test ocir helm chart release workflow #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci-marketplace-release | |
on: | |
workflow_dispatch: | |
workflow_run: | |
workflows: | |
- "ci-stable-release" | |
types: | |
- completed | |
push: | |
branches: [automate-marketplace-release] | |
jobs: | |
# certify-images-on-redhat: | |
# runs-on: ubuntu-latest | |
# steps: | |
# - uses: actions/checkout@v3 | |
# - name: install latest preflight | |
# run: | | |
# VERSION=$(curl -s https://api.github.com/repos/redhat-openshift-ecosystem/openshift-preflight/releases/latest | jq -r '.tag_name') | |
# sudo wget -O /usr/local/bin/preflight https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/$VERSION/preflight-linux-amd64 | |
# sudo chmod +x /usr/local/bin/preflight | |
# - name: Login to Docker Hub | |
# uses: docker/login-action@v2 | |
# with: | |
# username: ${{ secrets.DOCKER_USERNAME }} | |
# password: ${{ secrets.DOCKER_AUTHTOK }} | |
# - name: submit preflight results | |
# run: | | |
# repo="docker.io/kubearmor" | |
# repositories=("kubearmor-controller" "kubearmor-ubi" "kubearmor-init" "kubearmor-operator" "kubearmor-snitch") | |
# tag=`cat STABLE-RELEASE` | |
# certids=("{{secrets.CONTROLLER_OSPID}}" "{{secrets.KUBEARMOR_UBI_OSPID}}" "{{secrets.KUBEARMOR_INIT_OSPID}}" "{{secrets.OPERATOR_OSPID}}" "{{secrets.SNITCH_OSPID}}") | |
# pyxis="{{secrets.OS_PYXIS}}" | |
# # Loop through the repositories and target repositories | |
# platforms= ("amd64" "arm64") | |
# for ((i=0; i<${#repositories[@]}; i++)); do | |
# repository="$repo/${repositories[i]}" | |
# certid=${certids[i]} | |
# echo "Processing $repository image..." | |
# echo "Submitting image for $repository..." | |
# for ((j=0; j<${#platfroms[@]}; j++)); do | |
# preflight check container \ | |
# $repository:$tag \ | |
# --certification-project-id=$certid \ | |
# --pyxis-api-token=$pyxis \ | |
# --platform=${platforms[j]} \ | |
# --docker-config=${HOME}/.docker/config.json \ | |
# --artifacts=./artifacts/${repository} \ | |
# --submit | |
# if [ $? -eq 0 ]; then | |
# echo "Successfully submitted image for $repository." | |
# else | |
# echo "Error: Failed to submit image for $repository." | |
# fi | |
# done | |
# done | |
# publish-images-to-ecr: | |
# runs-on: ubuntu-latest | |
# steps: | |
# - uses: actions/checkout@v3 | |
# - name: Configure AWS credentials | |
# uses: aws-actions/configure-aws-credentials@v1 | |
# with: | |
# aws-access-key-id: ${{ secret.AWS_ACCESS_KEY_ID }} | |
# aws-secret-access-key: ${{ secret.AWS_SECRET_ACCESS_KEY }} | |
# aws-region: ${{ env.AWS_REGION }} | |
# - name: Login to Amazon ECR | |
# run: | | |
# aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin {{ env.AWS_ECR_REGISTRY }} | |
# - name: Install regctl | |
# run: | | |
# curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl | |
# chmod 755 regctl | |
# mv regctl /usr/local/bin | |
# regctl version | |
# - name: Publish Images to ECR | |
# run: | | |
# # copy images to ecr registry | |
# regctl image copy kubearmor/kubearmor:$STABLE_VERSION {{env.AWS_ECR_REGISTRY}}/kubearmor:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-init:$STABLE_VERSION {{env.AWS_ECR_REGISTRY}}/kubearmor-init:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-ubi:$STABLE_VERSION {{env.AWS_ECR_REGISTRY}}/kubearmor-ubi:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-controller:$STABLE_VERSION {{env.AWS_ECR_REGISTRY}}/kubearmor-controller:stable --digest-tags | |
# regctl image copy kubearmor/kubearmor-operator:$STABLE_VERSION {{env.AWS_ECR_REGISTRY}}/kubearmor-operator:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-snitch:$STABLE_VERSION {{env.AWS_ECR_REGISTRY}}/kubearmor-snitch:$STABLE_VERSION --digest-tags | |
# publish-images-to-ocir: | |
# steps: | |
# - name: login to ocir registry | |
# run: | | |
# docker login {{ env.OCIR_REGION }} -u {{ env.OCIR_USERNAME }} -p {{ env.OCIR_AUTHTOKEN }} | |
# - name: Install regctl | |
# run: | | |
# curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl | |
# chmod 755 regctl | |
# mv regctl /usr/local/bin | |
# regctl version | |
# - name: Publish Images to OCIR | |
# run: | | |
# # copy images to ocir registry | |
# regctl image copy kubearmor/kubearmor:$STABLE_VERSION {{env.OCIR_REGISTRY}}/kubearmor:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-init:$STABLE_VERSION {{env.OCIR_REGISTRY}}/kubearmor-init:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-ubi:$STABLE_VERSION {{env.OCIR_REGISTRY}}/kubearmor-ubi:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-controller:$STABLE_VERSION {{env.OCIR_REGISTRY}}/kubearmor-controller:stable --digest-tags | |
# regctl image copy kubearmor/kubearmor-operator:$STABLE_VERSION {{env.OCIR_REGISTRY}}/kubearmor-operator:$STABLE_VERSION --digest-tags | |
# regctl image copy kubearmor/kubearmor-snitch:$STABLE_VERSION {{env.OCIR_REGISTRY}}/kubearmor-snitch:$STABLE_VERSION --digest-tags | |
# publish-aws-helm-chart: | |
# runs-on: ubuntu-latest | |
# needs: ["publish-images-to-ecr"] | |
# steps: | |
# - uses: actions/checkout@v3 | |
# - uses: azure/setup-helm@v3 | |
# - name: Login to AWS Helm | |
# run: | | |
# aws ecr get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin {{ env.AWS_ECR_REGISTRY }} | |
# - name: Generate version metadata | |
# id: metadata | |
# run: | | |
# version=`cat STABLE-RELEASE` | |
# relay_version=$(curl https://raw.githubusercontent.com/kubearmor/kubearmor-relay-server/main/STABLE-RELEASE) | |
# echo "version=${version}" >> $GITHUB_OUTPUT | |
# echo "relay_version=${relay_version}" >> $GITHUB_OUTPUT | |
# - name: Create and Publish Helm Chart | |
# uses: ./github/actions/mp-helm-action.yml | |
# with: | |
# registry: '{{ env.AWS_ECR_REGISTRY }}' | |
# version: '{{ steps.metadata.outputs.version }}' | |
# relay_version: '{{ steps.metadata.outputs.relay_version }}' | |
# helm_chart_path: './deployments/helm/KubeArmorOperator' | |
# helm_chart_name: 'kubearmor-operator-aws' | |
# - name: Publish Helm chart to KubeArmor helm repo | |
# uses: stefanprodan/helm-gh-pages@master | |
# with: | |
# # Access token which can push to a different repo in the same org | |
# token: ${{ secrets.GH_ACCESS_TOKEN }} | |
# charts_dir: deployments/helm/KubeArmorOperator | |
# # repo where charts would be published | |
# owner: kubearmor | |
# repository: charts | |
# branch: gh-pages | |
# charts_url: https://kubearmor.github.io/charts | |
# commit_username: "github-actions[bot]" | |
# commit_email: "github-actions[bot]@users.noreply.github.com" | |
publish-oci-helm-chart: | |
runs-on: ubuntu-latest | |
# needs: ["publish-images-to-ocir"] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: azure/setup-helm@v3 | |
- name: Login to OCI Helm | |
run: | | |
echo "${{ secrets.OCIR_AUTHTOKEN }}" | helm registry login ${{ vars.OCIR_REGION }} -u ${{ secrets.OCIR_USERNAME }} --password-stdin | |
- name: Generate version metadata | |
id: metadata | |
run: | | |
version=`cat STABLE-RELEASE` | |
relay_version=$(curl https://raw.githubusercontent.com/kubearmor/kubearmor-relay-server/main/STABLE-RELEASE) | |
echo "version=${version}" >> $GITHUB_OUTPUT | |
echo "relay_version=${relay_version}" >> $GITHUB_OUTPUT | |
- name: Create and Publish Helm Chart | |
uses: ./.github/actions/marketplace | |
with: | |
registry: '${{ vars.OCIR_REGISTRY }}' | |
version: '${{ steps.metadata.outputs.version }}' | |
relay_version: '${{ steps.metadata.outputs.relay_version }}' | |
helm_chart_path: './deployments/helm/KubeArmorOperator' | |
helm_chart_name: 'kubearmor-operator-oci' | |
# - name: Publish Helm chart to KubeArmor helm repo | |
# uses: stefanprodan/helm-gh-pages@master | |
# with: | |
# # Access token which can push to a different repo in the same org | |
# token: ${{ secrets.GH_ACCESS_TOKEN }} | |
# charts_dir: deployments/helm/KubeArmorOperator | |
# # repo where charts would be published | |
# owner: kubearmor | |
# repository: charts | |
# branch: gh-pages | |
# charts_url: https://kubearmor.github.io/charts | |
# commit_username: "github-actions[bot]" | |
# commit_email: "github-actions[bot]@users.noreply.github.com" |