Skip to content

Bump version to prep for 0.16.2 (#774) #232

Bump version to prep for 0.16.2 (#774)

Bump version to prep for 0.16.2 (#774) #232

Workflow file for this run

name: build
on:
push:
branches:
- main
tags:
- v*
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v2
- name: setup go environment
uses: actions/setup-go@v2
with:
go-version: '1.20'
- name: download dependencies
run: make bootstrap
- name: run unit tests
run: make test
- name: build binaries
run: make build-cross
- name: run acceptance tests
run: sudo pip install virtualenv && make acceptance
- name: Prepare
id: prepare
run: |
DOCKER_IMAGE=ghcr.io/helm/chartmuseum
DOCKER_PLATFORMS=linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/386
VERSION=canary
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/}
fi
TAGS="--tag ${DOCKER_IMAGE}:${VERSION}"
echo ::set-output name=docker_image::${DOCKER_IMAGE}
echo ::set-output name=version::${VERSION}
echo ::set-output name=buildx_args::--platform ${DOCKER_PLATFORMS} \
--build-arg revision=$(git rev-parse --short HEAD) \
${TAGS} .
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
with:
version: v0.9.1
- name: Available platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Docker Login
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker Buildx (build and push)
run: |
docker buildx build --no-cache --pull --output "type=image,push=true" ${{ steps.prepare.outputs.buildx_args }}
- name: Docker Check Manifest
run: |
docker run --rm mplatform/mquery ${{ steps.prepare.outputs.docker_image }}:${{ steps.prepare.outputs.version }}
- name: Install Kubernetes SBOM Tool
uses: puerco/bom-installer@aa0837e37b6965b5fc50adfad0683ec3c0a2c2c4
- name: Install sigstore cosign
uses: sigstore/cosign-installer@main
with:
cosign-version: 'v2.2.4'
- name: Release artifacts (includes SBOM and signatures)
id: release-artifacts
env:
AZURE_STORAGE_CONNECTION_STRING: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING }}
AZURE_STORAGE_CONTAINER_NAME: ${{ secrets.AZURE_STORAGE_CONTAINER_NAME }}
COSIGN_EXPERIMENTAL: "true"
run: |
SKIP_BUILD=true VERSION="${{ steps.prepare.outputs.version }}" ./scripts/release-artifacts.sh
- name: Sign the published images (via GitHub OIDC token)
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign --yes ${{ steps.prepare.outputs.docker_image }}:${{ steps.prepare.outputs.version }}
- name: Attach SBOM to published images
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign attach sbom --sbom _dist/chartmuseum-${{ steps.prepare.outputs.version }}.spdx ${{ steps.prepare.outputs.docker_image }}:${{ steps.prepare.outputs.version }}
- name: Clear
if: always()
run: |
rm -f ${HOME}/.docker/config.json
- name: upload coverage report
uses: actions/upload-artifact@main
with:
name: chartmuseum-coverage-report-${{ github.sha }}
path: .cover/
if: always()
- name: upload acceptance test report
uses: actions/upload-artifact@main
with:
name: chartmuseum-acceptance-report-${{ github.sha }}
path: .robot/
if: always()