Release #77
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| - workflow_dispatch | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| VERSION: 0.26.0 | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: write | |
| packages: write | |
| outputs: | |
| image-name: ${{ steps.image-info.outputs.image_name }} | |
| image-digest: ${{ steps.image-info.outputs.image_digest }} | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@v5.0.0 | |
| - name: Set up Carvel | |
| uses: carvel-dev/setup-action@v2.0.1 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Log into container registry | |
| uses: redhat-actions/podman-login@v1.7 | |
| with: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| registry: ${{ env.REGISTRY }} | |
| - name: Create k3d cluster | |
| run: | | |
| # Install k3d | |
| curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash | |
| # Create a Kubernetes cluster | |
| k3d cluster create test-cluster | |
| # Wait for the generation of a token for the Service Account | |
| while [ $(kubectl get configmap kube-root-ca.crt --no-headers | wc -l) -eq 0 ] ; do | |
| sleep 3 | |
| done | |
| - name: Package and publish OCI bundle | |
| run: | | |
| kctrl package repo release -y --chdir repo -v ${{ env.VERSION }} | |
| - name: Get released OCI image name with digest | |
| id: image-info | |
| run: | | |
| package_file=repo/package-repository.yml | |
| image_release=$(yq '.spec.fetch.imgpkgBundle.image' ${package_file}) | |
| echo "IMAGE_RELEASE=${image_release}" >> $GITHUB_ENV | |
| echo "image_name=$(echo ${image_release} | cut -d'@' -f1)" >> $GITHUB_OUTPUT | |
| echo "image_digest=$(echo ${image_release} | cut -d'@' -f2)" >> $GITHUB_OUTPUT | |
| - name: Add additional tags to OCI image | |
| run: | | |
| podman pull ${IMAGE_RELEASE} | |
| podman tag ${IMAGE_RELEASE} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
| podman push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
| - name: Create a release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh release create v${{ env.VERSION }} \ | |
| --generate-notes \ | |
| ./repo/package-repository.yml \ | |
| ./README.md | |
| sign: | |
| name: Sign | |
| runs-on: ubuntu-24.04 | |
| needs: [build] | |
| permissions: | |
| packages: write | |
| id-token: write | |
| env: | |
| IMAGE_NAME: ${{ needs.build.outputs.image-name }} | |
| IMAGE_DIGEST: ${{ needs.build.outputs.image-digest }} | |
| steps: | |
| - name: Install Cosign | |
| uses: sigstore/cosign-installer@v3.9.2 | |
| - name: Log into container registry | |
| uses: redhat-actions/podman-login@v1.7 | |
| with: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| registry: ${{ env.REGISTRY }} | |
| - name: Sign image | |
| run: | | |
| cosign sign --yes "${IMAGE_NAME}@${IMAGE_DIGEST}" | |
| provenance: | |
| needs: [build,sign] | |
| permissions: | |
| actions: read | |
| id-token: write | |
| packages: write | |
| uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0 | |
| with: | |
| image: ${{ needs.build.outputs.image-name }} | |
| digest: ${{ needs.build.outputs.image-digest }} | |
| registry-username: ${{ github.actor }} | |
| secrets: | |
| registry-password: ${{ secrets.GITHUB_TOKEN }} |