Skip to content

Release

Release #61

Workflow file for this run

name: Release
on:
- workflow_dispatch
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
VERSION: 0.17.1
jobs:
build:
name: Build
runs-on: ubuntu-22.04
permissions:
contents: write
packages: write
outputs:
image-name: ${{ steps.image-info.outputs.image_name }}
image-digest: ${{ steps.image-info.outputs.image_digest }}
steps:
- name: Checkout source code
uses: actions/[email protected]
- name: Set up Carvel
uses: carvel-dev/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Log into container registry
uses: redhat-actions/[email protected]
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
- name: Create k3d cluster
run: |
# Install k3d
curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash
# Create a Kubernetes cluster
k3d cluster create test-cluster
# Wait for the generation of a token for the Service Account
while [ $(kubectl get configmap kube-root-ca.crt --no-headers | wc -l) -eq 0 ] ; do
sleep 3
done
- name: Package and publish OCI bundle
run: |
kctrl package repo release -y --chdir repo -v ${{ env.VERSION }}
- name: Get released OCI image name with digest
id: image-info
run: |
package_file=repo/package-repository.yml
image_release=$(yq '.spec.fetch.imgpkgBundle.image' ${package_file})
echo "IMAGE_RELEASE=${image_release}" >> $GITHUB_ENV
echo "image_name=$(echo ${image_release} | cut -d'@' -f1)" >> $GITHUB_OUTPUT
echo "image_digest=$(echo ${image_release} | cut -d'@' -f2)" >> $GITHUB_OUTPUT
- name: Add additional tags to OCI image
run: |
podman pull ${IMAGE_RELEASE}
podman tag ${IMAGE_RELEASE} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
podman push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
- name: Create a release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release create v${{ env.VERSION }} \
--generate-notes \
./repo/package-repository.yml \
./README.md
sign:
name: Sign
runs-on: ubuntu-22.04
needs: [build]
permissions:
packages: write
id-token: write
env:
IMAGE_NAME: ${{ needs.build.outputs.image-name }}
IMAGE_DIGEST: ${{ needs.build.outputs.image-digest }}
steps:
- name: Install Cosign
uses: sigstore/[email protected]
- name: Log into container registry
uses: redhat-actions/[email protected]
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
- name: Sign image
run: |
cosign sign --yes "${IMAGE_NAME}@${IMAGE_DIGEST}"
provenance:
needs: [build,sign]
permissions:
actions: read
id-token: write
packages: write
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: ${{ needs.build.outputs.image-name }}
digest: ${{ needs.build.outputs.image-digest }}
registry-username: ${{ github.actor }}
secrets:
registry-password: ${{ secrets.GITHUB_TOKEN }}