Release #51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| - workflow_dispatch | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| VERSION: 0.12.0 | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: write | |
| packages: write | |
| outputs: | |
| image-name: ${{ steps.image-info.outputs.image_name }} | |
| image-digest: ${{ steps.image-info.outputs.image_digest }} | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/[email protected] | |
| - name: Set up Carvel | |
| uses: carvel-dev/[email protected] | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Log into container registry | |
| uses: redhat-actions/[email protected] | |
| with: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| registry: ${{ env.REGISTRY }} | |
| - name: Create k3d cluster | |
| run: | | |
| # Install k3d | |
| curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash | |
| # Create a Kubernetes cluster | |
| k3d cluster create test-cluster | |
| # Wait for the generation of a token for the Service Account | |
| while [ $(kubectl get configmap kube-root-ca.crt --no-headers | wc -l) -eq 0 ] ; do | |
| sleep 3 | |
| done | |
| - name: Package and publish OCI bundle | |
| run: | | |
| kctrl package repo release -y --chdir repo -v ${{ env.VERSION }} | |
| - name: Get released OCI image name with digest | |
| id: image-info | |
| run: | | |
| package_file=repo/package-repository.yml | |
| image_release=$(yq '.spec.fetch.imgpkgBundle.image' ${package_file}) | |
| echo "IMAGE_RELEASE=${image_release}" >> $GITHUB_ENV | |
| echo "image_name=$(echo ${image_release} | cut -d'@' -f1)" >> $GITHUB_OUTPUT | |
| echo "image_digest=$(echo ${image_release} | cut -d'@' -f2)" >> $GITHUB_OUTPUT | |
| - name: Add additional tags to OCI image | |
| run: | | |
| podman pull ${IMAGE_RELEASE} | |
| podman tag ${IMAGE_RELEASE} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
| podman push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
| - name: Create a release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh release create v${{ env.VERSION }} \ | |
| --generate-notes \ | |
| ./repo/package-repository.yml \ | |
| ./README.md | |
| sign: | |
| name: Sign | |
| runs-on: ubuntu-22.04 | |
| needs: [build] | |
| permissions: | |
| packages: write | |
| id-token: write | |
| env: | |
| IMAGE_NAME: ${{ needs.build.outputs.image-name }} | |
| IMAGE_DIGEST: ${{ needs.build.outputs.image-digest }} | |
| steps: | |
| - name: Install Cosign | |
| uses: sigstore/[email protected] | |
| - name: Log into container registry | |
| uses: redhat-actions/[email protected] | |
| with: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| registry: ${{ env.REGISTRY }} | |
| - name: Sign image | |
| run: | | |
| cosign sign --yes "${IMAGE_NAME}@${IMAGE_DIGEST}" | |
| provenance: | |
| needs: [build,sign] | |
| permissions: | |
| actions: read | |
| id-token: write | |
| packages: write | |
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | |
| with: | |
| image: ${{ needs.build.outputs.image-name }} | |
| digest: ${{ needs.build.outputs.image-digest }} | |
| registry-username: ${{ github.actor }} | |
| secrets: | |
| registry-password: ${{ secrets.GITHUB_TOKEN }} |