Skip to content

chore: Prepare v1.3.1 release (#973) #29

chore: Prepare v1.3.1 release (#973)

chore: Prepare v1.3.1 release (#973) #29

Workflow file for this run

name: release
on:
push:
# Sequence of patterns matched against refs/tags
tags:
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
env:
REGISTRY: ghcr.io
permissions:
contents: write
packages: write
jobs:
build-publish-release:
name: "release"
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
with:
egress-policy: audit
- name: Check out code into the Go module directory
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup buildx instance
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
with:
use: true
- uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
key: ${{ runner.OS }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
path: |
~/go/pkg/mod
~/.cache/go-build
- uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- name: Get tag
run: |
echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
- name: Log in to the GHCR
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build eraser-manager
run: make docker-build-manager \
CACHE_FROM=type=gha,scope=eraser-manager \
CACHE_TO=type=gha,scope=eraser-manager,mode=max \
PLATFORM="linux/amd64,linux/arm64" \
OUTPUT_TYPE=type=registry \
GENERATE_ATTESTATIONS=true \
MANAGER_IMG=${{ env.REGISTRY }}/${GITHUB_REPOSITORY_OWNER}/eraser-manager:${TAG}
- name: Build remover
run: make docker-build-remover \
CACHE_FROM=type=gha,scope=eraser-node \
CACHE_TO=type=gha,scope=eraser-node,mode=max \
PLATFORM="linux/amd64,linux/arm64" \
OUTPUT_TYPE=type=registry \
GENERATE_ATTESTATIONS=true \
REMOVER_IMG=${{ env.REGISTRY }}/${GITHUB_REPOSITORY_OWNER}/remover:${TAG}
- name: Build collector
run: make docker-build-collector \
CACHE_FROM=type=gha,scope=collector \
CACHE_TO=type=gha,scope=collector,mode=max \
PLATFORM="linux/amd64,linux/arm64" \
OUTPUT_TYPE=type=registry \
GENERATE_ATTESTATIONS=true \
COLLECTOR_IMG=${{ env.REGISTRY }}/${GITHUB_REPOSITORY_OWNER}/collector:${TAG}
- name: Build Trivy scanner
run: make docker-build-trivy-scanner \
CACHE_FROM=type=gha,scope=trivy-scanner \
CACHE_TO=type=gha,scope=trivy-scanner,mode=max \
PLATFORM="linux/amd64,linux/arm64" \
OUTPUT_TYPE=type=registry \
GENERATE_ATTESTATIONS=true \
TRIVY_SCANNER_IMG=${{ env.REGISTRY }}/${GITHUB_REPOSITORY_OWNER}/eraser-trivy-scanner:${TAG}
- name: Create GitHub release
uses: marvinpinto/action-automatic-releases@919008cf3f741b179569b7a6fb4d8860689ab7f0 # v1.2.1
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
prerelease: false
- name: Publish Helm chart
uses: stefanprodan/helm-gh-pages@0ad2bb377311d61ac04ad9eb6f252fb68e207260 # v1.7.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
charts_dir: charts
target_dir: charts
linting: off