Skip to content

fix: move log with potential sensitive data to debug loglevel. Fixes:… #49

fix: move log with potential sensitive data to debug loglevel. Fixes:…

fix: move log with potential sensitive data to debug loglevel. Fixes:… #49

Workflow file for this run

name: Release
on:
push:
tags:
- v*
branches:
- master
- release-*
- dev-*
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
defaults:
run:
shell: bash
permissions:
contents: read
jobs:
build-linux-amd64:
name: Build & push linux/amd64
if: github.repository == 'codefresh-io/argo-workflows'
runs-on: ubuntu-latest
strategy:
matrix:
platform: [ linux/amd64 ]
target: [ workflow-controller, argocli, argoexec ]
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: v0.9.1
- name: Cache Docker layers
uses: actions/cache@v3
id: cache
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-${{ matrix.platform }}-${{ matrix.target }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ matrix.platform }}-${{ matrix.target }}-buildx-
## Codefresh - remove dockerhub
# - name: Docker Login
# uses: docker/login-action@v1
# with:
# username: ${{ secrets.DOCKERIO_USERNAME }}
# password: ${{ secrets.DOCKERIO_PASSWORD }}
- name: Docker Login
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_PASSWORD }}
- name: Docker Buildx
env:
DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }}
PLATFORM: ${{ matrix.platform }}
TARGET: ${{ matrix.target }}
run: |
tag=$(basename $GITHUB_REF)
if [ $tag = "master" ]; then
tag="latest"
fi
tag_suffix=$(echo $PLATFORM | sed -r "s/\//-/g")
image_name="${DOCKERIO_ORG}/${TARGET}:${tag}-${tag_suffix}"
## Codefresh - remove dockerhub
# docker buildx build \
# --cache-from "type=local,src=/tmp/.buildx-cache" \
# --cache-to "type=local,dest=/tmp/.buildx-cache" \
# --output "type=image,push=true" \
# --platform="${PLATFORM}" \
# --target $TARGET \
# --tag $image_name .
docker buildx build \
--cache-from "type=local,src=/tmp/.buildx-cache" \
--cache-to "type=local,dest=/tmp/.buildx-cache" \
--output "type=image,push=true" \
--platform="${PLATFORM}" \
--target $TARGET \
--tag quay.io/$image_name .
build-linux-arm64:
name: Build & push linux/arm64
if: github.repository == 'codefresh-io/argo-workflows'
runs-on: ubuntu-latest
strategy:
matrix:
platform: [ linux/arm64 ]
target: [ workflow-controller, argocli, argoexec ]
steps:
- uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: arm64
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: v0.9.1
- name: Cache Docker layers
uses: actions/cache@v3
id: cache
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-${{ matrix.platform }}-${{ matrix.target }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ matrix.platform }}-${{ matrix.target }}-buildx-
## Codefresh - remove dockerhub
# - name: Docker Login
# uses: docker/login-action@v1
# with:
# username: ${{ secrets.DOCKERIO_USERNAME }}
# password: ${{ secrets.DOCKERIO_PASSWORD }}
- name: Docker Login
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_PASSWORD }}
- name: Docker Buildx
env:
DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }}
PLATFORM: ${{ matrix.platform }}
TARGET: ${{ matrix.target }}
run: |
tag=$(basename $GITHUB_REF)
if [ $tag = "master" ]; then
tag="latest"
fi
tag_suffix=$(echo $PLATFORM | sed -r "s/\//-/g")
image_name="${DOCKERIO_ORG}/${TARGET}:${tag}-${tag_suffix}"
## Codefresh - remove dockerhub
# docker buildx build \
# --cache-from "type=local,src=/tmp/.buildx-cache" \
# --cache-to "type=local,dest=/tmp/.buildx-cache" \
# --output "type=image,push=true" \
# --platform="${PLATFORM}" \
# --target $TARGET \
# --tag $image_name .
docker buildx build \
--cache-from "type=local,src=/tmp/.buildx-cache" \
--cache-to "type=local,dest=/tmp/.buildx-cache" \
--output "type=image,push=true" \
--platform="${PLATFORM}" \
--target $TARGET \
--tag quay.io/$image_name .
build-windows:
name: Build & push windows
if: github.repository == 'codefresh-io/argo-workflows'
runs-on: windows-2019
steps:
- uses: actions/checkout@v2
## Codefresh - remove dockerhub
# - name: Docker Login
# uses: Azure/docker-login@v1
# with:
# username: ${{ secrets.DOCKERIO_USERNAME }}
# password: ${{ secrets.DOCKERIO_PASSWORD }}
- name: Login to Quay
uses: Azure/docker-login@v1
with:
login-server: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_PASSWORD }}
- name: Build & Push Windows Docker Images
env:
DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }}
run: |
docker_org=$DOCKERIO_ORG
tag=$(basename $GITHUB_REF)
if [ $tag = "master" ]; then
tag="latest"
fi
targets="argoexec"
for target in $targets; do
image_name="${docker_org}/${target}:${tag}-windows"
docker build --target $target -t $image_name -f Dockerfile.windows .
## Codefresh - remove dockerhub
# docker push $image_name
docker tag $image_name quay.io/$image_name
docker push quay.io/$image_name
done
push-images:
name: Push manifest with all images
if: github.repository == 'codefresh-io/argo-workflows'
runs-on: ubuntu-latest
needs: [ build-linux-amd64, build-linux-arm64, build-windows ]
steps:
- uses: actions/checkout@v2
## Codefresh - remove dockerhub
# - name: Docker Login
# uses: Azure/docker-login@v1
# with:
# username: ${{ secrets.DOCKERIO_USERNAME }}
# password: ${{ secrets.DOCKERIO_PASSWORD }}
- name: Login to Quay
uses: Azure/docker-login@v1
with:
login-server: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_PASSWORD }}
- name: Push Multiarch Image
env:
DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }}
run: |
echo $(jq -c '. + { "experimental": "enabled" }' ${DOCKER_CONFIG}/config.json) > ${DOCKER_CONFIG}/config.json
docker_org=$DOCKERIO_ORG
tag=$(basename $GITHUB_REF)
if [ $tag = "master" ]; then
tag="latest"
fi
targets="workflow-controller argoexec argocli"
for target in $targets; do
image_name="${docker_org}/${target}:${tag}"
if [ $target = "argoexec" ]; then
## Codefresh - remove dockerhub
# docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64 ${image_name}-windows
docker manifest create quay.io/$image_name quay.io/${image_name}-linux-arm64 quay.io/${image_name}-linux-amd64 quay.io/${image_name}-windows
else
## Codefresh - remove dockerhub
# docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64
docker manifest create quay.io/$image_name quay.io/${image_name}-linux-arm64 quay.io/${image_name}-linux-amd64
fi
## Codefresh - remove dockerhub
# docker manifest push $image_name
docker manifest push quay.io/$image_name
done
test-images-linux-amd64:
name: Try pulling linux/amd64
if: github.repository == 'codefresh-io/argo-workflows'
runs-on: ubuntu-latest
needs: [ push-images ]
strategy:
matrix:
platform: [ linux/amd64 ]
target: [ workflow-controller, argocli, argoexec ]
steps:
## Codefresh - remove dockerhub
# - name: Docker Login
# uses: Azure/docker-login@v1
# with:
# username: ${{ secrets.DOCKERIO_USERNAME }}
# password: ${{ secrets.DOCKERIO_PASSWORD }}
- name: Login to Quay
uses: Azure/docker-login@v1
with:
login-server: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_PASSWORD }}
- name: Docker Buildx
env:
DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }}
PLATFORM: ${{ matrix.platform }}
TARGET: ${{ matrix.target }}
run: |
tag=$(basename $GITHUB_REF)
if [ $tag = "master" ]; then
tag="latest"
fi
image_name="${DOCKERIO_ORG}/${TARGET}:${tag}"
## Codefresh - remove dockerhub
# docker pull $image_name
docker pull quay.io/$image_name
test-images-windows:
name: Try pulling windows
if: github.repository == 'codefresh-io/argo-workflows'
runs-on: windows-2019
needs: [ push-images ]
steps:
## Codefresh - remove dockerhub
# - name: Docker Login
# uses: Azure/docker-login@v1
# with:
# username: ${{ secrets.DOCKERIO_USERNAME }}
# password: ${{ secrets.DOCKERIO_PASSWORD }}
- name: Login to Quay
uses: Azure/docker-login@v1
with:
login-server: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_PASSWORD }}
- name: Try pulling
env:
DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }}
run: |
docker_org=$DOCKERIO_ORG
tag=$(basename $GITHUB_REF)
if [ $tag = "master" ]; then
tag="latest"
fi
targets="argoexec"
for target in $targets; do
image_name="${docker_org}/${target}:${tag}"
## Codefresh - remove dockerhub
# docker pull $image_name
docker pull quay.io/$image_name
done
publish-release:
permissions:
contents: write # for softprops/action-gh-release to create GitHub release
runs-on: ubuntu-latest
if: github.repository == 'codefresh-io/argo-workflows'
needs: [ push-images, test-images-linux-amd64, test-images-windows ]
env:
NODE_OPTIONS: --max-old-space-size=4096
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "16"
- uses: actions/setup-go@v3
with:
go-version: "1.18"
- uses: actions/cache@v3
with:
path: ui/node_modules
key: ${{ runner.os }}-node-dep-v1-${{ hashFiles('**/yarn.lock') }}
- uses: actions/cache@v3
with:
path: /home/runner/.cache/go-build
key: GOCACHE-v2-${{ hashFiles('**/go.mod') }}
- uses: actions/cache@v3
with:
path: /home/runner/go/pkg/mod
key: GOMODCACHE-v2-${{ hashFiles('**/go.mod') }}
# https://stackoverflow.com/questions/58033366/how-to-get-current-branch-within-github-actions
- run: make release-notes VERSION=${GITHUB_REF##*/}
- run: cat release-notes
- run: make manifests VERSION=${GITHUB_REF##*/}
- name: Print image tag (please check it is not `:latest`)
run: |
grep image: dist/manifests/install.yaml
- run: go mod download
- run: make clis STATIC_FILES=true VERSION=${GITHUB_REF##*/}
- name: Print version (please check it is not dirty)
run: dist/argo-linux-amd64 version
- run: make checksums
# https://github.com/softprops/action-gh-release
# This will publish the release and upload assets.
# If a conflict occurs (because you are not on a tag), the release will not be updated. This is a short coming
# of this action.
# Instead, delete the release so it is re-created.
- uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/v')
with:
prerelease: ${{ startsWith(github.ref, 'refs/tags/v0') || contains(github.ref, 'rc') }}
body_path: release-notes
files: |
dist/argo-*.gz
dist/argo-*.gz.sha256
dist/manifests/*.yaml
dist/sbom.tar.gz
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}