Skip to content

fix: access path for auth endpoints (#1403) #793

fix: access path for auth endpoints (#1403)

fix: access path for auth endpoints (#1403) #793

Workflow file for this run

name: release
on:
push:
tags:
- 'v*'
branches:
- main
- dev-release*
defaults:
run:
shell: bash
jobs:
build-binaries:
runs-on: ubuntu-20.04
if: github.repository == 'numaproj/numaflow'
name: Build binaries
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Go
uses: actions/[email protected]
with:
go-version: '1.20'
- name: Build binaries
run: |
make build
chmod -R +x dist
- name: Make checksums
run: make checksums
- name: store artifacts
uses: actions/upload-artifact@v3
with:
name: binaries
path: dist
build-push-linux-multi:
name: Build & push linux/amd64 and linux/arm64
needs: [ build-binaries ]
runs-on: ubuntu-20.04
if: github.repository == 'numaproj/numaflow'
strategy:
matrix:
target: [ numaflow ]
steps:
- uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: "16"
- name: Setup Node-Cache
uses: actions/cache@v3
with:
path: ui/node_modules
key: ${{ runner.os }}-node-dep-v1-${{ hashFiles('**/yarn.lock') }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Download binaries
uses: actions/download-artifact@v3
with:
name: binaries
path: dist/
- name: Registry Login
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_PASSWORD }}
- name: Set Version
id: version
run: |
tag=$(basename $GITHUB_REF)
if [ $tag = "main" ]; then
tag="latest"
fi
echo "VERSION=$tag" >> $GITHUB_OUTPUT
- name: Container build and push with arm64/amd64
run: |
IMAGE_NAMESPACE=${{ secrets.QUAYIO_ORG }} VERSION=${{ steps.version.outputs.VERSION }} DOCKER_PUSH=true make image-multi
Bom:
runs-on: ubuntu-latest
if: github.repository == 'numaproj/numaflow'
needs: [ build-push-linux-multi ]
steps:
# https://stackoverflow.com/questions/58033366/how-to-get-current-branch-within-github-actions
- run: |
if [ ${GITHUB_REF##*/} = main ]; then
echo "VERSION=latest" >> $GITHUB_ENV
else
echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
fi
- uses: actions/[email protected]
with:
go-version: '1.20'
- uses: actions/checkout@v3
- run: go install sigs.k8s.io/bom/cmd/[email protected]
- run: go install github.com/spdx/spdx-sbom-generator/cmd/[email protected]
- run: mkdir -p dist
- run: generator -o /tmp -p .
- run: bom generate --image quay.io/numaproj/numaflow:$VERSION -o /tmp/numaflow.spdx
# pack the boms into one file to make it easy to download
- run: cd /tmp && tar -zcf sbom.tar.gz *.spdx
- uses: actions/upload-artifact@v3
with:
name: sbom.tar.gz
path: /tmp/sbom.tar.gz
Release:
runs-on: ubuntu-latest
if: github.repository == 'numaproj/numaflow'
needs: [ build-push-linux-multi, bom ]
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set Version
run: |
if [ ${GITHUB_REF##*/} = main ]; then
echo "VERSION=latest" >> $GITHUB_ENV
else
echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
fi
- name: Download binaries
uses: actions/download-artifact@v3
with:
name: binaries
path: dist/
- uses: actions/download-artifact@v3
with:
name: sbom.tar.gz
path: /tmp
- name: Registry Login
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_PASSWORD }}
- name: Install cosign
uses: sigstore/[email protected]
with:
cosign-release: 'v1.13.1'
- name: Install crane to get digest of image
uses: imjasonh/[email protected]
- name: Get digests of container images
run: |
echo "IMAGE_DIGEST=$(crane digest quay.io/numaproj/numaflow:$VERSION)" >> $GITHUB_ENV
- name: Sign Numaflow container images and assets
run: |
cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/numaproj/numaflow@${{ env.IMAGE_DIGEST }}
cosign sign-blob --key env://COSIGN_PRIVATE_KEY ./dist/numaflow-checksums.txt > ./dist/numaflow-checksums.sig
cosign sign-blob --key env://COSIGN_PRIVATE_KEY /tmp/sbom.tar.gz > /tmp/sbom.tar.gz.sig
# Retrieves the public key to release as an asset
cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/numaflow-cosign.pub
env:
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
- name: Release binaries
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
files: |
dist/*.gz
dist/numaflow-checksums.txt
dist/numaflow-checksums.sig
dist/numaflow-cosign.pub
config/*.yaml
/tmp/sbom.tar.gz
/tmp/sbom.tar.gz.sig
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}