test latest-release #6
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci-systemd-release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: "Release tag which has to be updated" | |
| type: "string" | |
| required: true | |
| push: | |
| tags: | |
| - "*" | |
| # Declare default permissions as read only. | |
| permissions: read-all | |
| jobs: | |
| goreleaser: | |
| runs-on: ubuntu-20.04 | |
| if: github.repository == 'kubearmor/kubearmor' | |
| permissions: | |
| id-token: write # requires for cosign keyless signing | |
| contents: write # requires for goreleaser to write to GitHub release | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'KubeArmor/go.mod' | |
| - name: Install the latest LLVM toolchain | |
| run: ./.github/workflows/install-llvm.sh | |
| - name: Compile libbpf | |
| run: ./.github/workflows/install-libbpf.sh | |
| - name: Install Cosign | |
| uses: sigstore/cosign-installer@main | |
| - name: Install karmor | |
| run: curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b . | |
| working-directory: KubeArmor | |
| - name: Build KubeArmor object files | |
| run: make | |
| working-directory: KubeArmor/BPF | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_AUTHTOK }} | |
| - name: Get release tag | |
| id: vars | |
| run: | | |
| cp KubeArmor/.goreleaser.yaml /tmp/.goreleaser.yaml | |
| if [[ ${{ github.event_name }} == "workflow_dispatch" ]]; then | |
| # checkout branch but use goreleaser config from latest | |
| echo "Checking out tag: ${{ inputs.tag }}" | |
| git checkout ${{ inputs.tag }} | |
| echo "GORELEASER_CURRENT_TAG=${{ inputs.tag }}" >> $GITHUB_OUTPUT | |
| REF=${{ inputs.tag }} | |
| echo "tag=${REF#v}" >> $GITHUB_OUTPUT | |
| else | |
| REF=${GITHUB_REF#refs/*/} | |
| echo "tag=${REF#v}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v5 | |
| with: | |
| distribution: goreleaser | |
| version: v1.25.0 | |
| args: release --config=/tmp/.goreleaser.yaml | |
| workdir: KubeArmor | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GORELEASER_CURRENT_TAG: ${{ steps.vars.outputs.GORELEASER_CURRENT_TAG }} | |
| - name: Setup ORAS | |
| uses: oras-project/setup-oras@v1 | |
| with: | |
| version: 1.0.0 | |
| - name: Publish release artifacts to Dockerhub | |
| working-directory: KubeArmor/dist | |
| run: | | |
| oras push docker.io/kubearmor/kubearmor-systemd:${{ steps.vars.outputs.tag }}_linux-amd64 kubearmor_${{ steps.vars.outputs.tag }}_linux-amd64.tar.gz | |
| oras push docker.io/kubearmor/kubearmor-systemd:${{ steps.vars.outputs.tag }}_linux-arm64 kubearmor_${{ steps.vars.outputs.tag }}_linux-arm64.tar.gz |