🌱 preparing tech-preview release (#3) #1

Workflow file for this run

.github/workflows/release.yml at 7f7925f

	name: Release
	on:
	push:
	tags:
	- "v" # Push events to matching v, i.e. v1.0, v20.15.10
	env:
	REGISTRY: ghcr.io/sovereigncloudstack
	metadata_flavor: latest=true
	metadata_tags: type=ref,event=tag
	permissions:
	contents: write
	packages: write
	# Required to generate OIDC tokens for `sigstore/cosign-installer` authentication
	id-token: write
	jobs:
	manager-image:
	name: Build and push manager image
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
	with:
	fetch-depth: 0
	- uses: ./.github/actions/setup-go
	- name: Set up QEMU
	uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 # v2

	- name: Generate metadata cso
	id: metacso
	uses: ./.github/actions/metadata
	env:
	IMAGE_NAME: cso
	with:
	metadata_flavor: ${{ env.metadata_flavor }}
	metadata_tags: ${{ env.metadata_tags }}

	- name: Login to ghcr.io for CI
	uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Install Cosign
	uses: sigstore/cosign-installer@dd6b2e2b610a11fd73dd187a43d57cc1394e35f9 # v3.0.5

	- name: Install Bom
	shell: bash
	run: \|
	curl -L https://github.com/kubernetes-sigs/bom/releases/download/v0.4.1/bom-linux-amd64 -o bom
	sudo mv ./bom /usr/local/bin/bom
	sudo chmod +x /usr/local/bin/bom

	- name: Setup Env
	run: \|
	DOCKER_BUILD_LDFLAGS="$(hack/version.sh)"
	echo 'DOCKER_BUILD_LDFLAGS<<EOF' >> $GITHUB_ENV
	echo $DOCKER_BUILD_LDFLAGS >> $GITHUB_ENV
	echo 'EOF' >> $GITHUB_ENV

	- name: Build and push cso image
	uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4
	id: docker_build_release_cso
	with:
	provenance: false
	context: .
	file: ./images/cso/Dockerfile
	push: true
	build-args: \|
	LDFLAGS=${{ env.DOCKER_BUILD_LDFLAGS }}
	tags: ${{ steps.metacso.outputs.tags }}
	labels: ${{ steps.metacso.outputs.labels }}
	platforms: linux/amd64
	cache-from: type=gha, scope=${{ github.workflow }}
	cache-to: type=gha, mode=max, scope=${{ github.workflow }}

	- name: Sign Container Images
	env:
	COSIGN_EXPERIMENTAL: "true"
	run: \|
	cosign sign --yes ghcr.io/sovereigncloudstack/cso@${{ steps.docker_build_release_cso.outputs.digest }}

	- name: Generate SBOM CSO
	shell: bash
	# To-Do: generate SBOM from source after https://github.com/kubernetes-sigs/bom/issues/202 is fixed
	# To-Do: format SBOM output to json after cosign v2.0 is released with https://github.com/sigstore/cosign/pull/2479
	run: \|
	bom generate -o sbom_ci_main_cso_${{ steps.metacso.outputs.version }}.spdx \
	--image=ghcr.io/sovereigncloudstack/cso:${{ steps.metacso.outputs.version }}

	- name: Attach SBOM to Container Images cso
	run: \|
	cosign attach sbom --sbom sbom_ci_main_cso_${{ steps.metacso.outputs.version }}.spdx ghcr.io/sovereigncloudstack/cso@${{ steps.docker_build_release_cso.outputs.digest }}

	- name: Sign SBOM Images cso
	env:
	COSIGN_EXPERIMENTAL: "true"
	run: \|
	docker_build_release_digest="${{ steps.docker_build_release_cso.outputs.digest }}"
	image_name="ghcr.io/sovereigncloudstack/cso:${docker_build_release_digest/:/-}.sbom"
	docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} \| sha256sum \| head -c 64)"
	cosign sign --yes "ghcr.io/sovereigncloudstack/cso@${docker_build_release_sbom_digest}"

	- name: Image Releases digests cso
	shell: bash
	run: \|
	mkdir -p image-digest/
	echo "ghcr.io/sovereigncloudstack/cso:{{ steps.metacso.outputs.version }}@${{ steps.docker_build_release_cso.outputs.digest }}" >> image-digest/cso.txt

	# Upload artifact digests
	- name: Upload artifact digests
	uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
	with:
	name: image-digest cso
	path: image-digest
	retention-days: 90

	- name: Image Digests Output
	shell: bash
	run: \|
	cd image-digest/
	find -type f \| sort \| xargs -d '\n' cat

	release:
	name: Create draft release
	runs-on: ubuntu-latest
	needs:
	- manager-image
	steps:
	- name: Set env
	run: echo "RELEASE_TAG=${GITHUB_REF:10}" >> $GITHUB_ENV

	- name: checkout code
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
	with:
	fetch-depth: 0

	- name: Install go
	uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
	with:
	go-version-file: "go.mod"
	cache: true
	cache-dependency-path: go.sum

	- name: install kustomize
	run: \|
	make kustomize

	- name: generate release artifacts
	run: \|
	make release

	- name: generate release notes
	run: \|
	make release-notes

	- name: Release
	uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
	with:
	draft: true
	files: out/*
	body_path: _releasenotes/${{ env.RELEASE_TAG }}.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🌱 preparing tech-preview release (#3) #1

Workflow file

🌱 preparing tech-preview release (#3) #1

Jobs

Run details

Workflow file for this run