1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
external-secrets/.github/workflows/release.yml
dependabot[bot] d1d9889d7b
chore(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0 (#4117)
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.9 to 2.1.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](e7a8f85e1c...01570a1f39)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 11:53:30 +01:00

124 lines
4 KiB
YAML

name: Create Release
on:
workflow_dispatch:
inputs:
version:
description: 'version to release, e.g. v1.5.13'
required: true
default: 'v0.1.0'
source_ref:
description: 'source ref to publish from. E.g.: main or release-x.y'
required: true
default: 'main'
env:
IMAGE_NAME: ghcr.io/${{ github.repository }}
jobs:
release:
name: Create Release
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
ref: ${{ github.event.inputs.source_ref }}
- name: Create Release
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
with:
tag_name: ${{ github.event.inputs.version }}
target_commitish: ${{ github.event.inputs.source_ref }}
generate_release_notes: true
body: |
Image: `${{ env.IMAGE_NAME }}:${{ github.event.inputs.version }}`
Image: `${{ env.IMAGE_NAME }}:${{ github.event.inputs.version }}-ubi`
Image: `${{ env.IMAGE_NAME }}:${{ github.event.inputs.version }}-ubi-boringssl`
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Update Docs
if: github.ref == 'refs/heads/main'
run: make docs.publish DOCS_VERSION=${{ github.event.inputs.version }} DOCS_ALIAS=latest
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
promote:
name: Promote Container Image
runs-on: ubuntu-latest
strategy:
matrix:
include:
- tag_suffix: "" # distroless image
- tag_suffix: "-ubi" # ubi image
- tag_suffix: "-ubi-boringssl" # ubi image
permissions:
id-token: write
contents: write
env:
SOURCE_TAG: ${{ github.event.inputs.source_ref }}${{ matrix.tag_suffix }}
RELEASE_TAG: ${{ github.event.inputs.version }}${{ matrix.tag_suffix }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
id: setup-go
with:
go-version-file: "go.mod"
- name: Download Go modules
if: ${{ steps.setup-go.outputs.cache-hit != 'true' }}
run: go mod download
- name: Login to Docker
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USERNAME }}
password: ${{ secrets.GHCR_TOKEN }}
- name: Promote Container Image
run: make docker.promote
- name: Build release manifests
run: |
# temporarily patch the version so we generate manifests with the new version
yq e -i '.version = "${{ github.event.inputs.version }}"' ./deploy/charts/external-secrets/Chart.yaml
yq e -i '.appVersion = "${{ github.event.inputs.version }}"' ./deploy/charts/external-secrets/Chart.yaml
make manifests
- name: Sign promoted image
id: sign
uses: ./.github/actions/sign
with:
image-name: ${{ env.IMAGE_NAME }}
image-tag: ${{ env.RELEASE_TAG }}
GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Update Release
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
with:
tag_name: ${{ github.event.inputs.version }}
files: |
provenance.${{ env.RELEASE_TAG }}.intoto.jsonl
sbom.${{ env.RELEASE_TAG }}.spdx.json
bin/deploy/manifests/external-secrets.yaml
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"