diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d339855b2a..41b59b721d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,7 +6,11 @@ on: - master - release-* pull_request: {} - workflow_dispatch: {} + workflow_dispatch: + inputs: + version: + description: 'Release version (e.g. v0.1.0)' + required: false env: # Common versions @@ -14,12 +18,7 @@ env: GOLANGCI_VERSION: 'v1.53.3' DOCKER_BUILDX_VERSION: 'v0.8.2' - # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run - # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether - # credentials have been provided before trying to run steps that need them. - CONTRIB_DOCKER_USR: ${{ secrets.CONTRIB_DOCKER_USR }} - XPKG_ACCESS_ID: ${{ secrets.XPKG_ACCESS_ID }} - AWS_USR: ${{ secrets.AWS_USR }} + DOCKER_USR: ${{ github.actor }} jobs: detect-noop: @@ -304,48 +303,55 @@ jobs: - name: Vendor Dependencies run: make vendor vendor.check - - name: Build Artifacts + - name: Build Artifacts with Version + run: make -j2 build.all VERSION=${XPKG_VERSION} + if: env.XPKG_VERSION != '' + env: + # We're using docker buildx, which doesn't actually load the images it + # builds by default. Specifying --load does so. + BUILD_ARGS: "--load" + XPKG_VERSION: ${{ github.event.inputs.version }} + + - name: Build Artifacts without Version run: make -j2 build.all + if: env.XPKG_VERSION == '' env: # We're using docker buildx, which doesn't actually load the images it # builds by default. Specifying --load does so. BUILD_ARGS: "--load" - + XPKG_VERSION: ${{ github.event.inputs.version }} + - name: Publish Artifacts to GitHub uses: actions/upload-artifact@v2 with: name: output path: _output/** - - - name: Login to Docker - uses: docker/login-action@v1 - if: env.CONTRIB_DOCKER_USR != '' - with: - username: ${{ secrets.CONTRIB_DOCKER_USR }} - password: ${{ secrets.CONTRIB_DOCKER_PSW }} - - - name: Login to Upbound + + - name: Login to GHCR uses: docker/login-action@v1 - if: env.XPKG_ACCESS_ID != '' + if: env.DOCKER_USR != '' with: - registry: xpkg.upbound.io - username: ${{ secrets.XPKG_ACCESS_ID }} - password: ${{ secrets.XPKG_TOKEN }} - - - name: Publish Artifacts to S3 and Docker Hub + registry: ghcr.io + username: ${{ secrets.DOCKER_USR }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish Artifacts to GHCR with Version + run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/} VERSION=${XPKG_VERSION} + if: env.DOCKER_USR != '' && env.XPKG_VERSION != '' + env: + GIT_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} + XPKG_VERSION: ${{ github.event.inputs.version }} + + - name: Publish Artifacts to GHCR without Version run: make -j2 publish BRANCH_NAME=${GITHUB_REF##*/} - if: env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != '' + if: env.DOCKER_USR != '' && env.XPKG_VERSION == '' env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }} GIT_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Promote Artifacts in S3 and Docker Hub - if: github.ref == 'refs/heads/master' && env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != '' + XPKG_VERSION: ${{ github.event.inputs.version }} + + - name: Promote Artifacts in Docker Hub + if: github.ref == 'refs/heads/master' && env.DOCKER_USR != '' run: make -j2 promote env: BRANCH_NAME: master CHANNEL: master - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }} - diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml index e6d9352a36..cec43eca45 100644 --- a/.github/workflows/promote.yml +++ b/.github/workflows/promote.yml @@ -15,11 +15,7 @@ env: # Common versions GO_VERSION: '1.19' - # Common users. We can't run a step 'if secrets.AWS_USR != ""' but we can run - # a step 'if env.AWS_USR' != ""', so we copy these to succinctly test whether - # credentials have been provided before trying to run steps that need them. - CONTRIB_DOCKER_USR: ${{ secrets.CONTRIB_DOCKER_USR }} - AWS_USR: ${{ secrets.AWS_USR }} + DOCKER_USR: ${{ github.actor }} jobs: promote-artifacts: @@ -39,19 +35,18 @@ jobs: - name: Fetch History run: git fetch --prune --unshallow - - name: Login to Docker + - name: Login to GHCR uses: docker/login-action@v1 - if: env.CONTRIB_DOCKER_USR != '' + if: env.DOCKER_USR != '' with: - username: ${{ secrets.CONTRIB_DOCKER_USR }} - password: ${{ secrets.CONTRIB_DOCKER_PSW }} + registry: ghcr.io + username: ${{ secrets.DOCKER_USR }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Promote Artifacts in S3 and Docker Hub - if: env.AWS_USR != '' && env.CONTRIB_DOCKER_USR != '' + - name: Promote Artifacts in GHCR + if: env.DOCKER_USR != '' run: make -j2 promote BRANCH_NAME=${GITHUB_REF##*/} env: VERSION: ${{ github.event.inputs.version }} CHANNEL: ${{ github.event.inputs.channel }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_USR }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PSW }} diff --git a/Makefile b/Makefile index 3f69a234f2..afe1601441 100644 --- a/Makefile +++ b/Makefile @@ -59,10 +59,7 @@ IMAGES = provider-aws # ==================================================================================== # Setup XPKG -XPKG_REG_ORGS ?= xpkg.upbound.io/crossplane-contrib index.docker.io/crossplanecontrib -# NOTE(hasheddan): skip promoting on xpkg.upbound.io as channel tags are -# inferred. -XPKG_REG_ORGS_NO_PROMOTE ?= xpkg.upbound.io/crossplane-contrib +XPKG_REG_ORGS ?= ghcr.io/infobloxopen XPKGS = provider-aws -include build/makelib/xpkg.mk