github/flagger
1
0
Fork 0
mirror of https://github.com/fluxcd/flagger.git synced 2026-03-03 02:00:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
da1ee05c0a3017055be4be95dc8f7ac42e1d9cc2
flagger/.github/workflows/release.yml
dependabot[bot] d82d9765e1 Bump docker/metadata-action from 3 to 4 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3 to 4.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/docker/metadata-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-21 09:30:33 +00:00

88 lines
2.9 KiB
YAML
Raw Blame History

name: release
on:
push:
tags:
- 'v*'
permissions:
contents: read
env:
IMAGE: "ghcr.io/fluxcd/${{ github.event.repository.name }}"
jobs:
release-flagger:
runs-on: ubuntu-latest
permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
steps:
- uses: actions/checkout@v2
- uses: sigstore/cosign-installer@main
- name: Prepare
id: prep
run: |
VERSION=$(grep 'VERSION' pkg/version/version.go | awk '{ print $4 }' | tr -d '"')
CHANGELOG="https://github.com/fluxcd/flagger/blob/main/CHANGELOG.md#$(echo $VERSION | tr -d '.')"
echo "[CHANGELOG](${CHANGELOG})" > notes.md
echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
echo ::set-output name=VERSION::${VERSION}
- name: Setup QEMU
uses: docker/setup-qemu-action@v1
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: fluxcdbot
password: ${{ secrets.GHCR_TOKEN }}
- name: Generate image meta
id: meta
uses: docker/metadata-action@v4
with:
images: |
${{ env.IMAGE }}
tags: |
type=raw,value=${{ steps.prep.outputs.VERSION }}
- name: Publish image
uses: docker/build-push-action@v2
with:
push: true
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64,linux/arm/v7
build-args: |
REVISON=${{ github.sha }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Sign image
run: |
echo -n "${{secrets.COSIGN_PASSWORD}}" | \
cosign sign -key ./.cosign/cosign.key -a git_sha=$GITHUB_SHA \
${{ env.IMAGE }}:${{ steps.prep.outputs.VERSION }}
- name: Check images
run: |
docker buildx imagetools inspect ${{ env.IMAGE }}:${{ steps.prep.outputs.VERSION }}
- name: Verifiy image signature
run: |
cosign verify -key ./.cosign/cosign.pub \
${{ env.IMAGE }}:${{ steps.prep.outputs.VERSION }}
- name: Publish Helm charts
uses: stefanprodan/helm-gh-pages@v1.3.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
charts_url: https://flagger.app
linting: off
- uses: anchore/sbom-action/download-syft@v0
- name: Create release and SBOM
uses: goreleaser/goreleaser-action@v2
with:
version: latest
args: release --release-notes=notes.md --rm-dist --skip-validate
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Reference in New Issue View Git Blame Copy Permalink