Skip to content

Commit

Permalink
Build, test and release using reusable Github actions.
Browse files Browse the repository at this point in the history 
Updates the release.yml workflow file to use the reusable actions
available to build, test and release policies.
  • Loading branch information
@jvanz
jvanz committed Jan 27, 2022
1 parent 76bffed commit b266e12
Showing 1 changed file with 17 additions and 97 deletions.
114 changes: 17 additions & 97 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,106 +5,26 @@ on:
tags:
- 'v*'

name: Publish Wasm module
name: Release policy

jobs:

test:
name: Test Suite
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- uses: actions-rs/cargo@v1
with:
command: test
name: run tests and linters
uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-rust.yml@v1

build:
name: Build and publish policy
runs-on: ubuntu-latest
release:
needs: test
env:
WASM_BINARY_NAME: host_namespaces_psp
OCI_TARGET: ghcr.io/kubewarden/policies/host-namespaces-psp
METADATA_FILE: metadata.yml
KWCTL_VERSION: v0.1.9
steps:
-
name: Checkout code
uses: actions/checkout@v2
-
name: Prepare Rust environment
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
target: wasm32-unknown-unknown
-
name: Download kwctl
run: |
curl -L https://github.com/kubewarden/kwctl/releases/download/${{env.KWCTL_VERSION}}/kwctl-linux-amd64.zip -o kwctl.zip
unzip kwctl.zip
chmod 755 kwctl
-
name: Build Wasm module
uses: actions-rs/cargo@v1
with:
command: build
args: --target=wasm32-unknown-unknown --release
-
name: Annotate Wasm module
run: |
./kwctl annotate -m ${{ env.METADATA_FILE }} -o policy-annotated.wasm target/wasm32-unknown-unknown/release/${WASM_BINARY_NAME}.wasm
permissions:
# Required to push to GHCR
contents: write
packages: write
# Required by cosign keyless signing
id-token: write

-
name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Publish Wasm policy artifact to OCI registry with the 'latest' tag
if: ${{ startsWith(github.ref, 'refs/heads/') }}
run: |
./kwctl push policy-annotated.wasm ${{ env.OCI_TARGET }}:latest
-
name: Publish Wasm policy artifact to OCI registry with the version tag and 'latest'
if: ${{ startsWith(github.ref, 'refs/tags/') }}
run: |
export OCI_TAG=$(echo $GITHUB_REF | sed -e "s|refs/tags/||")
./kwctl push policy-annotated.wasm ${{ env.OCI_TARGET }}:${OCI_TAG}
-
name: Create Release
if: ${{ startsWith(github.ref, 'refs/tags/') }}
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
draft: false
prerelease: false
-
name: Upload Release Asset
if: ${{ startsWith(github.ref, 'refs/tags/') }}
id: upload-release-asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: policy-annotated.wasm
asset_name: policy.wasm
asset_content_type: application/wasm
-
name: Notify policy-hub
if: ${{ startsWith(github.ref, 'refs/tags/') }}
uses: kubewarden/notify-policy-hub@main
with:
USERNAME: chimera-kube-bot
PAT: ${{ secrets.WORKFLOW_PAT }}
uses: kubewarden/github-actions/.github/workflows/reusable-release-policy-rust.yml@v1
with:
input-wasm: host_namespaces_psp
oci-target: ghcr.io/${{ github.repository_owner }}/policies/host-namespaces-psp
secrets:
workflow-pat: ${{ secrets.WORKFLOW_PAT }}

0 comments on commit b266e12

Please sign in to comment.