Skip to content

Commit

Permalink
Merge pull request #330 from codefresh-io/danielm-codefresh-patch-1
Browse files Browse the repository at this point in the history
chore: Update release.yaml
  • Loading branch information
danielm-codefresh authored Jan 24, 2024
2 parents 124a0f9 + cc6655e commit e35a374
Showing 1 changed file with 27 additions and 47 deletions.
74 changes: 27 additions & 47 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
platform: [ linux/amd64, linux/arm64 ]
platform: [ linux/amd64 ]
target: [ workflow-controller, argocli, argoexec ]
steps:
- uses: actions/checkout@v3
Expand Down Expand Up @@ -103,7 +103,9 @@ jobs:
- uses: actions/checkout@v3

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@v2
with:
platforms: arm64

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
Expand All @@ -127,7 +129,7 @@ jobs:
# password: ${{ secrets.DOCKERIO_PASSWORD }}

- name: Docker Login
uses: docker/login-action@v3
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
Expand All @@ -139,15 +141,11 @@ jobs:
PLATFORM: ${{ matrix.platform }}
TARGET: ${{ matrix.target }}
run: |
set -eux
tag=$(basename $GITHUB_REF)
if [ $tag = "main" ]; then
if [ $tag = "master" ]; then
tag="latest"
fi
# copied verbatim from Makefile
GIT_COMMIT=$(git rev-parse HEAD || echo unknown)
GIT_TAG=$(git describe --exact-match --tags --abbrev=0 2> /dev/null || echo untagged)
GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)
tag_suffix=$(echo $PLATFORM | sed -r "s/\//-/g")
image_name="${DOCKERIO_ORG}/${TARGET}:${tag}-${tag_suffix}"
Expand Down Expand Up @@ -195,7 +193,7 @@ jobs:
docker_org=$DOCKERIO_ORG
tag=$(basename $GITHUB_REF)
if [ $tag = "main" ]; then
if [ $tag = "master" ]; then
tag="latest"
fi
Expand All @@ -208,14 +206,13 @@ jobs:
docker tag $image_name quay.io/$image_name
docker push quay.io/$image_name
done
push-images:
name: Push manifest with all images
if: github.repository == 'codefresh-io/argo-workflows'
runs-on: ubuntu-latest
needs: [ build-linux, build-windows ]
needs: [ build-linux-amd64, build-linux-arm64, build-windows ]
steps:
- uses: actions/checkout@v2
## Codefresh - remove dockerhub
Expand All @@ -232,23 +229,16 @@ jobs:
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_PASSWORD }}

- name: Install cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.13.0'

- name: Push Multiarch Image
env:
DOCKERIO_ORG: ${{ secrets.DOCKERIO_ORG }}
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
run: |
echo $(jq -c '. + { "experimental": "enabled" }' ${DOCKER_CONFIG}/config.json) > ${DOCKER_CONFIG}/config.json
docker_org=$DOCKERIO_ORG
tag=$(basename $GITHUB_REF)
if [ $tag = "main" ]; then
if [ $tag = "master" ]; then
tag="latest"
fi
Expand All @@ -269,9 +259,6 @@ jobs:
## Codefresh - remove dockerhub
# docker manifest push $image_name
docker manifest push quay.io/$image_name
cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/$image_name
done
test-images-linux-amd64:
Expand Down Expand Up @@ -305,7 +292,7 @@ jobs:
TARGET: ${{ matrix.target }}
run: |
tag=$(basename $GITHUB_REF)
if [ $tag = "main" ]; then
if [ $tag = "master" ]; then
tag="latest"
fi
Expand Down Expand Up @@ -339,7 +326,7 @@ jobs:
run: |
docker_org=$DOCKERIO_ORG
tag=$(basename $GITHUB_REF)
if [ $tag = "main" ]; then
if [ $tag = "master" ]; then
tag="latest"
fi
Expand All @@ -359,25 +346,26 @@ jobs:
needs: [ push-images, test-images-linux-amd64, test-images-windows ]
env:
NODE_OPTIONS: --max-old-space-size=4096
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "20" # change in all GH Workflows
- uses: actions/setup-go@v4
node-version: "16"
- uses: actions/setup-go@v3
with:
go-version: "1.21"
- name: Restore node packages cache
uses: actions/cache@v3
go-version: "1.18"
- uses: actions/cache@v3
with:
path: ui/node_modules
key: ${{ runner.os }}-node-dep-v1-${{ hashFiles('**/yarn.lock') }}
- name: Install cosign
uses: sigstore/cosign-installer@main
- uses: actions/cache@v3
with:
path: /home/runner/.cache/go-build
key: GOCACHE-v2-${{ hashFiles('**/go.mod') }}
- uses: actions/cache@v3
with:
cosign-release: 'v1.13.0'
path: /home/runner/go/pkg/mod
key: GOMODCACHE-v2-${{ hashFiles('**/go.mod') }}
# https://stackoverflow.com/questions/58033366/how-to-get-current-branch-within-github-actions
- run: make release-notes VERSION=${GITHUB_REF##*/}
- run: cat release-notes
Expand All @@ -390,12 +378,6 @@ jobs:
- name: Print version (please check it is not dirty)
run: dist/argo-linux-amd64 version
- run: make checksums
- name: Sign checksums and create public key for release assets
run: |
cosign sign-blob --key env://COSIGN_PRIVATE_KEY ./dist/argo-workflows-cli-checksums.txt > ./dist/argo-workflows-cli-checksums.sig
# Retrieves the public key to release as an asset
cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argo-workflows-cosign.pub
# https://github.com/softprops/action-gh-release
# This will publish the release and upload assets.
# If a conflict occurs (because you are not on a tag), the release will not be updated. This is a short coming
Expand All @@ -408,10 +390,8 @@ jobs:
body_path: release-notes
files: |
dist/argo-*.gz
dist/argo-workflows-cli-checksums.txt
dist/argo-workflows-cli-checksums.sig
dist/argo-*.gz.sha256
dist/manifests/*.yaml
dist/argo-workflows-cosign.pub
dist/sbom.tar.gz
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

0 comments on commit e35a374

Please sign in to comment.