-
Notifications
You must be signed in to change notification settings - Fork 17
150 lines (134 loc) · 4.49 KB
/
publish.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: Publish
on:
push:
branches:
- "main"
- v*
tags:
- v*
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
unit-tests:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
cache: true
- name: Unit Tests
run: |
make test
- name: Lint
run: |
ENV=host make lint
make bumplicense
go mod tidy
pushd e2etests
go mod tidy
popd
make manifests
make checkuncommitted
publish-images:
runs-on: ubuntu-22.04
needs: [unit-tests]
permissions:
contents: read
id-token: write # needed for signing the images with GitHub OIDC Token
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Install Cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: "v2.2.3"
- name: Code checkout
uses: actions/checkout@v4
- name: Setup docker buildx
uses: docker/setup-buildx-action@v3
- name: Log into Quay
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_USER }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
quay.io/metallb/frr-k8s
# generate Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=semver,pattern={{raw}}
labels: |
org.opencontainers.image.title=frr-k8s
org.opencontainers.image.description=frr-k8s, a cloud native wrapper of some frr features
- name: Build and push
uses: docker/build-push-action@v5
id: build-and-push
with:
context: .
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
file: Dockerfile
platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le,linux/arm/v7
cache-from: type=gha
cache-to: type=gha,mode=max
push: true
build-args: |
GIT_BRANCH: ${{ github.ref_name }}
GIT_COMMIT: ${{ github.sha }}
- name: Cosign sign tags
run: cosign sign --yes ${TAGS}
env:
TAGS: ${{ steps.meta.outputs.tags }}@${{ steps.build-and-push.outputs.digest }}
COSIGN_EXPERIMENTAL: 1
release-charts:
needs: [publish-images]
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Chart releaser
if: startsWith(github.ref, 'refs/tags/v') # we craft releases only for tags
run: |
# Download chart releaser
curl -sSLo cr.tar.gz "https://github.com/helm/chart-releaser/releases/download/v1.4.0/chart-releaser_1.4.0_linux_amd64.tar.gz"
tar -xzf cr.tar.gz
rm -f cr.tar.gz
repo=$(basename "$GITHUB_REPOSITORY")
owner=$(dirname "$GITHUB_REPOSITORY")
tag="${GITHUB_REF_NAME:1}"
exists=$(curl -s -H "Accept: application/vnd.github.v3+json" https://github.com/$GITHUB_REPOSITORY/releases/tag/$repo-chart-$tag -w %{http_code} -o /dev/null)
if [[ $exists != "200" ]]; then
echo "Creating release..."
# package chart
./cr package charts/$repo
# upload chart to github releases
./cr upload \
--owner "$owner" \
--git-repo "$repo" \
--release-name-template "{{ .Name }}-chart-{{ .Version }}" \
--token "${{ secrets.GITHUB_TOKEN }}"
# Update index and push to github pages
./cr index \
--owner "$owner" \
--git-repo "$repo" \
--index-path index.yaml \
--release-name-template "{{ .Name }}-chart-{{ .Version }}" \
--push
else
echo "Release already exists"
fi