ci-marketplace-release #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci-marketplace-release | |
on: | |
workflow_run: | |
workflows: ["ci-stable-release"] | |
types: | |
- completed | |
branches: | |
- "main" | |
- "operator-refactor" | |
# push: | |
# branches: [main] | |
# paths: | |
# - "STABLE-RELEASE" | |
# - ".github/workflows/ci-marketplace-release.yml" | |
# Declare default permissions as read only. | |
permissions: read-all | |
jobs: | |
certify-images-on-redhat: | |
if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: install latest preflight | |
run: | | |
VERSION=$(curl -s https://api.github.com/repos/redhat-openshift-ecosystem/openshift-preflight/releases/latest | jq -r '.tag_name') | |
sudo wget -O /usr/local/bin/preflight https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/$VERSION/preflight-linux-amd64 | |
sudo chmod +x /usr/local/bin/preflight | |
- name: Login to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_AUTHTOK }} | |
- name: submit preflight results | |
run: | | |
repo="docker.io/kubearmor" | |
repositories=("kubearmor-controller" "kubearmor-ubi" "kubearmor-init" "kubearmor-operator" "kubearmor-snitch") | |
tag=`cat STABLE-RELEASE` | |
certids=("${{secrets.CONTROLLER_OSPID}}" "${{secrets.KUBEARMOR_UBI_OSPID}}" "${{secrets.KUBEARMOR_INIT_OSPID}}" "${{secrets.OPERATOR_OSPID}}" "${{secrets.SNITCH_OSPID}}") | |
pyxis="${{secrets.OS_PYXIS}}" | |
# Loop through the repositories and target repositories | |
# for ((i=0; i<${#repositories[@]}; i++)); do | |
# repository="$repo/${repositories[i]}" | |
# certid=${certids[i]} | |
# echo "Processing $repository image..." | |
# echo "Submitting image for $repository..." | |
# preflight check container \ | |
# $repository:$tag \ | |
# --certification-project-id=$certid \ | |
# --pyxis-api-token=$pyxis \ | |
# --platform=${platform} \ | |
# --docker-config=${HOME}/.docker/config.json \ | |
# --artifacts=./artifacts/${repository} \ | |
# --submit | |
# if [ $? -eq 0 ]; then | |
# echo "Successfully submitted image for $repository." | |
# else | |
# echo "Error: Failed to submit image for $repository." | |
# fi | |
# done | |
publish-images-to-ecr: | |
if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ vars.AWS_REGION }} | |
- name: Login to Amazon ECR | |
run: | | |
aws ecr get-login-password --region ${{vars.AWS_REGION}} | docker login --username AWS --password-stdin ${{ vars.AWS_ECR_REGISTRY }} | |
- name: Install regctl | |
run: | | |
curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl | |
chmod 755 regctl | |
mv regctl /usr/local/bin | |
regctl version | |
# - name: Publish Images to ECR | |
# run: | | |
# # copy images to ecr registry | |
# STABLE_VERSION=`cat STABLE-RELEASE` | |
# regctl image copy kubearmor/kubearmor:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-init:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-init:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-controller:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-controller:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-operator:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-operator:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-snitch:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-snitch:$STABLE_VERSION --digest-tags | |
# =================================== | |
# Publish to OCIR is disabled for now | |
# =================================== | |
# publish-images-to-ocir: | |
# runs-on: ubuntu-latest | |
# steps: | |
# - uses: actions/checkout@v3 | |
# - name: login to ocir registry | |
# run: | | |
# echo "${{ secrets.OCIR_AUTHTOKEN }}" | docker login ${{ vars.OCIR_REGION }} -u ${{ secrets.OCIR_USERNAME }} --password-stdin | |
# - name: Install regctl | |
# run: | | |
# curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl | |
# chmod 755 regctl | |
# mv regctl /usr/local/bin | |
# regctl version | |
# - name: Publish Images to OCIR | |
# run: | | |
# # copy images to ocir registry | |
# STABLE_VERSION=`cat STABLE-RELEASE` | |
# regctl image copy kubearmor/kubearmor:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-init:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-init:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-controller:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-controller:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-operator:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-operator:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-snitch:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-snitch:$STABLE_VERSION --digest-tags | |
create_issue: | |
if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
# needs: ["certify-images-on-redhat","publish-images-to-ecr"] | |
runs-on: ubuntu-latest | |
permissions: | |
issues: write | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Create marketplace release issue | |
run: | | |
RELEASE=`cat STABLE-RELEASE` | |
new_issue_url=$(gh issue create \ | |
--title "$TITLE $RELEASE" \ | |
--assignee "$ASSIGNEES" \ | |
--label "$LABELS" \ | |
--body "$BODY") | |
env: | |
GH_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }} | |
GH_REPO: ${{ github.repository }} | |
TITLE: Marketplace Release KubeArmor | |
ASSIGNEES: rksharma95,daemon1024 | |
LABELS: "help wanted" | |
BODY: | | |
### Tasks | |
- [ ] Test and Publish KubeArmor Operator on Red Hat | |
- [ ] Publish helm chart on kubearmor/charts repo | |
- [ ] Update KubeArmor Listing on AWS Marketplace | |
# - [ ] Update KubeArmor Listing on Oracle Marketplace | |
Assignees: @kubearmor/triagers | |
Refer the documentation [here](https://github.com/kubearmor/KubeArmor/wiki/Update-KubeArmor-Marketplace-Releases) for update listing instructions. |