Automated Release Workflow #26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Automated Release Workflow | |
on: | |
workflow_dispatch: | |
inputs: | |
release_version: | |
description: 'Version of Splunk Operator Release' | |
required: true | |
operator_image_tag: | |
description: 'Tag for Splunk Operator Image' | |
required: true | |
enterprise_version: | |
description: 'Enterprise Image Version. Should match with Tag on Splunk Enterprise Docker Repo' | |
required: true | |
jobs: | |
automated-release: | |
name: Automated Release Workflow | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
pull-requests: write | |
if: github.ref == 'refs/heads/main' | |
steps: | |
- name: Set up cosign | |
uses: sigstore/cosign-installer@main | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Deep Fetch | |
run: | | |
git fetch --prune --unshallow | |
- name: Dotenv Action | |
id: dotenv | |
uses: falti/dotenv-action@d4d12eaa0e1dd06d5bdc3d7af3bf4c8c93cb5359 | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ steps.dotenv.outputs.GO_VERSION }} | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Configure Docker Credentials | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PUSH_TOKEN}} | |
- name: Install Operator SDK | |
run: | | |
export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) | |
export OS=$(uname | awk '{print tolower($0)}') | |
export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/${{ steps.dotenv.outputs.OPERATOR_SDK_VERSION }} | |
sudo curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH} | |
sudo chmod +x operator-sdk_${OS}_${ARCH} | |
sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk | |
- name: Generate Release Artifacts | |
run: | | |
make generate-artifacts IMG=splunk/splunk-operator:${{ github.event.inputs.release_version }} VERSION=${{ github.event.inputs.release_version }} SPLUNK_ENTERPRISE_IMAGE=splunk/splunk:${{ github.event.inputs.enterprise_version }} | |
- name: Upload Release Artifacts | |
uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 | |
with: | |
name: "release-artifacts-${{ github.event.inputs.release_version }}" | |
path: "release-**" | |
- name: Generate Release Notes | |
run: | | |
a=`cat docs/ChangeLog.md | grep -n -m2 "^##" | awk -F":" '{print $1}' | tail -1` | |
a=`expr $a - 1` | |
sed -n "4,${a}p" docs/ChangeLog.md >> docs/ReleaseNotes.md >> docs/ReleaseNotes.md | |
- name: Create Release | |
uses: ncipollo/release-action@40bb172bd05f266cf9ba4ff965cb61e9ee5f6d01 | |
with: | |
artifacts: "release-${{ github.event.inputs.release_version }}/splunk-operator-cluster.yaml,release-${{ github.event.inputs.release_version }}/splunk-operator-namespace.yaml" | |
bodyFile: "docs/ReleaseNotes.md" | |
tag: "${{ github.event.inputs.release_version }}" | |
draft: true | |
- name: Pull RC Splunk Operator Image | |
run: | | |
docker pull splunk/splunk-operator-rc:${{ github.event.inputs.release_version }}-RC | |
- name: Promote RC Image to Release | |
run: | | |
docker tag splunk/splunk-operator-rc:${{ github.event.inputs.release_version }}-RC splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} | |
- name: Push Release Image | |
run: | | |
docker push splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} | |
- name: Sign Splunk Operator image with a key | |
run: | | |
cosign sign --yes --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} | |
env: | |
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
- name: Verify Splunk Operator image with a key | |
run: | | |
cosign verify --key env://COSIGN_PUBLIC_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} | |
env: | |
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} | |