forked from metallb/metallb
-
Notifications
You must be signed in to change notification settings - Fork 1
162 lines (145 loc) · 5.14 KB
/
publish.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
name: Publish
on:
push:
branches:
- "main"
- v*
tags:
- v*
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
unit-tests:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version-file: "go.mod"
cache: true
- name: Install Dependencies
run: |
sudo apt-get update
sudo apt-get install python3-pip arping ndisc6
sudo pip3 install invoke semver pyyaml
go install sigs.k8s.io/controller-tools/cmd/[email protected]
- name: Unit Tests
run: |
inv test
- name: Lint
run: |
inv checkpatch
inv lint -e host
inv verifylicense
inv gomodtidy
inv checkchanges --action="run inv gomodtidy"
inv generatemanifests
inv checkchanges --action="run inv generatemanifests"
inv generateapidocs
inv checkchanges --action="run inv generateapidocs"
publish-images:
runs-on: ubuntu-22.04
needs: [unit-tests]
permissions:
contents: read
id-token: write # needed for signing the images with GitHub OIDC Token
strategy:
fail-fast: true
matrix:
image: [speaker, controller, configmaptocrs]
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Install Cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: "v1.13.1"
- name: Code checkout
uses: actions/checkout@v4
- name: Setup docker buildx
uses: docker/setup-buildx-action@v3
- name: Log into Quay
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_USER }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: Docker meta ${{ matrix.image }}
id: meta
uses: docker/metadata-action@v5
with:
images: |
quay.io/metallb/${{ matrix.image }}
# generate Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=semver,pattern={{raw}}
labels: |
org.opencontainers.image.title=${{ matrix.image }}
org.opencontainers.image.description=${{ matrix.image }} for metallb, a network load-balancer implementation for Kubernetes using standard routing protocols
- name: Build and push ${{ matrix.image }}
uses: docker/build-push-action@v5
id: build-and-push
with:
context: .
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
file: ${{matrix.image}}/Dockerfile
platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le,linux/arm/v7
cache-from: type=gha
cache-to: type=gha,mode=max
push: true
build-args: |
GIT_BRANCH: ${{ github.ref_name }}
GIT_COMMIT: ${{ github.sha }}
- name: Cosign sign tags
run: cosign sign ${TAGS}
env:
TAGS: ${{ steps.meta.outputs.tags }}@${{ steps.build-and-push.outputs.digest }}
COSIGN_EXPERIMENTAL: 1
release-charts:
needs: [publish-images]
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# Fetch entire history. Required for chart-releaser; see https://github.com/helm/chart-releaser-action/issues/13#issuecomment-602063896
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Chart releaser
if: startsWith(github.ref, 'refs/tags/v') # we craft releases only for tags
run: |
# Download chart releaser
curl -sSLo cr.tar.gz "https://github.com/helm/chart-releaser/releases/download/v1.4.0/chart-releaser_1.4.0_linux_amd64.tar.gz"
tar -xzf cr.tar.gz
rm -f cr.tar.gz
repo=$(basename "$GITHUB_REPOSITORY")
owner=$(dirname "$GITHUB_REPOSITORY")
tag="${GITHUB_REF_NAME:1}"
exists=$(curl -s -H "Accept: application/vnd.github.v3+json" https://github.com/$GITHUB_REPOSITORY/releases/tag/$repo-chart-$tag -w %{http_code} -o /dev/null)
if [[ $exists != "200" ]]; then
echo "Creating release..."
# package chart
./cr package charts/$repo
# upload chart to github releases
./cr upload \
--owner "$owner" \
--git-repo "$repo" \
--release-name-template "{{ .Name }}-chart-{{ .Version }}" \
--token "${{ secrets.GITHUB_TOKEN }}"
# Update index and push to github pages
./cr index \
--owner "$owner" \
--git-repo "$repo" \
--index-path index.yaml \
--release-name-template "{{ .Name }}-chart-{{ .Version }}" \
--push
else
echo "Release already exists"
fi