fix: move log with potential sensitive data to debug loglevel. Fixes:… #49
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
tags: | |
- v* | |
branches: | |
- master | |
- release-* | |
- dev-* | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
shell: bash | |
permissions: | |
contents: read | |
jobs: | |
build-linux-amd64: | |
name: Build & push linux/amd64 | |
if: github.repository == 'codefresh-io/argo-workflows' | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
platform: [ linux/amd64 ] | |
target: [ workflow-controller, argocli, argoexec ] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
version: v0.9.1 | |
- name: Cache Docker layers | |
uses: actions/cache@v3 | |
id: cache | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-${{ matrix.platform }}-${{ matrix.target }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ matrix.platform }}-${{ matrix.target }}-buildx- | |
## Codefresh - remove dockerhub | |
# - name: Docker Login | |
# uses: docker/login-action@v1 | |
# with: | |
# username: ${{ secrets.DOCKERIO_USERNAME }} | |
# password: ${{ secrets.DOCKERIO_PASSWORD }} | |
- name: Docker Login | |
uses: docker/login-action@v2 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAYIO_USERNAME }} | |
password: ${{ secrets.QUAYIO_PASSWORD }} | |
- name: Docker Buildx | |
env: | |
DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }} | |
PLATFORM: ${{ matrix.platform }} | |
TARGET: ${{ matrix.target }} | |
run: | | |
tag=$(basename $GITHUB_REF) | |
if [ $tag = "master" ]; then | |
tag="latest" | |
fi | |
tag_suffix=$(echo $PLATFORM | sed -r "s/\//-/g") | |
image_name="${DOCKERIO_ORG}/${TARGET}:${tag}-${tag_suffix}" | |
## Codefresh - remove dockerhub | |
# docker buildx build \ | |
# --cache-from "type=local,src=/tmp/.buildx-cache" \ | |
# --cache-to "type=local,dest=/tmp/.buildx-cache" \ | |
# --output "type=image,push=true" \ | |
# --platform="${PLATFORM}" \ | |
# --target $TARGET \ | |
# --tag $image_name . | |
docker buildx build \ | |
--cache-from "type=local,src=/tmp/.buildx-cache" \ | |
--cache-to "type=local,dest=/tmp/.buildx-cache" \ | |
--output "type=image,push=true" \ | |
--platform="${PLATFORM}" \ | |
--target $TARGET \ | |
--tag quay.io/$image_name . | |
build-linux-arm64: | |
name: Build & push linux/arm64 | |
if: github.repository == 'codefresh-io/argo-workflows' | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
platform: [ linux/arm64 ] | |
target: [ workflow-controller, argocli, argoexec ] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
with: | |
platforms: arm64 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
version: v0.9.1 | |
- name: Cache Docker layers | |
uses: actions/cache@v3 | |
id: cache | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-${{ matrix.platform }}-${{ matrix.target }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ matrix.platform }}-${{ matrix.target }}-buildx- | |
## Codefresh - remove dockerhub | |
# - name: Docker Login | |
# uses: docker/login-action@v1 | |
# with: | |
# username: ${{ secrets.DOCKERIO_USERNAME }} | |
# password: ${{ secrets.DOCKERIO_PASSWORD }} | |
- name: Docker Login | |
uses: docker/login-action@v2 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAYIO_USERNAME }} | |
password: ${{ secrets.QUAYIO_PASSWORD }} | |
- name: Docker Buildx | |
env: | |
DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }} | |
PLATFORM: ${{ matrix.platform }} | |
TARGET: ${{ matrix.target }} | |
run: | | |
tag=$(basename $GITHUB_REF) | |
if [ $tag = "master" ]; then | |
tag="latest" | |
fi | |
tag_suffix=$(echo $PLATFORM | sed -r "s/\//-/g") | |
image_name="${DOCKERIO_ORG}/${TARGET}:${tag}-${tag_suffix}" | |
## Codefresh - remove dockerhub | |
# docker buildx build \ | |
# --cache-from "type=local,src=/tmp/.buildx-cache" \ | |
# --cache-to "type=local,dest=/tmp/.buildx-cache" \ | |
# --output "type=image,push=true" \ | |
# --platform="${PLATFORM}" \ | |
# --target $TARGET \ | |
# --tag $image_name . | |
docker buildx build \ | |
--cache-from "type=local,src=/tmp/.buildx-cache" \ | |
--cache-to "type=local,dest=/tmp/.buildx-cache" \ | |
--output "type=image,push=true" \ | |
--platform="${PLATFORM}" \ | |
--target $TARGET \ | |
--tag quay.io/$image_name . | |
build-windows: | |
name: Build & push windows | |
if: github.repository == 'codefresh-io/argo-workflows' | |
runs-on: windows-2019 | |
steps: | |
- uses: actions/checkout@v2 | |
## Codefresh - remove dockerhub | |
# - name: Docker Login | |
# uses: Azure/docker-login@v1 | |
# with: | |
# username: ${{ secrets.DOCKERIO_USERNAME }} | |
# password: ${{ secrets.DOCKERIO_PASSWORD }} | |
- name: Login to Quay | |
uses: Azure/docker-login@v1 | |
with: | |
login-server: quay.io | |
username: ${{ secrets.QUAYIO_USERNAME }} | |
password: ${{ secrets.QUAYIO_PASSWORD }} | |
- name: Build & Push Windows Docker Images | |
env: | |
DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }} | |
run: | | |
docker_org=$DOCKERIO_ORG | |
tag=$(basename $GITHUB_REF) | |
if [ $tag = "master" ]; then | |
tag="latest" | |
fi | |
targets="argoexec" | |
for target in $targets; do | |
image_name="${docker_org}/${target}:${tag}-windows" | |
docker build --target $target -t $image_name -f Dockerfile.windows . | |
## Codefresh - remove dockerhub | |
# docker push $image_name | |
docker tag $image_name quay.io/$image_name | |
docker push quay.io/$image_name | |
done | |
push-images: | |
name: Push manifest with all images | |
if: github.repository == 'codefresh-io/argo-workflows' | |
runs-on: ubuntu-latest | |
needs: [ build-linux-amd64, build-linux-arm64, build-windows ] | |
steps: | |
- uses: actions/checkout@v2 | |
## Codefresh - remove dockerhub | |
# - name: Docker Login | |
# uses: Azure/docker-login@v1 | |
# with: | |
# username: ${{ secrets.DOCKERIO_USERNAME }} | |
# password: ${{ secrets.DOCKERIO_PASSWORD }} | |
- name: Login to Quay | |
uses: Azure/docker-login@v1 | |
with: | |
login-server: quay.io | |
username: ${{ secrets.QUAYIO_USERNAME }} | |
password: ${{ secrets.QUAYIO_PASSWORD }} | |
- name: Push Multiarch Image | |
env: | |
DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }} | |
run: | | |
echo $(jq -c '. + { "experimental": "enabled" }' ${DOCKER_CONFIG}/config.json) > ${DOCKER_CONFIG}/config.json | |
docker_org=$DOCKERIO_ORG | |
tag=$(basename $GITHUB_REF) | |
if [ $tag = "master" ]; then | |
tag="latest" | |
fi | |
targets="workflow-controller argoexec argocli" | |
for target in $targets; do | |
image_name="${docker_org}/${target}:${tag}" | |
if [ $target = "argoexec" ]; then | |
## Codefresh - remove dockerhub | |
# docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64 ${image_name}-windows | |
docker manifest create quay.io/$image_name quay.io/${image_name}-linux-arm64 quay.io/${image_name}-linux-amd64 quay.io/${image_name}-windows | |
else | |
## Codefresh - remove dockerhub | |
# docker manifest create $image_name ${image_name}-linux-arm64 ${image_name}-linux-amd64 | |
docker manifest create quay.io/$image_name quay.io/${image_name}-linux-arm64 quay.io/${image_name}-linux-amd64 | |
fi | |
## Codefresh - remove dockerhub | |
# docker manifest push $image_name | |
docker manifest push quay.io/$image_name | |
done | |
test-images-linux-amd64: | |
name: Try pulling linux/amd64 | |
if: github.repository == 'codefresh-io/argo-workflows' | |
runs-on: ubuntu-latest | |
needs: [ push-images ] | |
strategy: | |
matrix: | |
platform: [ linux/amd64 ] | |
target: [ workflow-controller, argocli, argoexec ] | |
steps: | |
## Codefresh - remove dockerhub | |
# - name: Docker Login | |
# uses: Azure/docker-login@v1 | |
# with: | |
# username: ${{ secrets.DOCKERIO_USERNAME }} | |
# password: ${{ secrets.DOCKERIO_PASSWORD }} | |
- name: Login to Quay | |
uses: Azure/docker-login@v1 | |
with: | |
login-server: quay.io | |
username: ${{ secrets.QUAYIO_USERNAME }} | |
password: ${{ secrets.QUAYIO_PASSWORD }} | |
- name: Docker Buildx | |
env: | |
DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }} | |
PLATFORM: ${{ matrix.platform }} | |
TARGET: ${{ matrix.target }} | |
run: | | |
tag=$(basename $GITHUB_REF) | |
if [ $tag = "master" ]; then | |
tag="latest" | |
fi | |
image_name="${DOCKERIO_ORG}/${TARGET}:${tag}" | |
## Codefresh - remove dockerhub | |
# docker pull $image_name | |
docker pull quay.io/$image_name | |
test-images-windows: | |
name: Try pulling windows | |
if: github.repository == 'codefresh-io/argo-workflows' | |
runs-on: windows-2019 | |
needs: [ push-images ] | |
steps: | |
## Codefresh - remove dockerhub | |
# - name: Docker Login | |
# uses: Azure/docker-login@v1 | |
# with: | |
# username: ${{ secrets.DOCKERIO_USERNAME }} | |
# password: ${{ secrets.DOCKERIO_PASSWORD }} | |
- name: Login to Quay | |
uses: Azure/docker-login@v1 | |
with: | |
login-server: quay.io | |
username: ${{ secrets.QUAYIO_USERNAME }} | |
password: ${{ secrets.QUAYIO_PASSWORD }} | |
- name: Try pulling | |
env: | |
DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }} | |
run: | | |
docker_org=$DOCKERIO_ORG | |
tag=$(basename $GITHUB_REF) | |
if [ $tag = "master" ]; then | |
tag="latest" | |
fi | |
targets="argoexec" | |
for target in $targets; do | |
image_name="${docker_org}/${target}:${tag}" | |
## Codefresh - remove dockerhub | |
# docker pull $image_name | |
docker pull quay.io/$image_name | |
done | |
publish-release: | |
permissions: | |
contents: write # for softprops/action-gh-release to create GitHub release | |
runs-on: ubuntu-latest | |
if: github.repository == 'codefresh-io/argo-workflows' | |
needs: [ push-images, test-images-linux-amd64, test-images-windows ] | |
env: | |
NODE_OPTIONS: --max-old-space-size=4096 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "16" | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: "1.18" | |
- uses: actions/cache@v3 | |
with: | |
path: ui/node_modules | |
key: ${{ runner.os }}-node-dep-v1-${{ hashFiles('**/yarn.lock') }} | |
- uses: actions/cache@v3 | |
with: | |
path: /home/runner/.cache/go-build | |
key: GOCACHE-v2-${{ hashFiles('**/go.mod') }} | |
- uses: actions/cache@v3 | |
with: | |
path: /home/runner/go/pkg/mod | |
key: GOMODCACHE-v2-${{ hashFiles('**/go.mod') }} | |
# https://stackoverflow.com/questions/58033366/how-to-get-current-branch-within-github-actions | |
- run: make release-notes VERSION=${GITHUB_REF##*/} | |
- run: cat release-notes | |
- run: make manifests VERSION=${GITHUB_REF##*/} | |
- name: Print image tag (please check it is not `:latest`) | |
run: | | |
grep image: dist/manifests/install.yaml | |
- run: go mod download | |
- run: make clis STATIC_FILES=true VERSION=${GITHUB_REF##*/} | |
- name: Print version (please check it is not dirty) | |
run: dist/argo-linux-amd64 version | |
- run: make checksums | |
# https://github.com/softprops/action-gh-release | |
# This will publish the release and upload assets. | |
# If a conflict occurs (because you are not on a tag), the release will not be updated. This is a short coming | |
# of this action. | |
# Instead, delete the release so it is re-created. | |
- uses: softprops/action-gh-release@v1 | |
if: startsWith(github.ref, 'refs/tags/v') | |
with: | |
prerelease: ${{ startsWith(github.ref, 'refs/tags/v0') || contains(github.ref, 'rc') }} | |
body_path: release-notes | |
files: | | |
dist/argo-*.gz | |
dist/argo-*.gz.sha256 | |
dist/manifests/*.yaml | |
dist/sbom.tar.gz | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |