Skip to content

test ocir helm chart release workflow #15

test ocir helm chart release workflow

test ocir helm chart release workflow #15

name: ci-marketplace-release
on:
workflow_dispatch:
workflow_run:
workflows:
- "ci-stable-release"
types:
- completed
push:
branches: [automate-marketplace-release]
jobs:
# certify-images-on-redhat:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# - name: install latest preflight
# run: |
# VERSION=$(curl -s https://api.github.com/repos/redhat-openshift-ecosystem/openshift-preflight/releases/latest | jq -r '.tag_name')
# sudo wget -O /usr/local/bin/preflight https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/$VERSION/preflight-linux-amd64
# sudo chmod +x /usr/local/bin/preflight
# - name: Login to Docker Hub
# uses: docker/login-action@v2
# with:
# username: ${{ secrets.DOCKER_USERNAME }}
# password: ${{ secrets.DOCKER_AUTHTOK }}
# - name: submit preflight results
# run: |
# repo="docker.io/kubearmor"
# repositories=("kubearmor-controller" "kubearmor-ubi" "kubearmor-init" "kubearmor-operator" "kubearmor-snitch")
# tag=`cat STABLE-RELEASE`
# certids=("{{secrets.CONTROLLER_OSPID}}" "{{secrets.KUBEARMOR_UBI_OSPID}}" "{{secrets.KUBEARMOR_INIT_OSPID}}" "{{secrets.OPERATOR_OSPID}}" "{{secrets.SNITCH_OSPID}}")
# pyxis="{{secrets.OS_PYXIS}}"
# # Loop through the repositories and target repositories
# platforms= ("amd64" "arm64")
# for ((i=0; i<${#repositories[@]}; i++)); do
# repository="$repo/${repositories[i]}"
# certid=${certids[i]}
# echo "Processing $repository image..."
# echo "Submitting image for $repository..."
# for ((j=0; j<${#platfroms[@]}; j++)); do
# preflight check container \
# $repository:$tag \
# --certification-project-id=$certid \
# --pyxis-api-token=$pyxis \
# --platform=${platforms[j]} \
# --docker-config=${HOME}/.docker/config.json \
# --artifacts=./artifacts/${repository} \
# --submit
# if [ $? -eq 0 ]; then
# echo "Successfully submitted image for $repository."
# else
# echo "Error: Failed to submit image for $repository."
# fi
# done
# done
# publish-images-to-ecr:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v3
# - name: Configure AWS credentials
# uses: aws-actions/configure-aws-credentials@v1
# with:
# aws-access-key-id: ${{ secret.AWS_ACCESS_KEY_ID }}
# aws-secret-access-key: ${{ secret.AWS_SECRET_ACCESS_KEY }}
# aws-region: ${{ env.AWS_REGION }}
# - name: Login to Amazon ECR
# run: |
# aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin {{ env.AWS_ECR_REGISTRY }}
# - name: Install regctl
# run: |
# curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl
# chmod 755 regctl
# mv regctl /usr/local/bin
# regctl version
# - name: Publish Images to ECR
# run: |
# # copy images to ecr registry
# regctl image copy kubearmor/kubearmor:$STABLE_VERSION {{env.AWS_ECR_REGISTRY}}/kubearmor:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-init:$STABLE_VERSION {{env.AWS_ECR_REGISTRY}}/kubearmor-init:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-ubi:$STABLE_VERSION {{env.AWS_ECR_REGISTRY}}/kubearmor-ubi:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-controller:$STABLE_VERSION {{env.AWS_ECR_REGISTRY}}/kubearmor-controller:stable --digest-tags
# regctl image copy kubearmor/kubearmor-operator:$STABLE_VERSION {{env.AWS_ECR_REGISTRY}}/kubearmor-operator:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-snitch:$STABLE_VERSION {{env.AWS_ECR_REGISTRY}}/kubearmor-snitch:$STABLE_VERSION --digest-tags
# publish-images-to-ocir:
# steps:
# - name: login to ocir registry
# run: |
# docker login {{ env.OCIR_REGION }} -u {{ env.OCIR_USERNAME }} -p {{ env.OCIR_AUTHTOKEN }}
# - name: Install regctl
# run: |
# curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl
# chmod 755 regctl
# mv regctl /usr/local/bin
# regctl version
# - name: Publish Images to OCIR
# run: |
# # copy images to ocir registry
# regctl image copy kubearmor/kubearmor:$STABLE_VERSION {{env.OCIR_REGISTRY}}/kubearmor:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-init:$STABLE_VERSION {{env.OCIR_REGISTRY}}/kubearmor-init:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-ubi:$STABLE_VERSION {{env.OCIR_REGISTRY}}/kubearmor-ubi:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-controller:$STABLE_VERSION {{env.OCIR_REGISTRY}}/kubearmor-controller:stable --digest-tags
# regctl image copy kubearmor/kubearmor-operator:$STABLE_VERSION {{env.OCIR_REGISTRY}}/kubearmor-operator:$STABLE_VERSION --digest-tags
# regctl image copy kubearmor/kubearmor-snitch:$STABLE_VERSION {{env.OCIR_REGISTRY}}/kubearmor-snitch:$STABLE_VERSION --digest-tags
# publish-aws-helm-chart:
# runs-on: ubuntu-latest
# needs: ["publish-images-to-ecr"]
# steps:
# - uses: actions/checkout@v3
# - uses: azure/setup-helm@v3
# - name: Login to AWS Helm
# run: |
# aws ecr get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin {{ env.AWS_ECR_REGISTRY }}
# - name: Generate version metadata
# id: metadata
# run: |
# version=`cat STABLE-RELEASE`
# relay_version=$(curl https://raw.githubusercontent.com/kubearmor/kubearmor-relay-server/main/STABLE-RELEASE)
# echo "version=${version}" >> $GITHUB_OUTPUT
# echo "relay_version=${relay_version}" >> $GITHUB_OUTPUT
# - name: Create and Publish Helm Chart
# uses: ./github/actions/mp-helm-action.yml
# with:
# registry: '{{ env.AWS_ECR_REGISTRY }}'
# version: '{{ steps.metadata.outputs.version }}'
# relay_version: '{{ steps.metadata.outputs.relay_version }}'
# helm_chart_path: './deployments/helm/KubeArmorOperator'
# helm_chart_name: 'kubearmor-operator-aws'
# - name: Publish Helm chart to KubeArmor helm repo
# uses: stefanprodan/helm-gh-pages@master
# with:
# # Access token which can push to a different repo in the same org
# token: ${{ secrets.GH_ACCESS_TOKEN }}
# charts_dir: deployments/helm/KubeArmorOperator
# # repo where charts would be published
# owner: kubearmor
# repository: charts
# branch: gh-pages
# charts_url: https://kubearmor.github.io/charts
# commit_username: "github-actions[bot]"
# commit_email: "github-actions[bot]@users.noreply.github.com"
publish-oci-helm-chart:
runs-on: ubuntu-latest
# needs: ["publish-images-to-ocir"]
steps:
- uses: actions/checkout@v3
- uses: azure/setup-helm@v3
- name: Login to OCI Helm
run: |
echo "${{ secrets.OCIR_AUTHTOKEN }}" | helm registry login ${{ vars.OCIR_REGION }} -u ${{ secrets.OCIR_USERNAME }} --password-stdin
- name: Generate version metadata
id: metadata
run: |
version=`cat STABLE-RELEASE`
relay_version=$(curl https://raw.githubusercontent.com/kubearmor/kubearmor-relay-server/main/STABLE-RELEASE)
echo "version=${version}" >> $GITHUB_OUTPUT
echo "relay_version=${relay_version}" >> $GITHUB_OUTPUT
- name: Create and Publish Helm Chart
uses: ./.github/actions/marketplace
with:
registry: '${{ vars.OCIR_REGISTRY }}'
version: '${{ steps.metadata.outputs.version }}'
relay_version: '${{ steps.metadata.outputs.relay_version }}'
helm_chart_path: './deployments/helm/KubeArmorOperator'
helm_chart_name: 'kubearmor-operator-oci'
# - name: Publish Helm chart to KubeArmor helm repo
# uses: stefanprodan/helm-gh-pages@master
# with:
# # Access token which can push to a different repo in the same org
# token: ${{ secrets.GH_ACCESS_TOKEN }}
# charts_dir: deployments/helm/KubeArmorOperator
# # repo where charts would be published
# owner: kubearmor
# repository: charts
# branch: gh-pages
# charts_url: https://kubearmor.github.io/charts
# commit_username: "github-actions[bot]"
# commit_email: "github-actions[bot]@users.noreply.github.com"