-
Notifications
You must be signed in to change notification settings - Fork 0
135 lines (131 loc) · 4.84 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Create Release
on:
workflow_dispatch:
inputs:
version:
description: 'version to release, e.g. v1.5.13'
required: true
default: 'v0.1.0'
source_ref:
description: 'source ref to publish from. E.g.: main or release-x.y'
default: 'main'
required: true
prerelease:
required: false
default: 'false'
jobs:
publish:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
attestations: write
packages: write
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
steps:
- name: Checkout Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Login to GHCR
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Generate images meta
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,value=${{ github.event.inputs.version }}
- name: Build and push
id: build-push
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 #v6.10.0
with:
provenance: true
sbom: true
push: true
platforms: linux/amd64,linux/arm64
labels: ${{ steps.meta.outputs.labels }}
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.event.inputs.version }}
outputs: "type=registry,push=true"
- name: Attest
uses: actions/attest-build-provenance@c4fbc648846ca6f503a13a2281a5e7b98aa57202 # v2.0.1
id: attest
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.build-push.outputs.digest }}
push-to-registry: true
publish-chart:
needs: publish
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
attestations: write
packages: write
env:
REGISTRY: ghcr.io
CHART_DIR: charts
steps:
- name: Checkout Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
with:
version: v3.12.0
- name: Login to GHCR
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Package chart
id: package
run: |
helm package ${{ env.CHART_DIR }}/x-pdb --version=${{ github.event.inputs.version }} --app-version=${{ github.event.inputs.version }}
echo "chart_file=$(ls *.tgz)" >> $GITHUB_OUTPUT
- name: Push chart to GHCR
id: push
run: |
helm push ${{ steps.package.outputs.chart_file }} oci://${{ env.REGISTRY }}/${{ github.repository }}/charts |& tee helm-push-output.log
DIGEST=$(awk -F "[, ]+" '/Digest/{print $NF}' < helm-push-output.log)
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
- name: Attest
uses: actions/attest-build-provenance@c4fbc648846ca6f503a13a2281a5e7b98aa57202 # v2.0.1
id: attest
with:
subject-name: ${{ env.REGISTRY }}/${{ github.repository }}/charts/x-pdb
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
- name: Publish Helm charts to GH Pages
uses: stefanprodan/helm-gh-pages@0ad2bb377311d61ac04ad9eb6f252fb68e207260 # v1.7.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
charts_dir: ${{ env.CHART_DIR }}
release:
needs: [publish, publish-chart]
name: Create Release
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
ref: ${{ github.event.inputs.source_ref }}
- name: Create Release
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
with:
tag_name: ${{ github.event.inputs.version }}
target_commitish: ${{ github.event.inputs.source_ref }}
prerelease: ${{ github.event.inputs.prerelease }}
generate_release_notes: true
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"