Skip to content

Cherry pick #875 to release-1.2 (#883) #25

Cherry pick #875 to release-1.2 (#883)

Cherry pick #875 to release-1.2 (#883) #25

Workflow file for this run

name: release
on:
push:
# Sequence of patterns matched against refs/tags
tags:
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
env:
REGISTRY: ghcr.io
permissions:
contents: write
packages: write
jobs:
build-publish-release:
name: "release"
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Harden Runner
uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Setup buildx instance
uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
with:
use: true
- uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
key: ${{ runner.OS }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
path: |
~/go/pkg/mod
~/.cache/go-build
- uses: crazy-max/ghaction-github-runtime@056b8ec6661ce03a987ab8643a0edc346ae63fe3 # v2.2.0
- name: Get tag
run: |
echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
- name: Log in to the GHCR
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build eraser-manager
run: make docker-build-manager \
CACHE_FROM=type=gha,scope=eraser-manager \
CACHE_TO=type=gha,scope=eraser-manager,mode=max \
PLATFORM="linux/amd64,linux/arm64" \
OUTPUT_TYPE=type=registry \
GENERATE_ATTESTATIONS=true \
MANAGER_IMG=${{ env.REGISTRY }}/${GITHUB_REPOSITORY_OWNER}/eraser-manager:${TAG}
- name: Build remover
run: make docker-build-remover \
CACHE_FROM=type=gha,scope=eraser-node \
CACHE_TO=type=gha,scope=eraser-node,mode=max \
PLATFORM="linux/amd64,linux/arm64" \
OUTPUT_TYPE=type=registry \
GENERATE_ATTESTATIONS=true \
REMOVER_IMG=${{ env.REGISTRY }}/${GITHUB_REPOSITORY_OWNER}/remover:${TAG}
- name: Build collector
run: make docker-build-collector \
CACHE_FROM=type=gha,scope=collector \
CACHE_TO=type=gha,scope=collector,mode=max \
PLATFORM="linux/amd64,linux/arm64" \
OUTPUT_TYPE=type=registry \
GENERATE_ATTESTATIONS=true \
COLLECTOR_IMG=${{ env.REGISTRY }}/${GITHUB_REPOSITORY_OWNER}/collector:${TAG}
- name: Build Trivy scanner
run: make docker-build-trivy-scanner \
CACHE_FROM=type=gha,scope=trivy-scanner \
CACHE_TO=type=gha,scope=trivy-scanner,mode=max \
PLATFORM="linux/amd64,linux/arm64" \
OUTPUT_TYPE=type=registry \
GENERATE_ATTESTATIONS=true \
TRIVY_SCANNER_IMG=${{ env.REGISTRY }}/${GITHUB_REPOSITORY_OWNER}/eraser-trivy-scanner:${TAG}
- name: Create GitHub release
uses: marvinpinto/action-automatic-releases@919008cf3f741b179569b7a6fb4d8860689ab7f0 # v1.2.1
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
prerelease: false
- name: Publish Helm chart
uses: stefanprodan/helm-gh-pages@0ad2bb377311d61ac04ad9eb6f252fb68e207260 # v1.7.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
charts_dir: charts
target_dir: charts
linting: off