Skip to content

Merge pull request #56 from controlplaneio-fluxcd/release-v2.3.0 #9

Merge pull request #56 from controlplaneio-fluxcd/release-v2.3.0

Merge pull request #56 from controlplaneio-fluxcd/release-v2.3.0 #9

Workflow file for this run

name: workflow release
on:
push:
tags: [ 'v*' ]
permissions:
contents: read
jobs:
manifests:
strategy:
matrix:
variant:
- distroless
- alpine
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup Flux
uses: fluxcd/flux2/action@534684601ec8888beb0cc4f51117b59e97606c4d #v2.2.3
with:
version: ${{ github.ref_name }}
- name: Login to GHCR
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build manifests
run: |
mkdir -p bin/${{ matrix.variant }}
flux install \
--components-extra="image-reflector-controller,image-automation-controller" \
--registry=ghcr.io/controlplaneio-fluxcd/${{ matrix.variant }} \
--image-pull-secret=flux-enterprise-auth \
--export > --export > bin/${{ matrix.variant }}/gotk-components.yaml
- name: Push manifests
id: push
run: |
set -euo pipefail
img_digest=$(flux push artifact \
oci://ghcr.io/controlplaneio-fluxcd/${{ matrix.variant }}/flux-manifests:${{ github.ref_name }} \
--path=bin/${{ matrix.variant }} \
--source=${{ github.repositoryUrl }} \
--revision="${{ github.ref_name }}@sha1:${{ github.sha }}" \
--annotations='org.opencontainers.image.description=ControlPLane Enterprise for Flux CD' \
--output=json | jq -r '.digest')
echo "img_digest=$img_digest" >> $GITHUB_OUTPUT
img_repository=ghcr.io/controlplaneio-fluxcd/${{ matrix.variant }}/flux-manifests
echo "img_repository=$img_repository" >> $GITHUB_OUTPUT
img_url=${img_repository}:${{ github.ref_name }}
echo "img_url=$img_url" >> $GITHUB_OUTPUT
- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- name: Sign manifests
run: |
cosign sign --yes ${{ steps.push.outputs.img_repository }}@${{ steps.push.outputs.img_digest }}
release:
runs-on: ubuntu-latest
env:
ENTERPRISE_REGISTRY: ghcr.io/controlplaneio-fluxcd
ENTERPRISE_VARIANTS: alpine;distroless
UPSTREAM_REGISTRY: ghcr.io/fluxcd
UPSTREAM_VARIANT: alpine
needs:
- manifests
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Create release
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
title="Flux ${{ github.ref_name }}"
notes="See the distribution [release notes](https://github.com/controlplaneio-fluxcd/distribution/blob/main/releases/release-${GITHUB_REF_NAME:0:4}.md) for more details."
gh release create ${{ github.ref_name }} --title="${title}" --notes="${notes}" --verify-tag
- name: Setup Flux
uses: fluxcd/flux2/action@534684601ec8888beb0cc4f51117b59e97606c4d #v2.2.3
with:
version: ${{ github.ref_name }}
- name: Login to GHCR
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_READONLY }}
- name: Upload install manifests
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
WORK_DIR="workspace"
mkdir -p "${WORK_DIR}"
cd "${WORK_DIR}"
for variant in ${ENTERPRISE_VARIANTS//;/$'\n'}
do
flux pull artifact oci://${ENTERPRISE_REGISTRY}/${variant}/flux-manifests:${{ github.ref_name }} -o .;
mv gotk-components.yaml install-${variant}.yaml;
done
gh release upload ${{ github.ref_name }} ./*.yaml
- name: Generate upstream images
shell: bash
run: |
DISTRIBUTION="upstream" \
REGISTRY="${UPSTREAM_REGISTRY}" \
VARIANT="${UPSTREAM_VARIANT}" \
VERSION="${{ github.ref_name }}" \
.github/workflows/update-images.sh
- name: Generate enterprise images
shell: bash
run: |
for variant in ${ENTERPRISE_VARIANTS//;/$'\n'}
do
DISTRIBUTION="enterprise" \
REGISTRY="${ENTERPRISE_REGISTRY}" \
VARIANT="${variant}" \
VERSION="${{ github.ref_name }}" \
.github/workflows/update-images.sh;
cp "images/${{ github.ref_name }}/enterprise-${variant}.yaml" "workspace/images-${variant}.yaml";
done
- name: Update latest version
shell: bash
run: |
echo "${{ github.ref_name }}" > "images/VERSION"
- name: Create Pull Request
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: |
Add images for Flux ${{ github.ref_name }}
committer: GitHub <[email protected]>
signoff: true
branch: update-images-${{ github.ref_name }}
base: main
title: Add images for Flux ${{ github.ref_name }}
body: |
Add images with digests for Flux ${{ github.ref_name }}
labels: |
area/images