Merge pull request #821 from weaveworks/807-bp-replica #123
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'image tag prefix' | |
| default: 'rc' | |
| required: true | |
| permissions: | |
| contents: write # needed to write releases | |
| id-token: write # needed for keyless signing | |
| packages: write # needed for ghcr access | |
| env: | |
| CONTROLLER: ${{ github.event.repository.name }} | |
| jobs: | |
| build-push: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@v2 | |
| - name: Set up yq | |
| uses: frenck/action-setup-yq@v1 | |
| with: | |
| version: 4.14.1 | |
| - name: Setup Kustomize | |
| uses: fluxcd/pkg/actions/kustomize@main | |
| - name: Setup Cosign | |
| uses: sigstore/cosign-installer@main | |
| - name: Setup Syft | |
| uses: anchore/sbom-action/download-syft@v0 | |
| - name: Prepare | |
| id: prep | |
| run: | | |
| VERSION="${{ github.event.inputs.tag }}-${GITHUB_SHA::8}" | |
| if [[ $GITHUB_REF == refs/tags/* ]]; then | |
| VERSION=${GITHUB_REF/refs\/tags\//} | |
| fi | |
| echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ') | |
| echo ::set-output name=VERSION::${VERSION} | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@v1 | |
| with: | |
| platforms: all | |
| - name: Setup Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v1 | |
| with: | |
| buildkitd-flags: "--debug" | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Publish multi-arch tf-controller container image | |
| uses: docker/build-push-action@v2 | |
| with: | |
| push: true | |
| no-cache: true | |
| builder: ${{ steps.buildx.outputs.name }} | |
| context: . | |
| file: ./Dockerfile | |
| platforms: linux/amd64,linux/arm64 #,linux/arm/v7 | |
| tags: | | |
| ghcr.io/weaveworks/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }} | |
| ghcr.io/weaveworks/${{ env.CONTROLLER }}:latest | |
| labels: | | |
| org.opencontainers.image.title=${{ github.event.repository.name }} | |
| org.opencontainers.image.description=${{ github.event.repository.description }} | |
| org.opencontainers.image.url=${{ github.event.repository.html_url }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }} | |
| org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }} | |
| - name: Publish multi-arch tf-runner container image | |
| uses: docker/build-push-action@v2 | |
| with: | |
| push: true | |
| no-cache: true | |
| builder: ${{ steps.buildx.outputs.name }} | |
| context: . | |
| file: ./runner.Dockerfile | |
| platforms: linux/amd64,linux/arm64 #,linux/arm/v7 | |
| tags: | | |
| ghcr.io/weaveworks/tf-runner:${{ steps.prep.outputs.VERSION }} | |
| ghcr.io/weaveworks/tf-runner:latest | |
| labels: | | |
| org.opencontainers.image.title=${{ github.event.repository.name }} | |
| org.opencontainers.image.description=${{ github.event.repository.description }} | |
| org.opencontainers.image.url=${{ github.event.repository.html_url }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }} | |
| org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }} | |
| - name: Publish multi-arch tf-runner-azure container image | |
| uses: docker/build-push-action@v2 | |
| with: | |
| push: true | |
| no-cache: true | |
| builder: ${{ steps.buildx.outputs.name }} | |
| context: . | |
| file: ./runner-azure.Dockerfile | |
| platforms: linux/amd64,linux/arm64 #,linux/arm/v7 - azure-cli does not install correctly on 32 bit arm | |
| tags: | | |
| ghcr.io/weaveworks/tf-runner-azure:${{ steps.prep.outputs.VERSION }} | |
| ghcr.io/weaveworks/tf-runner-azure:latest | |
| labels: | | |
| org.opencontainers.image.title=${{ github.event.repository.name }} | |
| org.opencontainers.image.description=${{ github.event.repository.description }} | |
| org.opencontainers.image.url=${{ github.event.repository.html_url }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }} | |
| org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }} | |
| - name: Publish multi-arch branch-planner container image | |
| uses: docker/build-push-action@v2 | |
| with: | |
| push: true | |
| no-cache: true | |
| builder: ${{ steps.buildx.outputs.name }} | |
| context: . | |
| file: ./planner.Dockerfile | |
| platforms: linux/amd64,linux/arm64 #,linux/arm/v7 - azure-cli does not install correctly on 32 bit arm | |
| tags: | | |
| ghcr.io/weaveworks/branch-planner:${{ steps.prep.outputs.VERSION }} | |
| ghcr.io/weaveworks/branch-planner:latest | |
| labels: | | |
| org.opencontainers.image.title=${{ github.event.repository.name }} | |
| org.opencontainers.image.description=${{ github.event.repository.description }} | |
| org.opencontainers.image.url=${{ github.event.repository.html_url }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }} | |
| org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }} | |
| - name: Check images | |
| run: | | |
| docker buildx imagetools inspect ghcr.io/weaveworks/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }} | |
| docker pull ghcr.io/weaveworks/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }} | |
| docker buildx imagetools inspect ghcr.io/weaveworks/tf-runner:${{ steps.prep.outputs.VERSION }} | |
| docker pull ghcr.io/weaveworks/tf-runner:${{ steps.prep.outputs.VERSION }} | |
| docker buildx imagetools inspect ghcr.io/weaveworks/tf-runner-azure:${{ steps.prep.outputs.VERSION }} | |
| docker pull ghcr.io/weaveworks/tf-runner-azure:${{ steps.prep.outputs.VERSION }} | |
| docker buildx imagetools inspect ghcr.io/weaveworks/branch-planner:${{ steps.prep.outputs.VERSION }} | |
| docker pull ghcr.io/weaveworks/branch-planner:${{ steps.prep.outputs.VERSION }} | |
| - name: Sign images | |
| env: | |
| COSIGN_EXPERIMENTAL: 1 | |
| run: | | |
| cosign sign --yes ghcr.io/weaveworks/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }} | |
| cosign sign --yes ghcr.io/weaveworks/tf-runner:${{ steps.prep.outputs.VERSION }} | |
| - name: Generate release manifests | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| mkdir -p config/release | |
| kustomize build ./config/crd > ./config/release/${{ env.CONTROLLER }}.crds.yaml | |
| kustomize build ./config/rbac > ./config/release/${{ env.CONTROLLER }}.rbac.yaml | |
| kustomize build ./config/manager | yq e '.spec.template.spec.containers[0].env[1].value="ghcr.io/weaveworks/tf-runner:${{ steps.prep.outputs.VERSION }}"' - > ./config/release/${{ env.CONTROLLER }}.deployment.yaml | |
| kustomize build ./config/package > ./config/release/${{ env.CONTROLLER }}.packages.yaml | |
| echo '[CHANGELOG](https://github.com/weaveworks/${{ env.CONTROLLER }}/blob/main/CHANGELOG.md)' > ./config/release/notes.md | |
| - name: Setup Go | |
| uses: actions/setup-go@v2 | |
| with: | |
| go-version: 1.19.X | |
| - name: Create release | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: goreleaser/goreleaser-action@v3 | |
| with: | |
| version: latest | |
| args: release --release-notes=./config/release/notes.md --skip-validate | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.TF_CONTROLLER_WEAVEWORKSBOT }} | |
| - name: Publish Helm chart | |
| uses: stefanprodan/[email protected] | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Trigger the release-runners workflow | |
| run: | | |
| curl -XPOST -u "${{ secrets.GITHUB_TOKEN }}:" \ | |
| -H "Accept: application/vnd.github.everest-preview+json" \ | |
| "https://api.github.com/repos/${{ github.repository }}/dispatches" \ | |
| -d '{ | |
| "event_type": "release-runners", | |
| "client_payload": { | |
| "controller": "${{ env.CONTROLLER }}", | |
| "version": "${{ steps.prep.outputs.VERSION }}", | |
| "build_date": "${{ steps.prep.outputs.BUILD_DATE }}", | |
| "sha": "${{ github.sha }}", | |
| "repo_desc": "${{ github.event.repository.description }}", | |
| "repo_url": "${{ github.event.repository.html_url }}" | |
| } | |
| }' |