forked from kubearmor/KubeArmor
-
Notifications
You must be signed in to change notification settings - Fork 0
170 lines (142 loc) · 6.17 KB
/
ci-stable-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
name: ci-stable-release
on:
push:
branches: [main, "operator-refactor"]
paths:
- "STABLE-RELEASE"
env:
PLATFORM: linux/amd64,linux/arm64/v8
# Declare default permissions as read only.
permissions: read-all
jobs:
push-stable-version:
name: Create KubeArmor stable release
# if: github.repository == 'kubearmor/kubearmor'
runs-on: ubuntu-22.04
timeout-minutes: 60
steps:
- uses: actions/checkout@v3
- name: Install regctl
run: |
curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl
chmod 755 regctl
mv regctl /usr/local/bin
- name: Check install
run: regctl version
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_AUTHTOK }}
# - name: Generate the stable version of KubeArmor in Docker Hub
# run: |
# STABLE_VERSION=`cat STABLE-RELEASE`
# regctl image copy rksharma95/kubearmor:$STABLE_VERSION rksharma95/kubearmor:stable --digest-tags
# regctl image copy rksharma95/kubearmor-init:$STABLE_VERSION rksharma95/kubearmor-init:stable --digest-tags
# regctl image copy rksharma95/kubearmor-ubi:$STABLE_VERSION rksharma95/kubearmor-ubi:stable --digest-tags
# regctl image copy rksharma95/kubearmor-controller:$STABLE_VERSION rksharma95/kubearmor-controller:stable --digest-tags
# # regctl image copy rksharma95/kubearmor-operator:$STABLE_VERSION rksharma95/kubearmor-operator:stable --digest-tags
# regctl image copy rksharma95/kubearmor-snitch:$STABLE_VERSION rksharma95/kubearmor-snitch:stable --digest-tags
build-and-push-operator-image:
name: Rebuild Operator Image
# if: github.repository == 'kubearmor/kubearmor'
runs-on: ubuntu-22.04
permissions:
contents: write
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v5
with:
go-version-file: 'pkg/KubeArmorOperator/go.mod'
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
platforms: linux/amd64,linux/arm64/v8
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_AUTHTOK }}
- name: Get Stable Version
id: version
run: |
echo stable=`cat STABLE-RELEASE` >> $GITHUB_OUTPUT
relay_version=$(curl https://raw.githubusercontent.com/kubearmor/kubearmor-relay-server/main/STABLE-RELEASE)
echo "relay=${relay_version}" >> $GITHUB_OUTPUT
- name: Pin Versioned Images
working-directory: ./deployments
run: |
VERSION=${{ steps.version.outputs.stable }} RELAY_VERSION=${{ steps.version.outputs.relay }} make pin-version
- name: Update Chart Version
working-directory: ./deployments
run: |
VERSION=${{ steps.version.outputs.stable }} make chart-version
- name: Use embeded chart
working-directory: ./deployments
run: |
VERSION=${{ steps.version.outputs.stable }} make embed-chart
- name: Build & Push KubeArmor Operator
working-directory: ./pkg/KubeArmorOperator
run: |
PLATFORM=$PLATFORM OPERATOR_IMG=rksharma95/kubearmor-operator \
make docker-buildx-operator VERSION=${{ steps.version.outputs.stable }}
- name: Install regctl
run: |
curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl
chmod 755 regctl
mv regctl /usr/local/bin
- name: Check install
run: regctl version
- name: Generate the stable version of KubeArmor Operator in Docker Hub
run: |
regctl image copy rksharma95/kubearmor-operator:${{ steps.version.outputs.stable }} rksharma95/kubearmor-operator:stable --digest-tags
# - name: Publish Helm chart
# env:
# # Access token which can push to a different repo in the same org
# GH_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}
# run: |
# STABLE_VERSION=`cat STABLE-RELEASE`
# gh release create --repo rksharma95/charts $STABLE_VERSION --generate-notes
update-helm-chart:
name: Update KubeArmor Helm chart version
# if: github.repository == 'kubearmor/kubearmor'
needs: ["build-and-push-operator-image"]
runs-on: ubuntu-22.04
timeout-minutes: 20
permissions:
contents: write
pull-requests: write
steps:
- uses: actions/checkout@v3
- name: Get Stable Version
id: version
run: |
echo stable=`cat STABLE-RELEASE` >> $GITHUB_OUTPUT
relay_version=$(curl https://raw.githubusercontent.com/kubearmor/kubearmor-relay-server/main/STABLE-RELEASE)
echo "relay=${relay_version}" >> $GITHUB_OUTPUT
- name: Use Versioned Images
working-directory: ./deployments
run: |
VERSION=${{ steps.version.outputs.stable }} RELAY_VERSION=${{ steps.version.output.relay }} make pin-version
- name: Update Chart Version
working-directory: ./deployments
run: |
VERSION=${{ steps.version.outputs.stable }} make chart-version
- name: Use embeded chart
working-directory: ./deployments
run: |
VERSION=${{ steps.version.outputs.stable }} make embed-chart
- name: Create PR to update Helm chart version in KubeArmor repo
uses: peter-evans/create-pull-request@v5
with:
branch: update-helm-${{ steps.version.outputs.stable }}
add-paths: "deployments/*"
commit-message: "[skip ci] Update Helm Chart To ${{ steps.version.outputs.stable }}"
committer: "github-actions[bot] <github-actions[bot]@users.noreply.github.com>"
author: "github-actions[bot] <github-actions[bot]@users.noreply.github.com>"
title: "[skip ci] Update Helm Chart To ${{ steps.version.outputs.stable }}"
base: main
signoff: true
delete-branch: true