diff --git a/.github/workflows/node-state-server-publish.yaml b/.github/workflows/node-state-server-publish.yaml deleted file mode 100644 index 7f97465..0000000 --- a/.github/workflows/node-state-server-publish.yaml +++ /dev/null @@ -1,125 +0,0 @@ -name: publish node-state-server - -on: - push: - branches: - - "main" - tags: - - "v*" - -env: - REGISTRY: ghcr.io - REGISTRY_IMAGE: ghcr.io/qawolf/crik-node-state-server - -jobs: - build: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - strategy: - fail-fast: false - matrix: - platform: - - linux/amd64 - - linux/arm64 - steps: - - name: Prepare - run: | - platform=${{ matrix.platform }} - echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - - name: Checkout repository - uses: actions/checkout@v4 - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY_IMAGE }} - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Log in to the Github Container Registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push by digest - id: build - uses: docker/build-push-action@v5 - with: - context: . - file: cmd/manager/Dockerfile - platforms: ${{ matrix.platform }} - labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true - - name: Export digest - run: | - mkdir -p /tmp/digests - digest="${{ steps.build.outputs.digest }}" - touch "/tmp/digests/${digest#sha256:}" - - name: Upload digest - uses: actions/upload-artifact@v4 - with: - name: digests-${{ env.PLATFORM_PAIR }} - path: /tmp/digests/* - if-no-files-found: error - retention-days: 1 - - merge: - runs-on: ubuntu-latest - needs: - - build - steps: - - name: Download digests - uses: actions/download-artifact@v4 - with: - path: /tmp/digests - pattern: digests-* - merge-multiple: true - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY_IMAGE }} - - name: Log in to the Github Container Registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Create manifest list and push - working-directory: /tmp/digests - run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) - - name: Inspect image - run: | - docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} - - publish-chart: - runs-on: ubuntu-latest - if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') - needs: - - merge - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY_IMAGE }} - - name: Push chart - uses: appany/helm-oci-chart-releaser@v0.4.1 - with: - name: crik-node-state-server - repository: qawolf - tag: ${{ steps.meta.outputs.version }} - path: cluster/charts/crik-node-state-server - registry: ${{ env.REGISTRY }} - registry_username: ${{ github.actor }} - registry_password: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/crik-publish.yaml b/.github/workflows/publish.yaml similarity index 82% rename from .github/workflows/crik-publish.yaml rename to .github/workflows/publish.yaml index 4fe1e32..510077b 100644 --- a/.github/workflows/crik-publish.yaml +++ b/.github/workflows/publish.yaml @@ -1,10 +1,10 @@ -name: Build and Push Images +name: Publish on: push: branches: - main tags: - - "*" + - "v*" env: GO_VERSION: 1.22.2 @@ -12,6 +12,8 @@ env: jobs: version: runs-on: ubuntu-latest + outputs: + version: ${{ steps.version.outputs.VERSION }} steps: - name: Checkout uses: actions/checkout@v4 @@ -27,14 +29,15 @@ jobs: echo "No tags found" VERSION="$(echo "v0.0.0-$(git rev-list HEAD --count)-$(git describe --dirty --always)" | sed 's/-/./2' | sed 's/-/./2' | sed 's/-/./2')" else - echo "Tags found: $(git tag)" + echo "Tags found:\n$(git tag)" VERSION="$(git describe --dirty --always --tags --match 'v*' | sed 's|.*/||' | sed 's/-/./2' | sed 's/-/./2' | sed 's/-/./2')" fi echo "Version is ${VERSION}" - echo "VERSION=${VERSION}" >> $GITHUB_ENV - images: + echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT + image: runs-on: ubuntu-latest - needs: version + needs: + - version permissions: packages: write contents: read @@ -100,7 +103,7 @@ jobs: tags: | type=ref,event=branch type=sha,format=short,prefix= - ${{ steps.version.outputs.VERSION }} + ${{ needs.version.outputs.VERSION }} - name: Build and push id: push uses: docker/build-push-action@v5 @@ -125,7 +128,8 @@ jobs: id-token: write runs-on: ubuntu-latest needs: - - images + - image + - version strategy: matrix: chart: [node-state-server] @@ -141,30 +145,26 @@ jobs: - name: Push the chart id: push env: - VERSION: ${{ steps.version.outputs.VERSION }} + VERSION: ${{ needs.version.outputs.VERSION }} run: | + set -e # Helm doesn't accept v prefix in version. - TAG=$(echo ${{ steps.version.outputs.VERSION }} | cut -d'v' -f2) + CHART_TAG=$(echo ${VERSION} | cut -d'v' -f2) if [ "${{ matrix.chart }}" == "node-state-server" ]; then yq -i ".nodeStateServer.image.tag = \"${VERSION}\"" cluster/charts/${{ matrix.chart }}/values.yaml echo "Final values.yaml" cat cluster/charts/${{ matrix.chart }}/values.yaml fi - helm dependency update cluster/charts/${{ matrix.chart }} - helm package cluster/charts/${{ matrix.chart }} --dependency-update --version=${VERSION} --app-version=${VERSION} - OUT=$(set +e; helm push ${{ matrix.chart }}-${VERSION}.tgz oci://ghcr.io/qawolf/crik/charts 2>&1) - EXIT_CODE=$? - set -e - echo "${OUT}" - if [[ $EXIT_STATUS -ne 0 ]]; then - exit $EXIT_STATUS - fi - DIGEST=$(echo ${OUT}| sed -n 's/.*sha256:\([^ ]*\).*/sha256:\1/p') + helm package cluster/charts/${{ matrix.chart }} --dependency-update --version=${CHART_TAG} --app-version=${CHART_TAG} + helm push ${{ matrix.chart }}-${CHART_TAG}.tgz oci://ghcr.io/qawolf/crik/charts 2>&1 | tee push.log + DIGEST=$(cat push.log | sed -n 's/.*sha256:\([^ ]*\).*/sha256:\1/p') echo "digest=${DIGEST}" >> "$GITHUB_OUTPUT" - - name: Attest - uses: actions/attest-build-provenance@v1 - with: - subject-name: ghcr.io/qawolf/crik/charts/${{ matrix.chart }} - subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: true + # Attestation is not yet available for OCI images. + # + # - name: Attest + # uses: actions/attest-build-provenance@v1 + # with: + # subject-name: ghcr.io/qawolf/crik/charts/${{ matrix.chart }} + # subject-digest: ${{ steps.push.outputs.digest }} + # push-to-registry: true