Skip to content

v1.13.5-test

v1.13.5-test #3

Workflow file for this run

name: build release, release image to DockerHub
on:
release:
types:
- published
env:
CONTAINER_RUN_OPTIONS: " "
IMAGE_REPOSITORY: shelleyby
jobs:
release-assests:
name: release kubeedge components
runs-on: ubuntu-22.04
strategy:
matrix:
target: [kubeedge, edgesite, keadm]
os: [linux]
ARM_VERSION: [GOARM7, GOARM8, ""]
outputs:
hash-kubeedge-amd64: ${{ steps.hash.outputs.hash-kubeedge-amd64 }}
hash-kubeedge-arm64: ${{ steps.hash.outputs.hash-kubeedge-arm64 }}
hash-kubeedge-arm: ${{ steps.hash.outputs.hash-kubeedge-arm }}
steps:
- name: checkout code
uses: actions/checkout@v3
with:
# fetch-depth:
# 0 indicates all history for all branches and tags.
# for `git describe --tags` in Makefile.
fetch-depth: 0
- name: Making and packaging
run: |
docker pull kubeedge/build-tools
make release WHAT=${{ matrix.target }} ARM_VERSION=${{ matrix.ARM_VERSION }}
- name: Generate arch
run: |
if [ "${{ matrix.ARM_VERSION }}" = "GOARM7" ]; then echo "output_arch=arm" >> $GITHUB_ENV; elif [ ${{ matrix.ARM_VERSION }} = "GOARM8" ]; then echo "output_arch=arm64" >> $GITHUB_ENV; else echo "output_arch=amd64" >> $GITHUB_ENV; fi
- name: Generate hashes
shell: bash
id: hash
run: |
cp _output/release/${{ github.ref_name }}/${{ matrix.target }}-${{ github.ref_name }}-${{ matrix.os }}-${{ env.output_arch }}.tar.gz .
echo "hash-${{ matrix.target }}-${{ env.output_arch }}=$( \
sha256sum ${{ matrix.target }}-${{ github.ref_name }}-${{ matrix.os }}-${{ env.output_arch}}.tar.gz | base64 -w0 \
)" >> "$GITHUB_OUTPUT"
- name: Uploading assets...
if: ${{ !env.ACT }}
uses: softprops/action-gh-release@v1
with:
files: |
_output/release/${{ github.ref_name }}/${{ matrix.target }}-${{ github.ref_name }}-${{ matrix.os }}-${{ env.output_arch }}.tar.gz
_output/release/${{ github.ref_name }}/checksum_${{ matrix.target }}-${{ github.ref_name }}-${{ matrix.os }}-${{ env.output_arch }}.tar.gz.txt
combine_hashes:
needs: [release-assests]
runs-on: ubuntu-22.04
outputs:
hashes: ${{ steps.hashes.outputs.hashes }}
env:
HASHES: ${{ toJSON(needs.release-assests.outputs) }}
steps:
- id: hashes
run: |
echo "$HASHES" | jq -r '.[] | @base64d' | sed "/^$/d" > hashes.txt
echo "hashes=$(cat hashes.txt | base64 -w0)" >> "$GITHUB_OUTPUT"
# This step calls the generic workflow to generate provenance.
provenance:
needs: [combine_hashes]
permissions:
actions: read
id-token: write
contents: write
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
base64-subjects: "${{ needs.combine_hashes.outputs.hashes }}"
# Upload provenance to a new release
upload-assets: true
publish-image-to-dockerhub:
name: publish to DockerHub
strategy:
matrix:
target: [cloudcore]
outputs:
hash-digest-cloudcore: ${{ steps.hash.outputs.hash-digest-cloudcore }}
runs-on: ubuntu-22.04
steps:
- name: checkout code
uses: actions/checkout@v3
with:
# fetch-depth:
# 0 indicates all history for all branches and tags.
# for `git describe --tags` in Makefile.
fetch-depth: 0
- name: install QEMU
uses: docker/setup-qemu-action@v1
- name: install Buildx
uses: docker/setup-buildx-action@v1
- name: login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USER_NAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: generate dockerfile path
run: |
echo "dockerfile_path=$(./hack/make-rules/imageprocess.sh dockerfile ${{ matrix.target }})" >> $GITHUB_ENV
- name: build and publish images
id: build
uses: docker/build-push-action@v3
with:
context: .
file: ${{ env.dockerfile_path }}
platforms: linux/amd64,linux/arm64,linux/arm/v7
push: true
tags: |
${{ env.IMAGE_REPOSITORY }}/${{ matrix.target }}:${{ github.ref_name }}
- name: generate digest
id: hash
run: |
echo "hash-digest-${{ matrix.target }}=${{ steps.build.outputs.digest }}" >> $GITHUB_OUTPUT
# This step calls the container workflow to generate provenance and push it to
# the container registry.
image-provenance:
needs: [publish-image-to-dockerhub]
strategy:
matrix:
target: [cloudcore]
permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestations.
if: startsWith(github.ref, 'refs/tags/')
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: shelleyby/${{ matrix.target }}
registry-username: ${{ vars.DOCKERHUB_USER_NAME }}
digest: ${{ needs.publish-image-to-dockerhub.outputs[format('hash-digest-{0}', matrix.target)] }}
secrets:
registry-password: ${{ secrets.DOCKERHUB_TOKEN }}