-
Notifications
You must be signed in to change notification settings - Fork 17
137 lines (118 loc) · 3.91 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Release
on:
release:
types: [created]
env:
IMAGE_REGISTRY: gcr.io
IMAGE_NAME: gcr.io/crowdstrike-public/falcon-integration-gateway
DEPLOYER: gcr.io/crowdstrike-public/falcon-integration-gateway/deployer
jobs:
python-package:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install setuptools wheel twine
- name: Build and publish
env:
TWINE_USERNAME: ${{ secrets.PACKAGE_API_ID }}
TWINE_PASSWORD: ${{ secrets.PACKAGE_API_SECRET }}
run: |
python setup.py sdist bdist_wheel
twine upload dist/*
container:
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
steps:
- name: Checkout
uses: actions/checkout@v4
- id: auth
name: Authenticate to Google Cloud
uses: google-github-actions/[email protected]
with:
token_format: access_token
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.SERVICE_ACCOUNT }}
access_token_lifetime: 600s
- name: Login to gcr.io
uses: docker/login-action@v3
with:
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ secrets.REGISTRY_LOGIN }}
password: ${{ steps.auth.outputs.access_token }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE_NAME }}
tags: |
# set latest tag for default branch
type=raw,value=latest,enable={{is_default_branch}}
type=match,pattern=\d.\d
type=match,pattern=\d.\d.\d
annotations: ${{ secrets.SERVICE_ANNOTATION }}
- name: Build and push
uses: docker/build-push-action@v6
with:
tags: ${{ steps.meta.outputs.tags }}
annotations: ${{ steps.meta.outputs.annotations }}
provenance: false
sbom: false
push: true
deployer:
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
steps:
- name: Checkout
uses: actions/checkout@v4
- id: auth
name: Authenticate to Google Cloud
uses: google-github-actions/[email protected]
with:
token_format: access_token
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.SERVICE_ACCOUNT }}
access_token_lifetime: 600s
- name: Login to gcr.io
uses: docker/login-action@v3
with:
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ secrets.REGISTRY_LOGIN }}
password: ${{ steps.auth.outputs.access_token }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Pull latest onbuild image
run: |
docker pull gcr.io/cloud-marketplace-tools/k8s/deployer_helm/onbuild
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.DEPLOYER }}
tags: |
# set latest tag for default branch
type=raw,value=latest,enable={{is_default_branch}}
type=match,pattern=\d.\d
type=match,pattern=\d.\d.\d
annotations: ${{ secrets.SERVICE_ANNOTATION }}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: docs/listings/gke/deployer
tags: ${{ steps.meta.outputs.tags }}
annotations: ${{ steps.meta.outputs.annotations }}
provenance: false
sbom: false
push: true