chore: Prepare v3.16.0-rc.0 release (#3369) #27
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
on: | |
push: | |
tags: | |
- 'v*' | |
env: | |
IMAGE_REPO: openpolicyagent/gatekeeper | |
CRD_IMAGE_REPO: openpolicyagent/gatekeeper-crds | |
GATOR_IMAGE_REPO: openpolicyagent/gator | |
permissions: | |
contents: read | |
jobs: | |
tagged-release: | |
name: "Tagged Release" | |
runs-on: "ubuntu-22.04" | |
permissions: | |
contents: write | |
if: startsWith(github.ref, 'refs/tags/v') && github.repository == 'open-policy-agent/gatekeeper' | |
timeout-minutes: 45 | |
steps: | |
- name: Cleanup disk | |
run: | | |
# Filter out local helm-gh-pages image so we don't delete it | |
docker system prune -a -f --filter "label!=org.opencontainers.image.source=https://github.com/stefanprodan/alpine-base" | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 | |
- name: Set up Go | |
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version: "1.22" | |
check-latest: true | |
- name: Get tag | |
id: get_version | |
run: | | |
echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | |
- name: Publish release | |
run: | | |
make docker-login | |
tokenUri="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${{ env.IMAGE_REPO }}:pull&scope=repository:${{ env.CRD_IMAGE_REPO }}:pull&scope=repository:${{ env.GATOR_IMAGE_REPO }}:pull" | |
bearerToken="$(curl --silent --get $tokenUri | jq --raw-output '.token')" | |
listUri="https://registry-1.docker.io/v2/${{ env.IMAGE_REPO }}/tags/list" | |
authz="Authorization: Bearer $bearerToken" | |
version_list="$(curl --silent --get -H "Accept: application/json" -H $authz $listUri | jq --raw-output '.')" | |
exists=$(echo $version_list | jq --arg t ${TAG} '.tags | index($t)') | |
if [[ $exists == null ]] | |
then | |
make docker-buildx-release \ | |
VERSION=${TAG} \ | |
PLATFORM="linux/amd64,linux/arm64,linux/arm/v7" \ | |
OUTPUT_TYPE=type=registry \ | |
GENERATE_ATTESTATIONS=true | |
fi | |
listUri="https://registry-1.docker.io/v2/${{ env.CRD_IMAGE_REPO }}/tags/list" | |
version_list="$(curl --silent --get -H "Accept: application/json" -H $authz $listUri | jq --raw-output '.')" | |
exists=$(echo $version_list | jq --arg t ${TAG} '.tags | index($t)') | |
if [[ $exists == null ]] | |
then | |
make docker-buildx-crds-release \ | |
VERSION=${TAG} \ | |
PLATFORM="linux/amd64,linux/arm64" \ | |
OUTPUT_TYPE=type=registry \ | |
GENERATE_ATTESTATIONS=true | |
fi | |
listUri="https://registry-1.docker.io/v2/${{ env.GATOR_IMAGE_REPO }}/tags/list" | |
version_list="$(curl --silent --get -H "Accept: application/json" -H $authz $listUri | jq --raw-output '.')" | |
exists=$(echo $version_list | jq --arg t ${TAG} '.tags | index($t)') | |
if [[ $exists == null ]] | |
then | |
make docker-buildx-gator-release \ | |
VERSION=${TAG} \ | |
PLATFORM="linux/amd64,linux/arm64,linux/arm/v7" \ | |
OUTPUT_TYPE=type=registry \ | |
GENERATE_ATTESTATIONS=true | |
fi | |
env: | |
DOCKER_USER: ${{ secrets.DOCKER_USER }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Bootstrap e2e | |
run: | | |
mkdir -p $GITHUB_WORKSPACE/bin | |
echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH | |
make e2e-bootstrap | |
- name: Verify release | |
run: | | |
make e2e-verify-release IMG=${{ env.IMAGE_REPO }}:${TAG} USE_LOCAL_IMG=false | |
- name: Build gator-cli | |
shell: bash | |
run: | | |
set -e | |
build() { | |
export GOOS="$(echo ${1} | cut -d '-' -f 1)" | |
export GOARCH="$(echo ${1} | cut -d '-' -f 2)" | |
FILENAME=${GITHUB_WORKSPACE}/_dist/gator-${TAG}-${GOOS}-${GOARCH} | |
# build the binary | |
make bin/gator-${GOOS}-${GOARCH} | |
# rename the binary to gator | |
tmp_dir=$(mktemp -d) | |
cp bin/gator-${GOOS}-${GOARCH} ${tmp_dir}/gator | |
pushd ${tmp_dir} | |
tar -czf ${FILENAME}.tar.gz gator* | |
popd | |
} | |
mkdir -p _dist | |
i=0 | |
for os_arch_extension in $PLATFORMS; do | |
build ${os_arch_extension} & | |
pids[${i}]=$! | |
((i=i+1)) | |
done | |
# wait for all pids | |
for pid in ${pids[*]}; do | |
wait $pid | |
done | |
pushd _dist | |
# consolidate tar's sha256sum into a single file | |
find . -type f -name '*.tar.gz' | sort | xargs sha256sum >> sha256sums.txt | |
popd | |
env: | |
PLATFORMS: "linux-amd64 linux-arm64 darwin-amd64 darwin-arm64" | |
- name: Create GitHub release | |
uses: marvinpinto/action-automatic-releases@919008cf3f741b179569b7a6fb4d8860689ab7f0 # v1.2.1 | |
with: | |
repo_token: "${{ secrets.GITHUB_TOKEN }}" | |
prerelease: false | |
files: | | |
_dist/sha256sums.txt | |
_dist/*.tar.gz | |
- name: Publish Helm chart | |
uses: stefanprodan/helm-gh-pages@0ad2bb377311d61ac04ad9eb6f252fb68e207260 # v1.7.0 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
charts_dir: charts | |
target_dir: charts | |
linting: off |