-
Notifications
You must be signed in to change notification settings - Fork 171
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Always build & test Zarf Agent during pull requests; publish latest Z…
…arf Agent on release (#651) - Adds the Zarf Agent (mutating webook) automatic build in test with the latest code - Fix issue with out of sync Zarf Agent image tag, always cut a new agent image before a release - Test the release once more before publishing - Full support for Linux ARM, closes Complete ARM Support #386
- Loading branch information
1 parent
939e68b
commit de395b7
Showing
15 changed files
with
211 additions
and
150 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,4 @@ | ||
name: Build Rust Binary | ||
|
||
env: | ||
zarfInjectorPath: 'src/injector/stage1/target/x86_64-unknown-linux-musl/release/zarf-injector' | ||
name: Publish Injector Stage I | ||
|
||
on: | ||
workflow_dispatch: | ||
|
@@ -12,48 +9,58 @@ on: | |
branchName: | ||
description: "Branch to build the injector from" | ||
required: false | ||
default: 'master' | ||
default: "master" | ||
|
||
jobs: | ||
build-injector: | ||
runs-on: ubuntu-latest | ||
runs-on: self-hosted | ||
steps: | ||
- name: "Dependency: Install cosign" | ||
uses: sigstore/[email protected] | ||
|
||
- name: "Dependency: Setup rust toolchain" | ||
run: | | ||
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path | ||
echo "$HOME/.cargo/bin" >> $GITHUB_PATH | ||
- name: "Checkout Repo" | ||
uses: actions/checkout@v3 | ||
with: | ||
ref: ${{ github.event.inputs.branchName }} | ||
|
||
- name: "Install cosign" | ||
uses: sigstore/[email protected] | ||
|
||
- name: "Install Rust And Build" | ||
uses: gmiam/[email protected] | ||
with: | ||
args: cargo build --target x86_64-unknown-linux-musl --release --manifest-path src/injector/stage1/Cargo.toml | ||
- name: "Build Rust Binary for x86_64" | ||
working-directory: src/injector/stage1 | ||
run: | | ||
cargo build --target x86_64-unknown-linux-musl --release | ||
strip target/x86_64-unknown-linux-musl/release/zarf-injector | ||
- name: "Strip The Binary Down" | ||
run: sudo strip ${{ env.zarfInjectorPath }} | ||
|
||
- name: "Upload Rust Binary" | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: zarf-injector | ||
path: ${{ env.zarfInjectorPath }} | ||
- name: "Build Rust Binary for aarch64" | ||
working-directory: src/injector/stage1 | ||
run: | | ||
rustup target add aarch64-unknown-linux-musl | ||
curl https://musl.cc/aarch64-linux-musl-cross.tgz | tar -xz | ||
export PATH="$PWD/aarch64-linux-musl-cross/bin:$PATH" | ||
cargo build --target aarch64-unknown-linux-musl --release | ||
aarch64-linux-musl-strip target/aarch64-unknown-linux-musl/release/zarf-injector | ||
- name: Login to Docker Hub | ||
uses: docker/login-action@v2 | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
|
||
- name: "Upload Binary To DockerHub" | ||
run: cosign upload blob -f ${{ env.zarfInjectorPath }} defenseunicorns/zarf-injector:${{ github.event.inputs.versionTag }} | ||
- name: "Upload Binaries To DockerHub" | ||
working-directory: src/injector/stage1/target | ||
run: | | ||
cosign upload blob -f x86_64-unknown-linux-musl/release/zarf-injector defenseunicorns/zarf-injector:amd64-${{ github.event.inputs.versionTag }} | ||
cosign upload blob -f aarch64-unknown-linux-musl/release/zarf-injector defenseunicorns/zarf-injector:arm64-${{ github.event.inputs.versionTag }} | ||
- name: "Sign the binary" | ||
run: cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-injector:${{ github.event.inputs.versionTag }} | ||
- name: "Sign the binaries" | ||
run: | | ||
cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-injector:amd64-${{ github.event.inputs.versionTag }} | ||
cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-injector:arm64-${{ github.event.inputs.versionTag }} | ||
env: | ||
COSIGN_EXPERIMENTAL: 1 | ||
AWS_REGION: ${{ secrets.COSIGN_AWS_REGION }} | ||
AWS_ACCESS_KEY_ID: ${{ secrets.COSIGN_AWS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.COSIGN_AWS_ACCESS_KEY }} | ||
|
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,11 +3,15 @@ on: | |
pull_request: | ||
types: [labeled, unlabeled, opened, edited, synchronize] | ||
|
||
# Abort prior jobs in the same workflow / PR | ||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.ref }} | ||
cancel-in-progress: true | ||
|
||
jobs: | ||
enforce: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: yogevbd/[email protected] | ||
with: | ||
BANNED_LABELS: "needs-docs,needs-tests,needs-adr,needs-git-sign-off" | ||
- uses: yogevbd/[email protected] | ||
with: | ||
BANNED_LABELS: "needs-docs,needs-tests,needs-adr,needs-git-sign-off" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.