Merge pull request #1764 from DelusionalOptimist/oci-artifacts #1

Workflow file for this run

.github/workflows/ci-marketplace-release.yml at d9522a9

	name: ci-marketplace-release

	on:
	push:
	branches: [main]
	paths:
	- "STABLE-RELEASE"
	- ".github/workflows/ci-marketplace-release.yml"

	# Declare default permissions as read only.
	permissions: read-all

	jobs:
	certify-images-on-redhat:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3

	- name: install latest preflight
	run: \|
	VERSION=$(curl -s https://api.github.com/repos/redhat-openshift-ecosystem/openshift-preflight/releases/latest \| jq -r '.tag_name')
	sudo wget -O /usr/local/bin/preflight https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/$VERSION/preflight-linux-amd64
	sudo chmod +x /usr/local/bin/preflight

	- name: Login to Docker Hub
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_AUTHTOK }}

	- name: submit preflight results
	run: \|
	repo="docker.io/kubearmor"
	repositories=("kubearmor-controller" "kubearmor-ubi" "kubearmor-init" "kubearmor-operator" "kubearmor-snitch")
	tag=`cat STABLE-RELEASE`
	certids=("${{secrets.CONTROLLER_OSPID}}" "${{secrets.KUBEARMOR_UBI_OSPID}}" "${{secrets.KUBEARMOR_INIT_OSPID}}" "${{secrets.OPERATOR_OSPID}}" "${{secrets.SNITCH_OSPID}}")
	pyxis="${{secrets.OS_PYXIS}}"
	# Loop through the repositories and target repositories
	for ((i=0; i<${#repositories[@]}; i++)); do
	repository="$repo/${repositories[i]}"
	certid=${certids[i]}
	echo "Processing $repository image..."
	echo "Submitting image for $repository..."
	for platform in "amd64" "arm64"; do
	preflight check container \
	$repository:$tag \
	--certification-project-id=$certid \
	--pyxis-api-token=$pyxis \
	--platform=${platform} \
	--docker-config=${HOME}/.docker/config.json \
	--artifacts=./artifacts/${repository} \
	--submit
	if [ $? -eq 0 ]; then
	echo "Successfully submitted image for $repository."
	else
	echo "Error: Failed to submit image for $repository."
	fi
	done
	done

	publish-images-to-ecr:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: ${{ vars.AWS_REGION }}

	- name: Login to Amazon ECR
	run: \|
	aws ecr get-login-password --region ${{vars.AWS_REGION}} \| docker login --username AWS --password-stdin ${{ vars.AWS_ECR_REGISTRY }}

	- name: Install regctl
	run: \|
	curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl
	chmod 755 regctl
	mv regctl /usr/local/bin
	regctl version

	- name: Publish Images to ECR
	run: \|
	# copy images to ecr registry
	STABLE_VERSION=`cat STABLE-RELEASE`
	regctl image copy kubearmor/kubearmor:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor:$STABLE_VERSION --digest-tags
	regctl image copy kubearmor/kubearmor-init:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-init:$STABLE_VERSION --digest-tags
	regctl image copy kubearmor/kubearmor-controller:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-controller:$STABLE_VERSION --digest-tags
	regctl image copy kubearmor/kubearmor-operator:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-operator:$STABLE_VERSION --digest-tags
	regctl image copy kubearmor/kubearmor-snitch:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-snitch:$STABLE_VERSION --digest-tags

	publish-images-to-ocir:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3

	- name: login to ocir registry
	run: \|
	echo "${{ secrets.OCIR_AUTHTOKEN }}" \| docker login ${{ vars.OCIR_REGION }} -u ${{ secrets.OCIR_USERNAME }} --password-stdin

	- name: Install regctl
	run: \|
	curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl
	chmod 755 regctl
	mv regctl /usr/local/bin
	regctl version

	- name: Publish Images to OCIR
	run: \|
	# copy images to ocir registry
	STABLE_VERSION=`cat STABLE-RELEASE`
	regctl image copy kubearmor/kubearmor:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor:$STABLE_VERSION --digest-tags
	regctl image copy kubearmor/kubearmor-init:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-init:$STABLE_VERSION --digest-tags
	regctl image copy kubearmor/kubearmor-controller:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-controller:$STABLE_VERSION --digest-tags
	regctl image copy kubearmor/kubearmor-operator:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-operator:$STABLE_VERSION --digest-tags
	regctl image copy kubearmor/kubearmor-snitch:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-snitch:$STABLE_VERSION --digest-tags

	publish-aws-helm-chart:
	runs-on: ubuntu-latest
	needs: ["publish-images-to-ecr"]
	steps:
	- uses: actions/checkout@v3
	- uses: azure/setup-helm@v3

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: ${{ vars.AWS_REGION }}

	- name: Login to AWS Helm
	run: \|
	aws ecr get-login-password --region ${{ vars.AWS_REGION }} \| helm registry login --username AWS --password-stdin ${{ vars.AWS_ECR_REGISTRY }}

	- name: Generate version metadata
	id: metadata
	run: \|
	version=`cat STABLE-RELEASE`
	relay_version=$(curl https://raw.githubusercontent.com/kubearmor/kubearmor-relay-server/main/STABLE-RELEASE)
	echo "version=${version}" >> $GITHUB_OUTPUT
	echo "relay_version=${relay_version}" >> $GITHUB_OUTPUT

	- name: Create and Publish Helm Chart
	uses: ./.github/actions/marketplace
	with:
	registry: '${{ vars.AWS_ECR_REGISTRY }}'
	version: '${{ steps.metadata.outputs.version }}'
	relay_version: '${{ steps.metadata.outputs.relay_version }}'
	helm_chart_path: './deployments/helm/KubeArmorOperator'
	helm_chart_name: 'kubearmor-operator-aws'

	# workaround to mandatory subfolder for helm-gh-master action
	# https://github.com/stefanprodan/helm-gh-pages/issues/23#issuecomment-854101420
	- name: Move operator chart to charts subfolder
	run: \|
	mkdir -p ./deployments/helm/charts
	mv ./deployments/helm/KubeArmorOperator ./deployments/helm/charts/KubeArmorOperatorAws

	- name: Publish Helm chart to KubeArmor helm repo
	uses: stefanprodan/helm-gh-pages@master
	with:
	# Access token which can push to a different repo in the same org
	token: ${{ secrets.GH_ACCESS_TOKEN }}
	charts_dir: deployments/helm/charts
	# repo where charts would be published
	owner: kubearmor
	repository: charts
	branch: gh-pages
	charts_url: https://kubearmor.github.io/charts
	commit_username: "github-actions[bot]"
	commit_email: "github-actions[bot]@users.noreply.github.com"

	publish-oci-helm-chart:
	runs-on: ubuntu-latest
	needs: ["publish-images-to-ocir"]
	steps:
	- uses: actions/checkout@v3
	- uses: azure/setup-helm@v3

	- name: Login to OCI Helm
	run: \|
	echo "${{ secrets.OCIR_AUTHTOKEN }}" \| helm registry login ${{ vars.OCIR_REGION }} -u ${{ secrets.OCIR_USERNAME }} --password-stdin

	- name: Generate version metadata
	id: metadata
	run: \|
	version=`cat STABLE-RELEASE`
	relay_version=$(curl https://raw.githubusercontent.com/kubearmor/kubearmor-relay-server/main/STABLE-RELEASE)
	echo "version=${version}" >> $GITHUB_OUTPUT
	echo "relay_version=${relay_version}" >> $GITHUB_OUTPUT

	- name: Create and Publish Helm Chart
	uses: ./.github/actions/marketplace
	with:
	registry: '${{ vars.OCIR_REGISTRY }}'
	version: '${{ steps.metadata.outputs.version }}'
	relay_version: '${{ steps.metadata.outputs.relay_version }}'
	helm_chart_path: './deployments/helm/KubeArmorOperator'
	helm_chart_name: 'kubearmor-operator-oci'

	# workaround to mandatory subfolder for helm-gh-master action
	# https://github.com/stefanprodan/helm-gh-pages/issues/23#issuecomment-854101420
	- name: Move operator chart to charts subfolder
	run: \|
	mkdir -p ./deployments/helm/charts
	mv ./deployments/helm/KubeArmorOperator ./deployments/helm/charts/KubeArmorOperatorOci

	- name: Publish Helm chart to KubeArmor helm repo
	uses: stefanprodan/helm-gh-pages@master
	with:
	# Access token which can push to a different repo in the same org
	token: ${{ secrets.GH_ACCESS_TOKEN }}
	charts_dir: deployments/helm/charts
	# repo where charts would be published
	owner: kubearmor
	repository: charts
	branch: gh-pages
	charts_url: https://kubearmor.github.io/charts
	commit_username: "github-actions[bot]"
	commit_email: "github-actions[bot]@users.noreply.github.com"

	create_issue:
	needs: ["publish-oci-helm-chart","publish-aws-helm-chart","certify-images-on-redhat"]
	runs-on: ubuntu-latest
	permissions:
	issues: write
	steps:
	- uses: actions/checkout@v3
	- name: Create marketplace release issue
	run: \|
	RELEASE=`cat STABLE-RELEASE`
	new_issue_url=$(gh issue create \
	--title "$TITLE $RELEASE" \
	--assignee "$ASSIGNEES" \
	--label "$LABELS" \
	--body "$BODY")
	env:
	GH_TOKEN: ${{ secrets.GH_ISSUE_RW_ACCESS_TOKEN }}
	GH_REPO: ${{ github.repository }}
	TITLE: Marketplace Release KubeArmor
	ASSIGNEES: rksharma95,daemon1024
	LABELS: "help wanted"
	BODY: \|
	### Tasks

	- [ ] Test and Publish KubeArmor Operator on Red Hat
	- [ ] Update KubeArmor Listing on AWS Marketplace
	- [ ] Update KubeArmor Listing on Oracle Marketplace

	Assignees: @kubearmor/triagers

	Refer the documentation [here](https://github.com/kubearmor/KubeArmor/wiki/Update-KubeArmor-Marketplace-Releases) for update listing instructions.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #1764 from DelusionalOptimist/oci-artifacts #1

Workflow file

Merge pull request #1764 from DelusionalOptimist/oci-artifacts #1

Jobs

Run details

Workflow file for this run