-
Notifications
You must be signed in to change notification settings - Fork 26
107 lines (89 loc) · 2.97 KB
/
ci-latest-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: Push KubeArmor Relay Image to Docker
on:
push:
branches: [main, v*]
paths:
- "relay-server/**"
- "!STABLE-RELEASE"
- ".github/workflows/ci-latest-release.yml"
create:
branches:
- "v*"
jobs:
push-docker-img:
name: Create and push docker image
if: github.repository == 'kubearmor/kubearmor-relay-server'
runs-on: ubuntu-latest-16-cores
permissions:
id-token: write
timeout-minutes: 20
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
platforms: linux/amd64,linux/arm64/v8
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_AUTHTOK }}
- name: Push images to Docker
run: |
if [ ${{ github.ref }} == "refs/heads/main" ]; then
TAG=latest
else
TAG=${GITHUB_REF#refs/*/}
fi
./relay-server/build/push_img.sh $TAG
- name: Install Cosign
uses: sigstore/cosign-installer@main
- name: Get Image Digest
id: digest
run: |
echo "imagedigest=$(jq -r '.["containerimage.digest"]' kubearmor-relay-server.json)" >> $GITHUB_OUTPUT
- name: Sign the Container Images
run: |
cosign sign -r kubearmor/kubearmor-relay-server@${{ steps.digest.outputs.imagedigest }} --yes
push-stable-version:
name: Create kubearmor-relay stable release
needs: push-docker-img
if: github.ref != 'refs/heads/main'
runs-on: ubuntu-latest
permissions:
id-token: write
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
with:
ref: main
- name: Install regctl
run: |
curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl
chmod 755 regctl
mv regctl /usr/local/bin
- name: Check install
run: regctl version
- name: Get tag
id: match
run: |
value=`cat STABLE-RELEASE`
if [ ${{ github.ref }} == "refs/heads/$value" ]; then
echo "tag=true" >> $GITHUB_OUTPUT
else
echo "tag=false" >> $GITHUB_OUTPUT
fi
- name: Login to Docker Hub
if: steps.match.outputs.tag == 'true'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_AUTHTOK }}
- name: Generate the stable version of kubearmor-relay in Docker Hub
if: steps.match.outputs.tag == 'true'
run: |
STABLE_VERSION=`cat STABLE-RELEASE`
regctl image copy kubearmor/kubearmor-relay-server:$STABLE_VERSION kubearmor/kubearmor-relay-server:stable --digest-tags