Skip to content

ci-marketplace-release #8

ci-marketplace-release

ci-marketplace-release #8

name: ci-marketplace-release
on:
workflow_run:
workflows: ["ci-stable-release"]
types:
- completed
branches:
- "main"
- "operator-refactor"
# push:
# branches: [main]
# paths:
# - "STABLE-RELEASE"
# - ".github/workflows/ci-marketplace-release.yml"
# Declare default permissions as read only.
permissions: read-all
jobs:
certify-images-on-redhat:
if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: install latest preflight
run: |
VERSION=$(curl -s https://api.github.com/repos/redhat-openshift-ecosystem/openshift-preflight/releases/latest | jq -r '.tag_name')
sudo wget -O /usr/local/bin/preflight https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/$VERSION/preflight-linux-amd64
sudo chmod +x /usr/local/bin/preflight
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_AUTHTOK }}
- name: submit preflight results
run: |
repo="docker.io/kubearmor"
repositories=("kubearmor-controller" "kubearmor-ubi" "kubearmor-init" "kubearmor-operator" "kubearmor-snitch")
tag=`cat STABLE-RELEASE`
certids=("${{secrets.CONTROLLER_OSPID}}" "${{secrets.KUBEARMOR_UBI_OSPID}}" "${{secrets.KUBEARMOR_INIT_OSPID}}" "${{secrets.OPERATOR_OSPID}}" "${{secrets.SNITCH_OSPID}}")
pyxis="${{secrets.OS_PYXIS}}"
# Loop through the repositories and target repositories
# for ((i=0; i<${#repositories[@]}; i++)); do
# repository="$repo/${repositories[i]}"
# certid=${certids[i]}
# echo "Processing $repository image..."
# echo "Submitting image for $repository..."
# preflight check container \
# $repository:$tag \
# --certification-project-id=$certid \
# --pyxis-api-token=$pyxis \
# --platform=${platform} \
# --docker-config=${HOME}/.docker/config.json \
# --artifacts=./artifacts/${repository} \
# --submit
# if [ $? -eq 0 ]; then
# echo "Successfully submitted image for $repository."
# else
# echo "Error: Failed to submit image for $repository."
# fi
# done
publish-images-to-ecr:
if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ vars.AWS_REGION }}
- name: Login to Amazon ECR
run: |
aws ecr get-login-password --region ${{vars.AWS_REGION}} | docker login --username AWS --password-stdin ${{ vars.AWS_ECR_REGISTRY }}
- name: Install regctl
run: |
curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl
chmod 755 regctl
mv regctl /usr/local/bin
regctl version
# - name: Publish Images to ECR
# run: |
# # copy images to ecr registry
# STABLE_VERSION=`cat STABLE-RELEASE`
# regctl image copy kubearmor/kubearmor:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-init:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-init:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-controller:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-controller:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-operator:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-operator:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-snitch:$STABLE_VERSION ${{vars.AWS_ECR_REGISTRY}}/kubearmor-snitch:$STABLE_VERSION --digest-tags
# ===================================
# Publish to OCIR is disabled for now
# ===================================
# publish-images-to-ocir:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# - name: login to ocir registry
# run: |
# echo "${{ secrets.OCIR_AUTHTOKEN }}" | docker login ${{ vars.OCIR_REGION }} -u ${{ secrets.OCIR_USERNAME }} --password-stdin
# - name: Install regctl
# run: |
# curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl
# chmod 755 regctl
# mv regctl /usr/local/bin
# regctl version
# - name: Publish Images to OCIR
# run: |
# # copy images to ocir registry
# STABLE_VERSION=`cat STABLE-RELEASE`
# regctl image copy kubearmor/kubearmor:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-init:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-init:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-controller:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-controller:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-operator:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-operator:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-snitch:$STABLE_VERSION ${{vars.OCIR_REGISTRY}}/kubearmor-snitch:$STABLE_VERSION --digest-tags
create_issue:
if: ${{ github.event.workflow_run.conclusion == 'success' }}
# needs: ["certify-images-on-redhat","publish-images-to-ecr"]
runs-on: ubuntu-latest
permissions:
issues: write
steps:
- uses: actions/checkout@v3
- name: Create marketplace release issue
run: |
RELEASE=`cat STABLE-RELEASE`
new_issue_url=$(gh issue create \
--title "$TITLE $RELEASE" \
--assignee "$ASSIGNEES" \
--label "$LABELS" \
--body "$BODY")
env:
GH_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}
GH_REPO: ${{ github.repository }}
TITLE: Marketplace Release KubeArmor
ASSIGNEES: rksharma95,daemon1024
LABELS: "help wanted"
BODY: |
### Tasks
- [ ] Test and Publish KubeArmor Operator on Red Hat
- [ ] Publish helm chart on kubearmor/charts repo
- [ ] Update KubeArmor Listing on AWS Marketplace
# - [ ] Update KubeArmor Listing on Oracle Marketplace
Assignees: @kubearmor/triagers
Refer the documentation [here](https://github.com/kubearmor/KubeArmor/wiki/Update-KubeArmor-Marketplace-Releases) for update listing instructions.