From 782b5fbcf1e464a0461d4cee6faf660ed748fbed Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Tue, 7 Mar 2023 17:08:19 +0100 Subject: [PATCH 1/2] build: update release workflow - docker/build-push-action to v4 - sigstore/cosign-installer to v3 - goreleaser/goreleaser-action to v4 Signed-off-by: Hidde Beydals --- .github/workflows/release.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index adaab1f78..e72820834 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -60,7 +60,7 @@ jobs: tags: | type=raw,value=${{ steps.prep.outputs.VERSION }} - name: Publish images - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v4 with: sbom: true provenance: true @@ -77,13 +77,13 @@ jobs: docker buildx imagetools inspect ghcr.io/fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }} docker pull docker.io/fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }} docker pull ghcr.io/fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }} - - uses: sigstore/cosign-installer@main + - uses: sigstore/cosign-installer@v3 - name: Sign images env: COSIGN_EXPERIMENTAL: 1 run: | - cosign sign fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }} - cosign sign ghcr.io/fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }} + cosign sign --yes fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }} + cosign sign --yes ghcr.io/fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }} - name: Generate release artifacts if: startsWith(github.ref, 'refs/tags/v') run: | @@ -94,7 +94,7 @@ jobs: - uses: anchore/sbom-action/download-syft@v0 - name: Create release and SBOM if: startsWith(github.ref, 'refs/tags/v') - uses: goreleaser/goreleaser-action@v3 + uses: goreleaser/goreleaser-action@v4 with: version: latest args: release --release-notes=config/release/notes.md --rm-dist --skip-validate From f0a58e015c03e73504b266cdd5acf2939866596e Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Tue, 7 Mar 2023 17:57:50 +0100 Subject: [PATCH 2/2] build: update nightly workflow - docker/build-push-action to v4 - Drop `platforms` from `docker/setup-qemu-action` step, as this is the default. Signed-off-by: Hidde Beydals --- .github/workflows/nightly.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 74180547f..8951e17c6 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -17,15 +17,13 @@ jobs: - uses: actions/checkout@v3 - name: Setup QEMU uses: docker/setup-qemu-action@v2 - with: - platforms: all - name: Setup Docker Buildx id: buildx uses: docker/setup-buildx-action@v2 with: buildkitd-flags: "--debug" - name: Build multi-arch container image - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v4 with: push: false builder: ${{ steps.buildx.outputs.name }}