Skip to content

Re-build 1.0.0-beta.28 release #72

Re-build 1.0.0-beta.28 release

Re-build 1.0.0-beta.28 release #72

Workflow file for this run

name: publish
on:
push:
branches:
- fix-28
env:
PACT_VERSION: ${{ github.ref_name }}
PACT_BROKER_BASE_URL: ${{ vars.PACT_BROKER_BASE_URL }}
PACT_BROKER_TOKEN: ${{ secrets.PACT_BROKER_TOKEN }}
jobs:
make-build:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: '^1.22'
- run: make build
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
package-and-publish:
runs-on: 'ubuntu-22.04'
needs:
- make-build
outputs:
# digest of the image pushed to the registry. This is used for the provenance generation
digest: ${{ steps.trim-and-save-digest.outputs.digest }}
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- uses: ./.github/actions/build-push-action
id: build-push-action
with:
context: deploy
image-name: index.docker.io/replicated/replicated-sdk:v1.0.0-beta.28
git-tag: v1.0.0-beta.28
registry-username: ${{ secrets.DOCKERHUB_USER }}
registry-password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: 'Trim and Save Digest'
# build-push-action outputs the full image name and digest, but we need to save just the sha256 part
id: trim-and-save-digest
uses: actions/github-script@v7
with:
script: |
const fullDigest = "${{ steps.build-push-action.outputs.digest }}";
const digest = fullDigest.split('@')[1];
core.setOutput("digest", digest);
- name: Run Package and Publish
env:
REPLICATED_TAG: v1.0.0-beta.28
REPLICATED_REGISTRY: replicated # docker.io/replicated
REPLICATED_CHART_NAME: replicated
REPLICATED_CHART_VERSION: 1.0.0-beta.28
REPLICATED_USER_STAGING: ${{secrets.REPLICATED_USER_STAGING}}
REPLICATED_PASS_STAGING: ${{secrets.REPLICATED_PASS_STAGING}}
REPLICATED_USER_PROD: ${{secrets.REPLICATED_USER_PROD}}
REPLICATED_PASS_PROD: ${{secrets.REPLICATED_PASS_PROD}}
run: |
# TEMPORARY: for backwards compatibility, create another directory to use for the "replicated-sdk" chart
cp -R chart chart-sdk
cd chart
envsubst < Chart.yaml.tmpl > Chart.yaml
envsubst < values.yaml.tmpl > values.yaml
rm -f *.tmpl
export CHART_NAME=`helm package . | rev | cut -d/ -f1 | rev`
echo pushing ${CHART_NAME} to staging
helm registry login registry.staging.replicated.com --username $REPLICATED_USER_STAGING --password $REPLICATED_PASS_STAGING
helm push $CHART_NAME oci://registry.staging.replicated.com/library
echo pushing ${CHART_NAME} to production
helm registry login registry.replicated.com --username $REPLICATED_USER_PROD --password $REPLICATED_PASS_PROD
helm push $CHART_NAME oci://registry.replicated.com/library
# TEMPORARY: for backwards compatibility, package and push chart with "replicated-sdk" name
cd ../chart-sdk
REPLICATED_CHART_NAME=replicated-sdk
envsubst < Chart.yaml.tmpl > Chart.yaml
envsubst < values.yaml.tmpl > values.yaml
rm -f *.tmpl
export CHART_NAME=`helm package . | rev | cut -d/ -f1 | rev`
echo pushing ${CHART_NAME} to staging
helm push $CHART_NAME oci://registry.staging.replicated.com/library
echo pushing ${CHART_NAME} to production
helm push $CHART_NAME oci://registry.replicated.com/library
provenance:
# This job is responsible for generating the SLSA provenance for the image that was pushed to the registry.
needs:
- package-and-publish
permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestations.
if: success() && needs.package-and-publish.result == 'success'
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: index.docker.io/replicated/replicated-sdk:v1.0.0-beta.28
digest: ${{ needs.package-and-publish.outputs.digest }}
secrets:
registry-password: ${{ secrets.DOCKERHUB_PASSWORD }}
registry-username: ${{ secrets.DOCKERHUB_USER }}