On release #387
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: On release | |
| on: | |
| workflow_dispatch: | |
| permissions: {} | |
| env: | |
| REGISTRY: docker.io | |
| REPO: rancher | |
| jobs: | |
| guard: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Ensure ref is a tag | |
| run: | | |
| if [ "$GITHUB_REF_TYPE" != "tag" ]; then | |
| echo "::error::This workflow must be dispatched on a tag ref (got ${GITHUB_REF_TYPE} '${GITHUB_REF}')" | |
| exit 1 | |
| fi | |
| build: | |
| needs: guard | |
| name: build and package | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| arch: | |
| - amd64 | |
| - arm64 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Build Binary | |
| env: | |
| GIT_TAG: ${{ github.ref_name }} | |
| run: make build ARCH=${{ matrix.arch }} | |
| - name: Package Helm Chart | |
| env: | |
| GIT_TAG: ${{ github.ref_name }} | |
| run: make package-helm | |
| - name: Prepare Artifacts | |
| run: | | |
| mkdir -p dist/artifacts | |
| cp bin/webhook dist/artifacts/webhook-linux-${{ matrix.arch }} | |
| cd dist/artifacts | |
| sha256sum webhook-linux-${{ matrix.arch }} > sha256sum-${{ matrix.arch }}.txt | |
| - name: Upload artifacts | |
| # https://github.com/actions/upload-artifact/commit/65462800fd760344b1a7b4382951275a0abb4808 | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: webhook-artifacts-${{ matrix.arch }} | |
| path: | | |
| dist/artifacts/webhook-linux-${{ matrix.arch }} | |
| dist/artifacts/sha256sum-${{ matrix.arch }}.txt | |
| dist/artifacts/rancher-webhook-*.tgz | |
| release: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| # https://github.com/actions/checkout/releases/tag/v4.1.1 | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Package Helm Chart | |
| env: | |
| GIT_TAG: ${{ github.ref_name }} | |
| run: make package-helm | |
| - name: Download the amd64 artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| # https://github.com/actions/download-artifact/releases/tag/v4.1.7 | |
| with: | |
| name: webhook-artifacts-amd64 | |
| path: dist/artifacts | |
| - name: Download the arm64 artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| # https://github.com/actions/download-artifact/releases/tag/v4.1.7 | |
| with: | |
| name: webhook-artifacts-arm64 | |
| path: dist/artifacts | |
| - name: Upload the files | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| VERSION: ${{ github.ref_name }} | |
| run: | | |
| ls -lR dist | |
| cd dist/artifacts | |
| flags="--verify-tag --generate-notes" | |
| [[ "$VERSION" == *-rc* ]] && flags="$flags --prerelease" | |
| gh --repo "$GITHUB_REPOSITORY" release create "$VERSION" $flags webhook-linux-* sha256sum-*.txt rancher-webhook*.tgz | |
| publish: | |
| needs: guard | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write # Required for cosign signing | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: "Read vault secrets" | |
| uses: rancher-eio/read-vault-secrets@0da85151ad1f19ed7986c41587e45aac1ace74b6 # v3 | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ; | |
| secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials registry | PRIME_STG_REGISTRY ; | |
| secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials username | PRIME_STG_REGISTRY_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials password | PRIME_STG_REGISTRY_PASSWORD | |
| - name: Publish image | |
| uses: rancher/ecm-distro-tools/actions/publish-image@a7a867a6376bf4a1cee397558f3c85393769f069 # v0.69.4 | |
| with: | |
| image: rancher-webhook | |
| tag: ${{ github.ref_name }} | |
| platforms: linux/amd64,linux/arm64 | |
| public-registry: docker.io | |
| public-repo: rancher | |
| public-username: ${{ env.DOCKER_USERNAME }} | |
| public-password: ${{ env.DOCKER_PASSWORD }} | |
| push-to-prime: true | |
| prime-repo: rancher | |
| prime-make-target: push-prime-image | |
| identity-registry: ${{ vars.PRIME_REGISTRY_HOSTNAME }} | |
| prime-registry: ${{ env.PRIME_STG_REGISTRY }} | |
| prime-username: ${{ env.PRIME_STG_REGISTRY_USERNAME }} | |
| prime-password: ${{ env.PRIME_STG_REGISTRY_PASSWORD }} |