inputs.version }} DOCS_ALIAS=latest
        env:
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

  promote:
    name: Promote Container Image
    runs-on: ubuntu-latest
    strategy:
      matrix:
        include:
        - tag_suffix: "" # distroless image
        - tag_suffix: "-ubi" # ubi image
        - tag_suffix: "-ubi-boringssl" # ubi image

    permissions:
      id-token: write
      contents: write

    env:
      SOURCE_TAG: ${{ github.event.inputs.source_ref }}${{ matrix.tag_suffix }}
      RELEASE_TAG: ${{ github.event.inputs.version }}${{ matrix.tag_suffix }}

    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Setup Go
        uses: actions/setup-go@v4
        with:
          go-version-file: "go.mod"

      - name: Find the Go Cache
        id: go
        run: |
          echo "::set-output name=build-cache::$(go env GOCACHE)"
          echo "::set-output name=mod-cache::$(go env GOMODCACHE)"

      - name: Cache the Go Build Cache
        uses: actions/cache@v3
        with:
          path: ${{ steps.go.outputs.build-cache }}
          key: ${{ runner.os }}-build-${{ github.sha }}-${{ hashFiles('**/go.sum') }}

      - name: Cache Go Dependencies
        uses: actions/cache@v3
        with:
          path: ${{ steps.go.outputs.mod-cache }}
          key: ${{ runner.os }}-mod-${{ github.sha }}-${{ hashFiles('**/go.sum') }}

      - name: Login to Docker
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ secrets.GHCR_USERNAME }}
          password: ${{ secrets.GHCR_TOKEN }}

      - name: Promote Container Image
        run: make docker.promote

      - name: Build release manifests
        run: make manifests

      - name: Sign promoted image
        id: sign
        uses: ./.github/actions/sign
        with:
          image-name: ${{ env.IMAGE_NAME }}
          image-tag: ${{ env.RELEASE_TAG }}
          GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
          GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Update Release
        uses: softprops/action-gh-release@v1
        with:
          tag_name: ${{ github.event.inputs.version }}
          files: |
            provenance.${{ env.RELEASE_TAG }}.intoto.jsonl
            sbom.${{ env.RELEASE_TAG }}.spdx.json
            bin/deploy/manifests/external-secrets.yaml
        env:
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
feat: helm release workflow 2021-04-30 22:23:51 +00:00			`name: Create Release`

			`on:`
			`workflow_dispatch:`
			`inputs:`
			`version:`
			`description: 'version to release, e.g. v1.5.13'`
			`required: true`
			`default: 'v0.1.0'`
feat: LTS release process (#2155) * feat: auto-update dependencies Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * docs: add release docs Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: remove note about image tag Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: add variables to allow build from release branch Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update design/006-LTS-release.md Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * Update design/006-LTS-release.md Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * Update design/006-LTS-release.md Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * Update design/006-LTS-release.md Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * fix: github ref regex match release branch Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: migrate to new issue template format Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> 2023-05-15 07:06:15 +00:00			`source_ref:`
			`description: 'source ref to publish from. E.g.: main or release-x.y'`
			`required: true`
			`default: 'main'`
feat: helm release workflow 2021-04-30 22:23:51 +00:00
			`env:`
feat: test UBI image build (#1574) * feat: test UBI image build Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-Authored-By: Idan Adar <iadar@il.ibm.com> Co-Authored-By: mrgadgil 2022-10-06 17:14:13 +00:00			`IMAGE_NAME: ghcr.io/${{ github.repository }}`
feat: helm release workflow 2021-04-30 22:23:51 +00:00
			`jobs:`
			`release:`
			`name: Create Release`
			`runs-on: ubuntu-latest`
sign images using cosign (#845) Signed-off-by: cpanato <ctadeu@gmail.com> 2022-03-19 20:07:50 +00:00
feat: helm release workflow 2021-04-30 22:23:51 +00:00			`steps:`
			`- name: Checkout`
build(deps): bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> 2022-03-07 08:06:46 +00:00			`uses: actions/checkout@v3`
feat: helm release workflow 2021-04-30 22:23:51 +00:00			`with:`
			`fetch-depth: 0`

			`- name: Create Release`
			`uses: softprops/action-gh-release@v1`
			`with:`
			`tag_name: ${{ github.event.inputs.version }}`
			`env:`
			`GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"`

			`- name: Build Changelog`
			`id: build_changelog`
build(deps): bump mikepenz/release-changelog-builder-action from 2 to 3 Bumps [mikepenz/release-changelog-builder-action](https://github.com/mikepenz/release-changelog-builder-action) from 2 to 3. - [Release notes](https://github.com/mikepenz/release-changelog-builder-action/releases) - [Commits](https://github.com/mikepenz/release-changelog-builder-action/compare/v2...v3) --- updated-dependencies: - dependency-name: mikepenz/release-changelog-builder-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> 2022-04-18 13:31:37 +00:00			`uses: mikepenz/release-changelog-builder-action@v3`
feat: helm release workflow 2021-04-30 22:23:51 +00:00			`with:`
			`configuration: "changelog.json"`
			`toTag: ${{ github.event.inputs.version }}`
			`commitMode: true`
			`env:`
			`GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`

			`- name: create changelog file`
			`run: \|`
feat: test UBI image build (#1574) * feat: test UBI image build Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-Authored-By: Idan Adar <iadar@il.ibm.com> Co-Authored-By: mrgadgil 2022-10-06 17:14:13 +00:00			echo "Image: \`${{ env.IMAGE_NAME }}:${{ github.event.inputs.version }}\`" >> .changelog
			echo "Image: \`${{ env.IMAGE_NAME }}:${{ github.event.inputs.version }}-ubi\`" >> .changelog
feat: fips compliant build using boringcrypto (#1731) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-11-23 20:25:19 +00:00			echo "Image: \`${{ env.IMAGE_NAME }}:${{ github.event.inputs.version }}-ubi-boringssl\`" >> .changelog
feat: test UBI image build (#1574) * feat: test UBI image build Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-Authored-By: Idan Adar <iadar@il.ibm.com> Co-Authored-By: mrgadgil 2022-10-06 17:14:13 +00:00			`echo "${{ steps.build_changelog.outputs.changelog }}" >> .changelog`
feat: helm release workflow 2021-04-30 22:23:51 +00:00
			`- name: Update Release`
			`uses: softprops/action-gh-release@v1`
			`with:`
			`tag_name: ${{ github.event.inputs.version }}`
			`body_path: .changelog`
			`env:`
			`GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"`

Setting up go for release Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com> 2022-02-02 18:48:23 +00:00			`- name: Setup Go`
chore(deps): bump actions/setup-go from 3 to 4 (#2141) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-03-20 22:00:25 +00:00			`uses: actions/setup-go@v4`
Setting up go for release Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com> 2022-02-02 18:48:23 +00:00			`with:`
feat: run scanner on pr (#1553) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-09-15 15:17:52 +00:00			`go-version-file: "go.mod"`
Setting up go for release Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com> 2022-02-02 18:48:23 +00:00
:bug: fixing docs release (#1799) Signed-off-by: Gustavo Carvalho <gusfcarvalho@gmail.com> 2022-12-11 12:32:50 +00:00			`- name: Configure Git`
			`run: \|`
			`git config user.name "$GITHUB_ACTOR"`
			`git config user.email "$GITHUB_ACTOR@users.noreply.github.com"`

Making docs action only run on merge to main. Update release action to publish a docs version Signed-off-by: Gustavo Fernandes de Carvalho <gustavo.carvalho@container-solutions.com> 2022-02-01 18:59:14 +00:00			`- name: Update Docs`
feat: LTS release process (#2155) * feat: auto-update dependencies Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * docs: add release docs Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: remove note about image tag Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: add variables to allow build from release branch Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update design/006-LTS-release.md Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * Update design/006-LTS-release.md Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * Update design/006-LTS-release.md Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * Update design/006-LTS-release.md Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * fix: github ref regex match release branch Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: migrate to new issue template format Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> 2023-05-15 07:06:15 +00:00			`if: github.ref == 'refs/heads/main'`
Making docs action only run on merge to main. Update release action to publish a docs version Signed-off-by: Gustavo Fernandes de Carvalho <gustavo.carvalho@container-solutions.com> 2022-02-01 18:59:14 +00:00			`run: make docs.publish DOCS_VERSION=${{ github.event.inputs.version }} DOCS_ALIAS=latest`
			`env:`
			`GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"`

feat: helm release workflow 2021-04-30 22:23:51 +00:00			`promote:`
			`name: Promote Container Image`
			`runs-on: ubuntu-latest`
feat: test UBI image build (#1574) * feat: test UBI image build Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-Authored-By: Idan Adar <iadar@il.ibm.com> Co-Authored-By: mrgadgil 2022-10-06 17:14:13 +00:00			`strategy:`
			`matrix:`
			`include:`
			`- tag_suffix: "" # distroless image`
			`- tag_suffix: "-ubi" # ubi image`
feat: fips compliant build using boringcrypto (#1731) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-11-23 20:25:19 +00:00			`- tag_suffix: "-ubi-boringssl" # ubi image`
sign images using cosign (#845) Signed-off-by: cpanato <ctadeu@gmail.com> 2022-03-19 20:07:50 +00:00
			`permissions:`
			`id-token: write`
feat: attach sbom/provenance files to GH release, fix clomonitor (#1656) * feat: attach sbom/provenance files to GH release, fix clomonitor Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: remove codesee Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-10-27 06:59:19 +00:00			`contents: write`
sign images using cosign (#845) Signed-off-by: cpanato <ctadeu@gmail.com> 2022-03-19 20:07:50 +00:00
feat: test UBI image build (#1574) * feat: test UBI image build Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-Authored-By: Idan Adar <iadar@il.ibm.com> Co-Authored-By: mrgadgil 2022-10-06 17:14:13 +00:00			`env:`
feat: LTS release process (#2155) * feat: auto-update dependencies Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * docs: add release docs Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: remove note about image tag Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: add variables to allow build from release branch Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Update design/006-LTS-release.md Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * Update design/006-LTS-release.md Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * Update design/006-LTS-release.md Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * Update design/006-LTS-release.md Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> * fix: github ref regex match release branch Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: migrate to new issue template format Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <moolen@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> 2023-05-15 07:06:15 +00:00			`SOURCE_TAG: ${{ github.event.inputs.source_ref }}${{ matrix.tag_suffix }}`
feat: test UBI image build (#1574) * feat: test UBI image build Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-Authored-By: Idan Adar <iadar@il.ibm.com> Co-Authored-By: mrgadgil 2022-10-06 17:14:13 +00:00			`RELEASE_TAG: ${{ github.event.inputs.version }}${{ matrix.tag_suffix }}`

feat: helm release workflow 2021-04-30 22:23:51 +00:00			`steps:`
			`- name: Checkout`
build(deps): bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> 2022-03-07 08:06:46 +00:00			`uses: actions/checkout@v3`
feat: helm release workflow 2021-04-30 22:23:51 +00:00			`with:`
			`fetch-depth: 0`

adding setup go to release CI Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com> 2022-04-05 12:38:57 +00:00			`- name: Setup Go`
chore(deps): bump actions/setup-go from 3 to 4 (#2141) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-03-20 22:00:25 +00:00			`uses: actions/setup-go@v4`
adding setup go to release CI Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com> 2022-04-05 12:38:57 +00:00			`with:`
feat: run scanner on pr (#1553) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-09-15 15:17:52 +00:00			`go-version-file: "go.mod"`
adding setup go to release CI Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com> 2022-04-05 12:38:57 +00:00
			`- name: Find the Go Cache`
			`id: go`
			`run: \|`
			`echo "::set-output name=build-cache::$(go env GOCACHE)"`
			`echo "::set-output name=mod-cache::$(go env GOMODCACHE)"`

			`- name: Cache the Go Build Cache`
			`uses: actions/cache@v3`
			`with:`
			`path: ${{ steps.go.outputs.build-cache }}`
feat: test UBI image build (#1574) * feat: test UBI image build Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-Authored-By: Idan Adar <iadar@il.ibm.com> Co-Authored-By: mrgadgil 2022-10-06 17:14:13 +00:00			`key: ${{ runner.os }}-build-${{ github.sha }}-${{ hashFiles('**/go.sum') }}`
adding setup go to release CI Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com> 2022-04-05 12:38:57 +00:00
			`- name: Cache Go Dependencies`
			`uses: actions/cache@v3`
			`with:`
			`path: ${{ steps.go.outputs.mod-cache }}`
feat: test UBI image build (#1574) * feat: test UBI image build Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-Authored-By: Idan Adar <iadar@il.ibm.com> Co-Authored-By: mrgadgil 2022-10-06 17:14:13 +00:00			`key: ${{ runner.os }}-mod-${{ github.sha }}-${{ hashFiles('**/go.sum') }}`
adding setup go to release CI Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com> 2022-04-05 12:38:57 +00:00
feat: helm release workflow 2021-04-30 22:23:51 +00:00			`- name: Login to Docker`
build(deps): bump docker/login-action from 1 to 2 Bumps [docker/login-action](https://github.com/docker/login-action) from 1 to 2. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v1...v2) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> 2022-05-09 08:05:30 +00:00			`uses: docker/login-action@v2`
feat: helm release workflow 2021-04-30 22:23:51 +00:00			`with:`
			`registry: ghcr.io`
			`username: ${{ secrets.GHCR_USERNAME }}`
			`password: ${{ secrets.GHCR_TOKEN }}`

			`- name: Promote Container Image`
			`run: make docker.promote`
sign images using cosign (#845) Signed-off-by: cpanato <ctadeu@gmail.com> 2022-03-19 20:07:50 +00:00
feat: add release manifests (#1728) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-11-23 19:10:15 +00:00			`- name: Build release manifests`
			`run: make manifests`

feat: test UBI image build (#1574) * feat: test UBI image build Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-Authored-By: Idan Adar <iadar@il.ibm.com> Co-Authored-By: mrgadgil 2022-10-06 17:14:13 +00:00			`- name: Sign promoted image`
feat: attach sbom/provenance files to GH release, fix clomonitor (#1656) * feat: attach sbom/provenance files to GH release, fix clomonitor Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: remove codesee Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-10-27 06:59:19 +00:00			`id: sign`
feat: test UBI image build (#1574) * feat: test UBI image build Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-Authored-By: Idan Adar <iadar@il.ibm.com> Co-Authored-By: mrgadgil 2022-10-06 17:14:13 +00:00			`uses: ./.github/actions/sign`
			`with:`
			`image-name: ${{ env.IMAGE_NAME }}`
			`image-tag: ${{ env.RELEASE_TAG }}`
			`GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}`
			`GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}`
			`GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`
feat: attach sbom/provenance files to GH release, fix clomonitor (#1656) * feat: attach sbom/provenance files to GH release, fix clomonitor Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: remove codesee Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-10-27 06:59:19 +00:00
			`- name: Update Release`
			`uses: softprops/action-gh-release@v1`
			`with:`
			`tag_name: ${{ github.event.inputs.version }}`
			`files: \|`
			`provenance.${{ env.RELEASE_TAG }}.intoto.jsonl`
			`sbom.${{ env.RELEASE_TAG }}.spdx.json`
feat: add release manifests (#1728) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-11-23 19:10:15 +00:00			`bin/deploy/manifests/external-secrets.yaml`
feat: attach sbom/provenance files to GH release, fix clomonitor (#1656) * feat: attach sbom/provenance files to GH release, fix clomonitor Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: remove codesee Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-10-27 06:59:19 +00:00			`env:`
			`GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"`