Clarify release for deprecated registry field removals #8573
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- main | |
- "release/**" | |
tags: | |
- "v*" # Push events to matching v*, i.e. v1.0, v20.15.10 | |
pull_request: | |
branches: | |
- main | |
- "release/**" | |
name: Release | |
env: | |
GO_VERSION: "1.23.3" | |
permissions: # added using https://github.com/step-security/secure-workflows | |
contents: read | |
jobs: | |
check: | |
name: Check Signed Tag | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
runs-on: ubuntu-24.04 | |
timeout-minutes: 5 | |
outputs: | |
stringver: ${{ steps.contentrel.outputs.stringver }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
ref: ${{ github.ref }} | |
path: src/github.com/containerd/containerd | |
- name: Check signature | |
run: | | |
releasever=${{ github.ref }} | |
releasever="${releasever#refs/tags/}" | |
TAGCHECK=$(git tag -v ${releasever} 2>&1 >/dev/null) || | |
echo "${TAGCHECK}" | grep -q "error" && { | |
echo "::error::tag ${releasever} is not a signed tag. Failing release process." | |
exit 1 | |
} || { | |
echo "Tag ${releasever} is signed." | |
exit 0 | |
} | |
working-directory: src/github.com/containerd/containerd | |
- name: Release content | |
id: contentrel | |
run: | | |
RELEASEVER=${{ github.ref }} | |
echo "stringver=${RELEASEVER#refs/tags/v}" >> $GITHUB_OUTPUT | |
git tag -l ${RELEASEVER#refs/tags/} -n20000 | tail -n +3 | cut -c 5- >release-notes.md | |
working-directory: src/github.com/containerd/containerd | |
- name: Save release notes | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: containerd-release-notes | |
path: src/github.com/containerd/containerd/release-notes.md | |
build: | |
name: Build Release Binaries | |
runs-on: ubuntu-20.04 | |
timeout-minutes: 30 | |
strategy: | |
matrix: | |
include: | |
# Ubuntu 22.04 can't be used until we drop support for binary compatibility with dynamically-linked glibc 2.17 (CentOS 7). | |
# https://github.com/containerd/containerd/issues/7255 | |
# https://github.com/containerd/containerd/issues/7961 | |
- dockerfile-ubuntu: 20.04 | |
dockerfile-platform: linux/amd64 | |
- dockerfile-ubuntu: 20.04 | |
dockerfile-platform: linux/arm64 | |
- dockerfile-ubuntu: 20.04 | |
dockerfile-platform: linux/ppc64le | |
- dockerfile-ubuntu: 20.04 | |
dockerfile-platform: linux/s390x | |
- dockerfile-ubuntu: 20.04 | |
dockerfile-platform: linux/riscv64 | |
- dockerfile-ubuntu: 20.04 | |
dockerfile-platform: windows/amd64 | |
steps: | |
- name: Set RELEASE_VER | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
shell: bash | |
run: | | |
releasever=${{ github.ref }} | |
releasever="${releasever#refs/tags/}" | |
echo "RELEASE_VER=${releasever}" >> $GITHUB_ENV | |
- name: Checkout containerd | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
# Intentionally use github.repository instead of containerd/containerd to | |
# make this action runnable on forks. | |
# See https://github.com/containerd/containerd/issues/5098 for the context. | |
repository: ${{ github.repository }} | |
ref: ${{ github.ref }} | |
path: src/github.com/containerd/containerd | |
- name: Setup buildx instance | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
with: | |
use: true | |
- uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 | |
- name: Make | |
shell: bash | |
run: | | |
cache="--cache-from=type=gha,scope=containerd-release --cache-to=type=gha,scope=containerd-release" | |
if [[ "${PLATFORM}" =~ "windows" ]]; then | |
# For Windows the cni build script generates a config but shells out to powershell (and also assume it is running on windows) to get a gateway and subnet. | |
# The values provided here are taken from packages that we previously generated. | |
export GATEWAY=172.21.16.1 | |
export PREFIX_LEN=12 | |
BUILD_ARGS="--build-arg GATEWAY --build-arg PREFIX_LEN" | |
fi | |
docker buildx build ${cache} --build-arg RELEASE_VER --build-arg UBUNTU_VERSION=${{ matrix.dockerfile-ubuntu }} --build-arg GO_VERSION ${BUILD_ARGS} -f .github/workflows/release/Dockerfile --platform=${PLATFORM} -o releases/ . | |
echo PLATFORM_CLEAN=${PLATFORM/\//-} >> $GITHUB_ENV | |
# Remove symlinks since we don't want these in the release Artifacts (if any) | |
find ./releases/ -maxdepth 1 -type l | xargs rm -f | |
working-directory: src/github.com/containerd/containerd | |
env: | |
PLATFORM: ${{ matrix.dockerfile-platform }} | |
- name: Save Artifacts | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: release-tars-${{env.PLATFORM_CLEAN}} | |
path: src/github.com/containerd/containerd/releases/*.tar.gz* | |
release: | |
name: Create containerd Release | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
permissions: | |
contents: write | |
id-token: write | |
attestations: write | |
runs-on: ubuntu-24.04 | |
timeout-minutes: 10 | |
needs: [build, check] | |
steps: | |
- name: Download builds and release notes | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
path: builds | |
- name: Create Release | |
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
fail_on_unmatched_files: true | |
name: containerd ${{ needs.check.outputs.stringver }} | |
draft: false | |
prerelease: ${{ contains(github.ref, 'beta') || contains(github.ref, 'rc') }} | |
body_path: ./builds/containerd-release-notes/release-notes.md | |
files: | | |
builds/release-tars-**/* | |
make_latest: false | |
- name: Attest Artifacts | |
uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4 | |
with: | |
subject-path: ./builds/release-tars-**/*.tar.gz |