Merge pull request #1764 from DelusionalOptimist/oci-artifacts #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci-marketplace-release | |
on: | |
push: | |
branches: [main] | |
paths: | |
- "STABLE-RELEASE" | |
- ".github/workflows/ci-marketplace-release.yml" | |
# Declare default permissions as read only. | |
permissions: read-all | |
jobs: | |
certify-images-on-redhat: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: install latest preflight | |
run: | | |
VERSION=$(curl -s https://api.github.com/repos/redhat-openshift-ecosystem/openshift-preflight/releases/latest | jq -r '.tag_name') | |
sudo wget -O /usr/local/bin/preflight https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/$VERSION/preflight-linux-amd64 | |
sudo chmod +x /usr/local/bin/preflight | |
- name: Login to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_AUTHTOK }} | |
- name: submit preflight results | |
run: | | |
repo="docker.io/kubearmor" | |
repositories=("kubearmor-controller" "kubearmor-ubi" "kubearmor-init" "kubearmor-operator" "kubearmor-snitch") | |
tag=`cat STABLE-RELEASE` | |
certids=("${{secrets.CONTROLLER_OSPID}}" "${{secrets.KUBEARMOR_UBI_OSPID}}" "${{secrets.KUBEARMOR_INIT_OSPID}}" "${{secrets.OPERATOR_OSPID}}" "${{secrets.SNITCH_OSPID}}") | |
pyxis="${{secrets.OS_PYXIS}}" | |
# Loop through the repositories and target repositories | |
for ((i=0; i<${#repositories[@]}; i++)); do | |
repository="$repo/${repositories[i]}" | |
certid=${certids[i]} | |
echo "Processing $repository image..." | |
echo "Submitting image for $repository..." | |
for platform in "amd64" "arm64"; do | |
preflight check container \ | |
$repository:$tag \ | |
--certification-project-id=$certid \ | |
--pyxis-api-token=$pyxis \ | |
--platform=${platform} \ | |
--docker-config=${HOME}/.docker/config.json \ | |
--artifacts=./artifacts/${repository} \ | |
--submit | |
if [ $? -eq 0 ]; then | |
echo "Successfully submitted image for $repository." | |
else | |
echo "Error: Failed to submit image for $repository." | |
fi | |
done | |
done | |
publish-images-to-ecr: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ vars.AWS_REGION }} | |
- name: Login to Amazon ECR | |
run: | | |
aws ecr get-login-password --region ${{vars.AWS_REGION}} | docker login --username AWS --password-stdin ${{ vars.AWS_ECR_REGISTRY }} | |
- name: Install regctl | |
run: | | |
curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl | |
chmod 755 regctl | |
mv regctl /usr/local/bin | |
regctl version | |
- name: Publish Images to ECR | |
run: | | |
# copy images to ecr registry | |
STABLE_VERSION=`cat STABLE-RELEASE` | |
regctl image copy kubearmor/kubearmor:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor:$STABLE_VERSION --digest-tags | |
regctl image copy kubearmor/kubearmor-init:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-init:$STABLE_VERSION --digest-tags | |
regctl image copy kubearmor/kubearmor-controller:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-controller:$STABLE_VERSION --digest-tags | |
regctl image copy kubearmor/kubearmor-operator:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-operator:$STABLE_VERSION --digest-tags | |
regctl image copy kubearmor/kubearmor-snitch:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-snitch:$STABLE_VERSION --digest-tags | |
publish-images-to-ocir: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: login to ocir registry | |
run: | | |
echo "${{ secrets.OCIR_AUTHTOKEN }}" | docker login ${{ vars.OCIR_REGION }} -u ${{ secrets.OCIR_USERNAME }} --password-stdin | |
- name: Install regctl | |
run: | | |
curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl | |
chmod 755 regctl | |
mv regctl /usr/local/bin | |
regctl version | |
- name: Publish Images to OCIR | |
run: | | |
# copy images to ocir registry | |
STABLE_VERSION=`cat STABLE-RELEASE` | |
regctl image copy kubearmor/kubearmor:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor:$STABLE_VERSION --digest-tags | |
regctl image copy kubearmor/kubearmor-init:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-init:$STABLE_VERSION --digest-tags | |
regctl image copy kubearmor/kubearmor-controller:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-controller:$STABLE_VERSION --digest-tags | |
regctl image copy kubearmor/kubearmor-operator:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-operator:$STABLE_VERSION --digest-tags | |
regctl image copy kubearmor/kubearmor-snitch:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-snitch:$STABLE_VERSION --digest-tags | |
publish-aws-helm-chart: | |
runs-on: ubuntu-latest | |
needs: ["publish-images-to-ecr"] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: azure/setup-helm@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ vars.AWS_REGION }} | |
- name: Login to AWS Helm | |
run: | | |
aws ecr get-login-password --region ${{ vars.AWS_REGION }} | helm registry login --username AWS --password-stdin ${{ vars.AWS_ECR_REGISTRY }} | |
- name: Generate version metadata | |
id: metadata | |
run: | | |
version=`cat STABLE-RELEASE` | |
relay_version=$(curl https://raw.githubusercontent.com/kubearmor/kubearmor-relay-server/main/STABLE-RELEASE) | |
echo "version=${version}" >> $GITHUB_OUTPUT | |
echo "relay_version=${relay_version}" >> $GITHUB_OUTPUT | |
- name: Create and Publish Helm Chart | |
uses: ./.github/actions/marketplace | |
with: | |
registry: '${{ vars.AWS_ECR_REGISTRY }}' | |
version: '${{ steps.metadata.outputs.version }}' | |
relay_version: '${{ steps.metadata.outputs.relay_version }}' | |
helm_chart_path: './deployments/helm/KubeArmorOperator' | |
helm_chart_name: 'kubearmor-operator-aws' | |
# workaround to mandatory subfolder for helm-gh-master action | |
# https://github.com/stefanprodan/helm-gh-pages/issues/23#issuecomment-854101420 | |
- name: Move operator chart to charts subfolder | |
run: | | |
mkdir -p ./deployments/helm/charts | |
mv ./deployments/helm/KubeArmorOperator ./deployments/helm/charts/KubeArmorOperatorAws | |
- name: Publish Helm chart to KubeArmor helm repo | |
uses: stefanprodan/helm-gh-pages@master | |
with: | |
# Access token which can push to a different repo in the same org | |
token: ${{ secrets.GH_ACCESS_TOKEN }} | |
charts_dir: deployments/helm/charts | |
# repo where charts would be published | |
owner: kubearmor | |
repository: charts | |
branch: gh-pages | |
charts_url: https://kubearmor.github.io/charts | |
commit_username: "github-actions[bot]" | |
commit_email: "github-actions[bot]@users.noreply.github.com" | |
publish-oci-helm-chart: | |
runs-on: ubuntu-latest | |
needs: ["publish-images-to-ocir"] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: azure/setup-helm@v3 | |
- name: Login to OCI Helm | |
run: | | |
echo "${{ secrets.OCIR_AUTHTOKEN }}" | helm registry login ${{ vars.OCIR_REGION }} -u ${{ secrets.OCIR_USERNAME }} --password-stdin | |
- name: Generate version metadata | |
id: metadata | |
run: | | |
version=`cat STABLE-RELEASE` | |
relay_version=$(curl https://raw.githubusercontent.com/kubearmor/kubearmor-relay-server/main/STABLE-RELEASE) | |
echo "version=${version}" >> $GITHUB_OUTPUT | |
echo "relay_version=${relay_version}" >> $GITHUB_OUTPUT | |
- name: Create and Publish Helm Chart | |
uses: ./.github/actions/marketplace | |
with: | |
registry: '${{ vars.OCIR_REGISTRY }}' | |
version: '${{ steps.metadata.outputs.version }}' | |
relay_version: '${{ steps.metadata.outputs.relay_version }}' | |
helm_chart_path: './deployments/helm/KubeArmorOperator' | |
helm_chart_name: 'kubearmor-operator-oci' | |
# workaround to mandatory subfolder for helm-gh-master action | |
# https://github.com/stefanprodan/helm-gh-pages/issues/23#issuecomment-854101420 | |
- name: Move operator chart to charts subfolder | |
run: | | |
mkdir -p ./deployments/helm/charts | |
mv ./deployments/helm/KubeArmorOperator ./deployments/helm/charts/KubeArmorOperatorOci | |
- name: Publish Helm chart to KubeArmor helm repo | |
uses: stefanprodan/helm-gh-pages@master | |
with: | |
# Access token which can push to a different repo in the same org | |
token: ${{ secrets.GH_ACCESS_TOKEN }} | |
charts_dir: deployments/helm/charts | |
# repo where charts would be published | |
owner: kubearmor | |
repository: charts | |
branch: gh-pages | |
charts_url: https://kubearmor.github.io/charts | |
commit_username: "github-actions[bot]" | |
commit_email: "github-actions[bot]@users.noreply.github.com" | |
create_issue: | |
needs: ["publish-oci-helm-chart","publish-aws-helm-chart","certify-images-on-redhat"] | |
runs-on: ubuntu-latest | |
permissions: | |
issues: write | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Create marketplace release issue | |
run: | | |
RELEASE=`cat STABLE-RELEASE` | |
new_issue_url=$(gh issue create \ | |
--title "$TITLE $RELEASE" \ | |
--assignee "$ASSIGNEES" \ | |
--label "$LABELS" \ | |
--body "$BODY") | |
env: | |
GH_TOKEN: ${{ secrets.GH_ISSUE_RW_ACCESS_TOKEN }} | |
GH_REPO: ${{ github.repository }} | |
TITLE: Marketplace Release KubeArmor | |
ASSIGNEES: rksharma95,daemon1024 | |
LABELS: "help wanted" | |
BODY: | | |
### Tasks | |
- [ ] Test and Publish KubeArmor Operator on Red Hat | |
- [ ] Update KubeArmor Listing on AWS Marketplace | |
- [ ] Update KubeArmor Listing on Oracle Marketplace | |
Assignees: @kubearmor/triagers | |
Refer the documentation [here](https://github.com/kubearmor/KubeArmor/wiki/Update-KubeArmor-Marketplace-Releases) for update listing instructions. |