-
Notifications
You must be signed in to change notification settings - Fork 1
132 lines (125 loc) · 4.83 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: workflow release
on:
push:
tags: [ 'v*' ]
permissions:
contents: read
jobs:
manifests:
strategy:
matrix:
variant:
- distroless
- alpine
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup Flux
uses: fluxcd/flux2/action@5c5c15ea212b8f029a110f9975851d25c8272695 #v2.2.2
with:
version: ${{ github.ref_name }}
- name: Login to GHCR
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build manifests
run: |
mkdir -p bin/${{ matrix.variant }}
flux install \
--components-extra="image-reflector-controller,image-automation-controller" \
--registry=ghcr.io/controlplaneio-fluxcd/${{ matrix.variant }} \
--image-pull-secret=flux-enterprise-auth \
--export > --export > bin/${{ matrix.variant }}/gotk-components.yaml
- name: Push manifests
id: push
run: |
set -euo pipefail
img_digest=$(flux push artifact \
oci://ghcr.io/controlplaneio-fluxcd/${{ matrix.variant }}/flux-manifests:${{ github.ref_name }} \
--path=bin/${{ matrix.variant }} \
--source=${{ github.repositoryUrl }} \
--revision="${{ github.ref_name }}@sha1:${{ github.sha }}" \
--annotations='org.opencontainers.image.description=ControlPLane Enterprise for Flux CD' \
--output=json | jq -r '.digest')
echo "img_digest=$img_digest" >> $GITHUB_OUTPUT
img_repository=ghcr.io/controlplaneio-fluxcd/${{ matrix.variant }}/flux-manifests
echo "img_repository=$img_repository" >> $GITHUB_OUTPUT
img_url=${img_repository}:${{ github.ref_name }}
echo "img_url=$img_url" >> $GITHUB_OUTPUT
- uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
- name: Sign manifests
run: |
cosign sign --yes ${{ steps.push.outputs.img_repository }}@${{ steps.push.outputs.img_digest }}
release:
runs-on: ubuntu-latest
env:
ENTERPRISE_REGISTRY: ghcr.io/controlplaneio-fluxcd
ENTERPRISE_VARIANTS: alpine;distroless
UPSTREAM_REGISTRY: ghcr.io/fluxcd
UPSTREAM_VARIANT: alpine
needs:
- manifests
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Create release
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
title="Flux ${{ github.ref_name }}"
notes="See the distribution [release notes](https://github.com/controlplaneio-fluxcd/distribution/blob/main/releases/release-${GITHUB_REF_NAME:0:4}.md) for more details."
gh release create ${{ github.ref_name }} --title="${title}" --notes="${notes}" --verify-tag
- name: Setup Flux
uses: fluxcd/flux2/action@5c5c15ea212b8f029a110f9975851d25c8272695 #v2.2.2
with:
version: ${{ github.ref_name }}
- name: Login to GHCR
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_READONLY }}
- name: Generate upstream images
shell: bash
run: |
DISTRIBUTION="upstream" \
REGISTRY="${UPSTREAM_REGISTRY}" \
VARIANT="${UPSTREAM_VARIANT}" \
VERSION="${{ github.ref_name }}" \
.github/workflows/update-images.sh
- name: Generate enterprise images
shell: bash
run: |
for variant in ${ENTERPRISE_VARIANTS//;/$'\n'}
do
DISTRIBUTION="enterprise" \
REGISTRY="${ENTERPRISE_REGISTRY}" \
VARIANT="${variant}" \
VERSION="${{ github.ref_name }}" \
.github/workflows/update-images.sh
done
- name: Create Pull Request
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: |
Add images for Flux ${{ github.ref_name }}
committer: GitHub <[email protected]>
signoff: true
branch: update-images-${{ github.ref_name }}
title: Add images for Flux ${{ github.ref_name }}
body: |
Add images with digests for Flux ${{ github.ref_name }}
labels: |
area/images