fix(bug): Ensure windows agent stability using hubble/legacy helm val… #586
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Retina Container Images | |
on: | |
push: | |
branches: [main] | |
tags: ["v*"] | |
permissions: | |
contents: read | |
packages: write | |
# This is used to complete the identity challenge | |
# with sigstore/fulcio when running outside of PRs. | |
id-token: write | |
jobs: | |
retina-images: | |
name: Build Agent Images | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
platform: ["linux"] | |
arch: ["amd64", "arm64"] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
- run: go version | |
- name: Install Cosign | |
uses: sigstore/[email protected] | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Log in to registry | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | |
- name: Build/Push Images | |
shell: bash | |
run: | | |
set -euo pipefail | |
echo "TAG=$(make version)" >> $GITHUB_ENV | |
make retina-image \ | |
IMAGE_NAMESPACE=${{ github.repository }} \ | |
PLATFORM=${{ matrix.platform }}/${{ matrix.arch }} \ | |
BUILDX_ACTION=--push | |
- name: Sign container image | |
run: | | |
for image in retina-agent retina-init; do | |
IMAGE_PATH="ghcr.io/${{ github.repository }}/$image:$TAG-${{ matrix.platform }}-${{ matrix.arch }}" | |
DIGEST=$(jq -r '.["containerimage.digest"]' image-metadata-$image-$TAG-${{ matrix.platform }}-${{ matrix.arch }}.json) | |
cosign sign --yes ${IMAGE_PATH}@${DIGEST} | |
done | |
retina-win-images: | |
name: Build Agent Windows Images | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
platform: ["windows"] | |
arch: ["amd64"] | |
year: ["2019", "2022"] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
- run: go version | |
- name: Install Cosign | |
uses: sigstore/[email protected] | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Log in to registry | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | |
- name: Build/Push Images | |
shell: bash | |
run: | | |
set -euo pipefail | |
echo "TAG=$(make version)" >> $GITHUB_ENV | |
make retina-image-win \ | |
IMAGE_NAMESPACE=${{ github.repository }} \ | |
PLATFORM=${{ matrix.platform }}/${{ matrix.arch }} \ | |
WINDOWS_YEARS=${{ matrix.year }} \ | |
BUILDX_ACTION=--push | |
- name: Sign container image | |
run: | | |
for image in retina-agent ; do | |
IMAGE_PATH="ghcr.io/${{ github.repository }}/$image:$TAG-windows-ltsc${{ matrix.year }}-${{ matrix.arch }}" | |
DIGEST=$(jq -r '.["containerimage.digest"]' image-metadata-$image-$TAG-windows-ltsc${{ matrix.year }}-${{ matrix.arch }}.json) | |
cosign sign --yes ${IMAGE_PATH}@${DIGEST} | |
done | |
operator-images: | |
name: Build Operator Images | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
platform: ["linux"] | |
arch: ["amd64"] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
- run: go version | |
- name: Install Cosign | |
uses: sigstore/[email protected] | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Log in to registry | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | |
- name: Build/Push Images | |
shell: bash | |
run: | | |
set -euo pipefail | |
echo "TAG=$(make version)" >> $GITHUB_ENV | |
make retina-operator-image \ | |
IMAGE_NAMESPACE=${{ github.repository }} \ | |
PLATFORM=${{ matrix.platform }}/${{ matrix.arch }} \ | |
BUILDX_ACTION=--push | |
- name: Sign container image | |
run: | | |
for image in retina-operator ; do | |
IMAGE_PATH="ghcr.io/${{ github.repository }}/$image:$TAG-${{ matrix.platform }}-${{ matrix.arch }}" | |
DIGEST=$(jq -r '.["containerimage.digest"]' image-metadata-$image-$TAG-${{ matrix.platform }}-${{ matrix.arch }}.json) | |
cosign sign --yes ${IMAGE_PATH}@${DIGEST} | |
done | |
retina-shell-images: | |
name: Build Retina Shell Images | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
platform: ["linux"] | |
arch: ["amd64", "arm64"] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
- run: go version | |
- name: Install Cosign | |
uses: sigstore/[email protected] | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Log in to registry | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | |
- name: Build/Push Images | |
shell: bash | |
run: | | |
set -euo pipefail | |
echo "TAG=$(make version)" >> $GITHUB_ENV | |
make retina-shell-image \ | |
IMAGE_NAMESPACE=${{ github.repository }} \ | |
PLATFORM=${{ matrix.platform }}/${{ matrix.arch }} \ | |
BUILDX_ACTION=--push | |
- name: Sign container image | |
run: | | |
IMAGE_PATH="ghcr.io/${{ github.repository }}/retina-shell:$TAG-${{ matrix.platform }}-${{ matrix.arch }}" | |
DIGEST=$(jq -r '.["containerimage.digest"]' image-metadata-retina-shell-$TAG-${{ matrix.platform }}-${{ matrix.arch }}.json) | |
cosign sign --yes ${IMAGE_PATH}@${DIGEST} | |
kubectl-retina-images: | |
name: Build Kubectl Retina Images | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
platform: ["linux"] | |
arch: ["amd64", "arm64"] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: go.mod | |
- run: go version | |
- name: Install Cosign | |
uses: sigstore/[email protected] | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Log in to registry | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | |
- name: Build/Push Images | |
shell: bash | |
run: | | |
set -euo pipefail | |
echo "TAG=$(make version)" >> $GITHUB_ENV | |
make kubectl-retina-image \ | |
IMAGE_NAMESPACE=${{ github.repository }} \ | |
PLATFORM=${{ matrix.platform }}/${{ matrix.arch }} \ | |
BUILDX_ACTION=--push | |
- name: Sign container image | |
run: | | |
IMAGE_PATH="ghcr.io/${{ github.repository }}/kubectl-retina:$TAG-${{ matrix.platform }}-${{ matrix.arch }}" | |
DIGEST=$(jq -r '.["containerimage.digest"]' image-metadata-kubectl-retina-$TAG-${{ matrix.platform }}-${{ matrix.arch }}.json) | |
cosign sign --yes ${IMAGE_PATH}@${DIGEST} | |
manifests: | |
name: Generate Manifests | |
runs-on: ubuntu-latest | |
needs: | |
[ | |
retina-images, | |
retina-win-images, | |
operator-images, | |
retina-shell-images, | |
kubectl-retina-images, | |
] | |
strategy: | |
matrix: | |
component: ["retina", "operator", "shell", "kubectl-retina"] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Install Cosign | |
uses: sigstore/[email protected] | |
- name: Log in to registry | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | |
- name: Generate Manifests | |
shell: bash | |
run: | | |
set -euo pipefail | |
make manifest \ | |
IMAGE_NAMESPACE=${{ github.repository }} \ | |
COMPONENT=${{ matrix.component }} | |
- name: Sign manifest | |
run: | | |
export TAG="$(make version)" | |
images=("retina-agent" "retina-init") | |
if [[ ${{ matrix.component }} == "operator" ]]; then | |
images=("retina-operator") | |
elif [[ ${{ matrix.component }} == "shell" ]]; then | |
images=("retina-shell") | |
elif [[ ${{ matrix.component }} == "kubectl-retina" ]]; then | |
images=("kubectl-retina") | |
fi | |
for image in "${images[@]}"; do | |
IMAGE_PATH="ghcr.io/${{ github.repository }}/$image:$TAG" | |
DIGEST=$(docker buildx imagetools inspect $IMAGE_PATH --format "{{json .Manifest}}" | jq -r .digest) | |
cosign sign --yes ${IMAGE_PATH}@${DIGEST} | |
done |