8a00852f8a
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.17.0 to 6.18.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](1dc7386353...263435318d)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-version: 6.18.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
85 lines
3.5 KiB
YAML
85 lines
3.5 KiB
YAML
name: release
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v*'
|
|
permissions:
|
|
contents: write
|
|
packages: write
|
|
id-token: write
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
jobs:
|
|
release:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Clone repo
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
|
|
- name: Setup Cosign
|
|
uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb #v3.8.2
|
|
- name: Setup Helm
|
|
uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 #v4.3.0
|
|
with:
|
|
version: v3.17.3
|
|
- name: Setup Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 #v3.10.0
|
|
- name: Setup yq
|
|
uses: frenck/action-setup-yq@c4b5be8b4a215c536a41d436757d9feb92836d4f #v1.0.2
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 #v3.4.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: Prepare version
|
|
id: prep
|
|
run: |
|
|
VERSION=sha-${GITHUB_SHA::8}
|
|
if [[ $GITHUB_REF == refs/tags/* ]]; then
|
|
VERSION=${GITHUB_REF/refs\/tags\//}
|
|
fi
|
|
echo "Refer to the [Changelog](https://github.com/spegel-org/spegel/blob/main/CHANGELOG.md#${VERSION//.}) for list of changes." > ${{ runner.temp }}/NOTES.txt
|
|
echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
|
|
- name: Run GoReleaser
|
|
uses: goreleaser/goreleaser-action@v6
|
|
with:
|
|
args: release --clean --release-notes ${{ runner.temp }}/NOTES.txt
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: Generate images meta
|
|
id: meta
|
|
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 #v5.7.0
|
|
with:
|
|
images: ghcr.io/${{ github.repository_owner }}/spegel
|
|
tags: type=raw,value=${{ steps.prep.outputs.VERSION }}
|
|
- name: Publish multi-arch image
|
|
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0
|
|
id: build
|
|
with:
|
|
push: true
|
|
builder: ${{ steps.buildx.outputs.name }}
|
|
context: .
|
|
file: ./Dockerfile
|
|
platforms: linux/amd64,linux/arm/v7,linux/arm64
|
|
tags: ghcr.io/${{ github.repository_owner }}/spegel:${{ steps.prep.outputs.VERSION }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
- name: Sign the image with Cosign
|
|
run: |
|
|
cosign sign --yes ghcr.io/${{ github.repository_owner }}/spegel@${{ steps.build.outputs.DIGEST }}
|
|
- name: Publish Helm chart to GHCR
|
|
id: helm
|
|
run: |
|
|
HELM_VERSION=${{ steps.prep.outputs.VERSION }}
|
|
HELM_VERSION=${HELM_VERSION#v}
|
|
rm charts/spegel/artifacthub-repo.yml
|
|
yq -i '.image.digest = "${{ steps.build.outputs.DIGEST }}"' charts/spegel/values.yaml
|
|
helm package --app-version ${{ steps.prep.outputs.VERSION }} --version ${HELM_VERSION} charts/spegel
|
|
helm push spegel-${HELM_VERSION}.tgz oci://ghcr.io/${{ github.repository_owner }}/helm-charts 2> .digest
|
|
DIGEST=$(cat .digest | awk -F "[, ]+" '/Digest/{print $NF}')
|
|
echo "DIGEST=${DIGEST}" >> $GITHUB_OUTPUT
|
|
- name: Sign the Helm chart with Cosign
|
|
run: |
|
|
cosign sign --yes ghcr.io/${{ github.repository_owner }}/helm-charts/spegel@${{ steps.helm.outputs.DIGEST }}
|