-
Notifications
You must be signed in to change notification settings - Fork 135
129 lines (99 loc) · 3.62 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: Create Release
on:
push:
branches:
- main
tags:
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
env:
GO_VERSION: '1.21'
jobs:
cli:
# Only release CLI for tagged releases
if: startsWith(github.event.ref, 'refs/tags/v')
name: Release the CLI
runs-on: ubuntu-latest
# https://docs.github.com/en/actions/reference/authentication-in-a-workflow
permissions:
id-token: write
contents: write
steps:
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
- uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v2.8.1
with:
version: latest
install-only: true
- name: Release
run: make release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ko-build:
name: Release apko image
runs-on: ubuntu-latest
# https://docs.github.com/en/actions/reference/authentication-in-a-workflow
permissions:
id-token: write
packages: write
contents: read
env:
KO_DOCKER_REPO: ghcr.io/${{ github.repository }}
COSIGN_YES: "true"
steps:
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.4
- uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Login to registry
run: |
echo ${{ github.token }} | go run ./ login ghcr.io --username=${{ github.repository_owner }} --password-stdin
- name: Publish/Sign apko image
run: |
# If not a tagged release, override image tag to "canary"
export IMAGE_TAG=${GITHUB_REF#refs/tags/}
if [[ $GITHUB_REF != refs/tags/* ]]; then
export IMAGE_TAG=canary
fi
make sign-image
tekton-task:
# Only release the Tekton Task after a CLI release has been created, since
# goreleaser creates a GitHub Release which the Tekton Task will be
# attached to.
needs: cli
name: Release the Tekton Task
runs-on: ubuntu-latest
# https://docs.github.com/en/actions/reference/authentication-in-a-workflow
permissions:
id-token: write
contents: write
packages: write
steps:
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v2.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
- uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Login to registry
run: |
echo ${{ github.token }} | go run ./ login ghcr.io --username=${{ github.repository_owner }} --password-stdin
- name: Generate Tekton Task
run: |
# If not a tagged release, override image tag to "canary"
export IMAGE_TAG=${GITHUB_REF#refs/tags/}
if [[ $GITHUB_REF != refs/tags/* ]]; then
export IMAGE_TAG=canary
fi
make ko-resolve
- name: Attach to release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh release upload ${GITHUB_REF#refs/tags/} task.yaml