From 767df57d0d3217760eca39be0ca40f31da9cd12e Mon Sep 17 00:00:00 2001 From: Moritz Wiesinger Date: Tue, 5 Sep 2023 09:22:56 +0200 Subject: [PATCH 1/3] add dummy releases Signed-off-by: Moritz Wiesinger --- .release-please-manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 7a95c567ec..7075efa229 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1 +1 @@ -{".":"0.8.1","klt-cert-manager":"1.1.0","runtimes/python-runtime":"1.0.0","runtimes/deno-runtime":"1.0.1"} +{".":"0.8.1","klt-cert-manager":"1.1.0","runtimes/python-runtime":"1.0.0","runtimes/deno-runtime":"1.0.1","lifecycle-operator":"0.8.1","scheduler":"0.8.1"} From 16234a437294210e85cda833a14dc80ed93dbcbb Mon Sep 17 00:00:00 2001 From: Moritz Wiesinger Date: Tue, 5 Sep 2023 09:27:23 +0200 Subject: [PATCH 2/3] debugging Signed-off-by: Moritz Wiesinger --- .github/workflows/release.yml | 112 +--------------------------------- 1 file changed, 1 insertion(+), 111 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7731f9cb2c..e33cc27aff 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,7 +39,7 @@ jobs: id: release with: command: manifest - token: ${{ secrets.KEPTN_BOT_TOKEN }} + token: ${{ secrets.PAT }} default-branch: main signoff: "keptn-bot <86361500+keptn-bot@users.noreply.github.com>" @@ -124,113 +124,3 @@ jobs: }); console.log("release matrix: " + JSON.stringify({ config: releaseMatrix })); return { config: releaseMatrix }; - - build-release: - if: needs.release-please.outputs.releases-created == 'true' - needs: - - release-please - strategy: - matrix: ${{ fromJson(needs.release-please.outputs.build-matrix) }} - runs-on: ubuntu-22.04 - permissions: - contents: write - packages: write - id-token: write - env: - IMAGE_NAME: ghcr.io/keptn/${{ matrix.config.name }} - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - submodules: recursive - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v2 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: "ghcr.io" - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up Cosign - uses: sigstore/cosign-installer@v3.1.1 - - - name: Clean up image tag - id: clean-image-tag - env: - IMAGE_TAG: ${{ matrix.config.tagName }} - run: | - # Remove artifact prefix from tag so that we get clean image tags - temp="${IMAGE_TAG##klt-}" - temp="${temp##cert-manager-}" - temp="${temp##python-runtime-}" - temp="${temp##deno-runtime-}" - temp="${temp##scheduler-}" - temp="${temp##lifecycle-operator-}" - echo "IMAGE_TAG=${temp##metrics-operator-}" >> "$GITHUB_OUTPUT" - - - name: Build Docker Image - id: docker_build_image - uses: docker/build-push-action@v4 - with: - context: ${{ matrix.config.folder }} - platforms: linux/amd64,linux/arm64 - target: production - tags: | - ${{ env.IMAGE_NAME }}:${{ steps.clean-image-tag.outputs.IMAGE_TAG }} - build-args: | - GIT_HASH=${{ env.GIT_SHA }} - RELEASE_VERSION=dev-${{ env.DATETIME }} - BUILD_TIME=${{ env.BUILD_TIME }} - CONTROLLER_TOOLS_VERSION=${{ env.CONTROLLER_TOOLS_VERSION }} - SCHEDULER_COMPATIBLE_K8S_VERSION=${{ env.SCHEDULER_COMPATIBLE_K8S_VERSION }} - builder: ${{ steps.buildx.outputs.name }} - push: true - cache-from: type=gha,scope=${{ github.ref_name }}-${{ matrix.config.name }} - cache-to: type=gha,scope=${{ github.ref_name }}-${{ matrix.config.name }} - - - name: Sign container image - env: - IMAGE_DIGEST: ${{ steps.docker_build_image.outputs.digest }} - run: | - cosign sign --yes ${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }} - cosign verify \ - --certificate-identity-regexp="https://github.com/keptn/lifecycle-toolkit/.*" \ - --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \ - ${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }} - - - name: Generate SBOM - uses: anchore/sbom-action@v0.14.3 - with: - image: ${{ env.IMAGE_NAME }}:${{ steps.clean-image-tag.outputs.IMAGE_TAG }} - artifact-name: sbom-${{ matrix.config.name }} - output-file: ./sbom-${{ matrix.config.name }}.spdx.json - - - name: Attach SBOM to release - uses: softprops/action-gh-release@v1 - with: - tag_name: ${{ matrix.config.tagName }} - files: ./sbom-${{ matrix.config.name }}.spdx.json - - update-docs: - name: Update Documentation - needs: - - release-please - if: needs.release-please.outputs.klt-release-created == 'true' - with: - tag_name: ${{ needs.release-please.outputs.klt-tag-name }} - uses: keptn/docs-tooling/.github/workflows/release-docs.yml@v0.1.4 - secrets: inherit - - update-examples: - name: Update examples - needs: - - release-please - if: needs.release-please.outputs.klt-release-created == 'true' - with: - tag_name: ${{ needs.release-please.outputs.klt-tag-name }} - uses: ./.github/workflows/release-examples.yml - secrets: inherit From dfc8ad16ca24e633b0bf22bd6ece958ec3378520 Mon Sep 17 00:00:00 2001 From: Moritz Wiesinger Date: Tue, 5 Sep 2023 09:30:05 +0200 Subject: [PATCH 3/3] Revert "debugging" This reverts commit b3b43f17823a9bc9096f9e495ddcb1c943f0f9fb. Signed-off-by: Moritz Wiesinger --- .github/workflows/release.yml | 112 +++++++++++++++++++++++++++++++++- 1 file changed, 111 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e33cc27aff..7731f9cb2c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,7 +39,7 @@ jobs: id: release with: command: manifest - token: ${{ secrets.PAT }} + token: ${{ secrets.KEPTN_BOT_TOKEN }} default-branch: main signoff: "keptn-bot <86361500+keptn-bot@users.noreply.github.com>" @@ -124,3 +124,113 @@ jobs: }); console.log("release matrix: " + JSON.stringify({ config: releaseMatrix })); return { config: releaseMatrix }; + + build-release: + if: needs.release-please.outputs.releases-created == 'true' + needs: + - release-please + strategy: + matrix: ${{ fromJson(needs.release-please.outputs.build-matrix) }} + runs-on: ubuntu-22.04 + permissions: + contents: write + packages: write + id-token: write + env: + IMAGE_NAME: ghcr.io/keptn/${{ matrix.config.name }} + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: recursive + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: "ghcr.io" + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Cosign + uses: sigstore/cosign-installer@v3.1.1 + + - name: Clean up image tag + id: clean-image-tag + env: + IMAGE_TAG: ${{ matrix.config.tagName }} + run: | + # Remove artifact prefix from tag so that we get clean image tags + temp="${IMAGE_TAG##klt-}" + temp="${temp##cert-manager-}" + temp="${temp##python-runtime-}" + temp="${temp##deno-runtime-}" + temp="${temp##scheduler-}" + temp="${temp##lifecycle-operator-}" + echo "IMAGE_TAG=${temp##metrics-operator-}" >> "$GITHUB_OUTPUT" + + - name: Build Docker Image + id: docker_build_image + uses: docker/build-push-action@v4 + with: + context: ${{ matrix.config.folder }} + platforms: linux/amd64,linux/arm64 + target: production + tags: | + ${{ env.IMAGE_NAME }}:${{ steps.clean-image-tag.outputs.IMAGE_TAG }} + build-args: | + GIT_HASH=${{ env.GIT_SHA }} + RELEASE_VERSION=dev-${{ env.DATETIME }} + BUILD_TIME=${{ env.BUILD_TIME }} + CONTROLLER_TOOLS_VERSION=${{ env.CONTROLLER_TOOLS_VERSION }} + SCHEDULER_COMPATIBLE_K8S_VERSION=${{ env.SCHEDULER_COMPATIBLE_K8S_VERSION }} + builder: ${{ steps.buildx.outputs.name }} + push: true + cache-from: type=gha,scope=${{ github.ref_name }}-${{ matrix.config.name }} + cache-to: type=gha,scope=${{ github.ref_name }}-${{ matrix.config.name }} + + - name: Sign container image + env: + IMAGE_DIGEST: ${{ steps.docker_build_image.outputs.digest }} + run: | + cosign sign --yes ${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }} + cosign verify \ + --certificate-identity-regexp="https://github.com/keptn/lifecycle-toolkit/.*" \ + --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \ + ${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }} + + - name: Generate SBOM + uses: anchore/sbom-action@v0.14.3 + with: + image: ${{ env.IMAGE_NAME }}:${{ steps.clean-image-tag.outputs.IMAGE_TAG }} + artifact-name: sbom-${{ matrix.config.name }} + output-file: ./sbom-${{ matrix.config.name }}.spdx.json + + - name: Attach SBOM to release + uses: softprops/action-gh-release@v1 + with: + tag_name: ${{ matrix.config.tagName }} + files: ./sbom-${{ matrix.config.name }}.spdx.json + + update-docs: + name: Update Documentation + needs: + - release-please + if: needs.release-please.outputs.klt-release-created == 'true' + with: + tag_name: ${{ needs.release-please.outputs.klt-tag-name }} + uses: keptn/docs-tooling/.github/workflows/release-docs.yml@v0.1.4 + secrets: inherit + + update-examples: + name: Update examples + needs: + - release-please + if: needs.release-please.outputs.klt-release-created == 'true' + with: + tag_name: ${{ needs.release-please.outputs.klt-tag-name }} + uses: ./.github/workflows/release-examples.yml + secrets: inherit