releaser #146

Workflow file for this run

.github/workflows/release.yaml at 85bf33d

	name: releaser
	on:
	push:
	tags:
	- 'v*'

	jobs:
	release-init-kyverno:
	permissions:
	contents: read
	packages: write
	id-token: write
	uses: ./.github/workflows/reuse.yaml
	with:
	publish_command: ko-publish-kyvernopre
	image_name: kyvernopre
	tag: release
	main: cmd/initContainer
	secrets:
	registry_username: ${{ github.actor }}
	registry_password: ${{ secrets.CR_PAT }}

	release-kyverno:
	permissions:
	contents: read
	packages: write
	id-token: write
	uses: ./.github/workflows/reuse.yaml
	with:
	publish_command: ko-publish-kyverno
	image_name: kyverno
	tag: release
	main: cmd/kyverno
	secrets:
	registry_username: ${{ github.actor }}
	registry_password: ${{ secrets.CR_PAT }}

	release-kyverno-cli:
	permissions:
	contents: read
	packages: write
	id-token: write
	uses: ./.github/workflows/reuse.yaml
	with:
	publish_command: ko-publish-cli
	image_name: kyverno-cli
	tag: release
	main: cmd/cli/kubectl-kyverno
	secrets:
	registry_username: ${{ github.actor }}
	registry_password: ${{ secrets.CR_PAT }}

	create-release:
	runs-on: ubuntu-latest
	needs:
	- release-init-kyverno
	- release-kyverno
	- release-kyverno-cli
	steps:
	- name: Set version
	id: version
	run: echo ::set-output name=version::${GITHUB_REF#refs/*/}

	- name: Checkout
	uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # [email protected]
	with:
	fetch-depth: 0

	- name: Set up Go
	uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # [email protected]
	with:
	go-version: ~1.18.6

	- name: Cache Go modules
	uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # pin@v3
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
	restore-keys: \|
	${{ runner.os }}-go-

	- uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # [email protected]

	- name: Make Release
	env:
	VERSION: ${{ steps.version.outputs.version }}
	run: \|
	rm -rf release
	mkdir release
	make release-notes > release/release-notes.out
	cat release/release-notes.out

	- name: Run GoReleaser
	uses: goreleaser/goreleaser-action@5df302e5e9e4c66310a6b6493a8865b12c555af2 # [email protected]
	with:
	version: latest
	args: release --rm-dist --debug --release-notes=release/release-notes.out
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}


	push-and-sign-install-manifest:
	runs-on: ubuntu-latest
	permissions:
	contents: write # needed to write releases
	id-token: write # needed for keyless signing
	packages: write # needed for ghcr access
	needs:
	- create-release
	steps:
	- name: Set version
	id: version
	run: echo ::set-output name=version::${GITHUB_REF#refs/*/}

	- name: Checkout
	uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # [email protected]
	with:
	fetch-depth: 0

	- name: Set up Go
	uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # [email protected]
	with:
	go-version: ~1.18.6

	- name: Setup Flux CLI
	uses: fluxcd/flux2/action@1fa48bf916fa5ce5800190f8a0c9fdf7ae86559b # v0.35.0
	with:
	version: 0.35.0

	- name: Install Cosign
	uses: sigstore/cosign-installer@7cc35d7fdbe70d4278a0c96779081e6fac665f88 # v2.8.0
	with:
	cosign-release: 'v1.13.0'

	- name: Build yaml manifest
	run: make codegen-release

	- name: Upload yaml manifest
	uses: svenstaro/upload-release-action@133984371c30d34e38222a64855679a414cb7575 # pin@v2
	with:
	repo_token: ${{ secrets.GITHUB_TOKEN }}
	file: config/.release/install.yaml
	asset_name: install.yaml
	tag: ${{ github.ref }}

	- name: Login to GHCR
	uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Push manifests to GHCR with Flux
	env:
	CR_PAT_ARTIFACTS: ${{ secrets.CR_PAT_ARTIFACTS }}
	run: \|
	set -e
	mkdir -p config/.release-manifests
	cp config/.release/install.yaml config/.release-manifests/install.yaml
	cd config/.release-manifests/ && \
	flux push artifact oci://ghcr.io/${{ github.repository_owner }}/manifests/kyverno:${{ steps.version.outputs.version }} \
	--path="." \
	--source="$(git config --get remote.origin.url)" \
	--revision="${{ steps.version.outputs.version }}/$(git rev-parse HEAD)"

	- name: Sign manifests in GHCR with Cosign
	env:
	COSIGN_EXPERIMENTAL: 1
	run: \|
	cosign sign ghcr.io/${{ github.repository_owner }}/manifests/kyverno:${{ steps.version.outputs.version }}

	release-cli-via-krew:
	runs-on: ubuntu-latest
	needs:
	- create-release
	steps:
	- name: Checkout
	uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # [email protected]

	- name: Unshallow
	run: git fetch --prune --unshallow

	- name: Check Tag
	id: check-tag
	run: \|
	if [[ ${{ github.event.ref }} =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
	echo ::set-output name=match::true
	fi

	- name: Update new version in krew-index
	if: steps.check-tag.outputs.match == 'true'
	uses: rajatjindal/krew-release-bot@3320c0b546b5d2320613c46762bd3f73e2801bdc # [email protected]

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

releaser #146

Workflow file

releaser #146

Jobs

Run details

Workflow file for this run