Make a release #395
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Make a release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: Tag [e.g. 1.7.8-tetrate-v0] | |
| required: true | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| packages: write | |
| jobs: | |
| build_fips_proxy: | |
| # Only run this job when the release type equals "fips". | |
| if: false | |
| name: build fips proxy binary | |
| timeout-minutes: 1440 # 12 hours | |
| runs-on: ['self-hosted','Linux','x64','m5.large'] | |
| env: | |
| RELEASE_GCS_PATH: gs://getistio-build/proxy-fips | |
| steps: | |
| - name: Get normalized tag | |
| id: get_minor_ver | |
| run: echo ::set-output name=NORMALIZED_TAG::$(echo $TAG | sed 's/-.*//g') | |
| shell: bash | |
| env: | |
| TAG: ${{ github.event.inputs.tag }} | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: "istio/proxy" | |
| ref: ${{ steps.get_minor_ver.outputs.NORMALIZED_TAG }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v0 | |
| with: | |
| project_id: ${{ secrets.GCP_PROJECT_ID }} | |
| service_account_key: ${{ secrets.GCP_SA_KEY }} | |
| export_default_credentials: true | |
| - name: Check if already built | |
| id: check_already_built | |
| run: | | |
| set +e | |
| SHA=$(git rev-parse --verify HEAD) | |
| gsutil ls ${RELEASE_GCS_PATH} | grep ${SHA} | |
| echo ::set-output name=should_build::$? | |
| - name: Tweak make recipe | |
| if: ${{ steps.check_already_built.outputs.should_build == '1' }} | |
| # 1) remove unnecessary dependency on naive "build" target | |
| # 2) remove "-p" flag to not push and build container, | |
| # 3) replace RELEASE_GCS_PATH var with the literal due to docker build. | |
| # from push_release. | |
| run: | | |
| ESCAPED_RELEASE_GCS_PATH=$(printf '%s\n' "$RELEASE_GCS_PATH" | sed -e 's/[\/&]/\\&/g') | |
| sed -i "s/\-p//g; s/push_release: build/push_release:/g; s/\"\$(RELEASE_GCS_PATH)\"/${ESCAPED_RELEASE_GCS_PATH}/g" Makefile.core.mk | |
| - name: Tweak release-binary script | |
| if: ${{ steps.check_already_built.outputs.should_build == '1' }} | |
| # 1) Setup in-docker auth against gcloud | |
| # 2) Remove unnecessary debug build | |
| # 3) Remove unnecessary Wasm build and publish | |
| # Note that /work is the mount destination of the current home of make command with BUILD_WITH_CONTAINER=1. | |
| run: | | |
| CREDENTIAL_FILE_NAME=$(echo ${GOOGLE_APPLICATION_CREDENTIALS} | awk -F/ '{print $NF}') | |
| cp scripts/release-binary.sh scripts/release-binary.sh.tmp | |
| echo gcloud auth activate-service-account --key-file="/work/${CREDENTIAL_FILE_NAME}" > scripts/release-binary.sh | |
| cat scripts/release-binary.sh.tmp >> scripts/release-binary.sh | |
| sed -i 's/release release\-symbol debug/release release\-symbol/' scripts/release-binary.sh | |
| sed -i -n '/Build and publish Wasm plugins/q;p' scripts/release-binary.sh | |
| cat scripts/release-binary.sh | |
| - name: Add FIPS flag | |
| if: ${{ steps.check_already_built.outputs.should_build == '1' }} | |
| run: echo "build --define boringssl=fips" >> .bazelrc | |
| - name: Build and push | |
| if: ${{ steps.check_already_built.outputs.should_build == '1' }} | |
| env: | |
| BUILD_WITH_CONTAINER: 1 | |
| run: make push_release | |
| - name: Put CentOS binary | |
| # Copy the binary built on Ubuntu to CentOS path - this binar cannot run on CentOS/RHEL 7, but fine with CentOS 8. | |
| # The point is that we cannot build FIPS binary directly on CentOS 7 due to the constraints described in the BoringCrypto certification. | |
| run: | | |
| SHA=$(git rev-parse --verify HEAD) | |
| gsutil cp ${RELEASE_GCS_PATH}/envoy-alpha-${SHA}.tar.gz ${RELEASE_GCS_PATH}/envoy-centos-alpha-${SHA}.tar.gz | |
| - name: Put Wasm binary | |
| # Copy the built Wasm binary in the upstream to the bucket - Wasm is nothing to do with FIPS stuff. | |
| env: | |
| UPSTREAM_GCSP_PATH: gs://istio-build/proxy | |
| run: | | |
| SHA=$(git rev-parse --verify HEAD) | |
| gsutil cp "${UPSTREAM_GCSP_PATH}/metadata_exchange-${SHA}*" ${RELEASE_GCS_PATH}/ | |
| gsutil cp "${UPSTREAM_GCSP_PATH}/stats-${SHA}*" ${RELEASE_GCS_PATH}/ | |
| gsutil cp "${UPSTREAM_GCSP_PATH}/attributegen-${SHA}*" ${RELEASE_GCS_PATH}/ | |
| build_arm_proxy: | |
| # Do not run this job when the release type equals "fips". | |
| if: false | |
| name: build ARM proxy binary | |
| timeout-minutes: 1440 # 12 hours | |
| runs-on: ["self-hosted", "arm64"] | |
| env: | |
| RELEASE_GCS_PATH: gs://getistio-build/proxy-arm | |
| steps: | |
| - name: Get normalized tag | |
| id: get_minor_ver | |
| run: | | |
| echo ::set-output name=NORMALIZED_TAG::$(echo $TAG | sed 's/-.*//g') | |
| echo ::set-output name=RELEASE_VERSION::$(echo $TAG | sed 's/-.*//g' | sed 's/\.[^\.]*$//g') | |
| shell: bash | |
| env: | |
| TAG: ${{ github.event.inputs.tag }} | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: "istio/proxy" | |
| ref: ${{ steps.get_minor_ver.outputs.NORMALIZED_TAG }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v0 | |
| with: | |
| project_id: ${{ secrets.GCP_PROJECT_ID }} | |
| service_account_key: ${{ secrets.GCP_SA_KEY }} | |
| export_default_credentials: true | |
| - name: Check if already built | |
| id: check_already_built | |
| run: | | |
| SHA=$(git rev-parse --verify HEAD) | |
| SHOULD_BUILD=1 | |
| if gsutil ls ${RELEASE_GCS_PATH} | grep ${SHA} ; then | |
| SHOULD_BUILD=0 | |
| fi | |
| echo ::set-output name=should_build::${SHOULD_BUILD} | |
| - name: Tweak make recipe | |
| if: ${{ steps.check_already_built.outputs.should_build == '1' }} | |
| # 1) remove unnecessary dependency on naive "build" target | |
| # 2) remove "-p" flag to not push and build container, | |
| # 3) replace RELEASE_GCS_PATH var with the literal due to docker build. | |
| # from push_release. | |
| run: | | |
| ESCAPED_RELEASE_GCS_PATH=$(printf '%s\n' "$RELEASE_GCS_PATH" | sed -e 's/[\/&]/\\&/g') | |
| sed -i "s/\-p//g; s/push_release: build/push_release:/g; s/\"\$(RELEASE_GCS_PATH)\"/${ESCAPED_RELEASE_GCS_PATH}/g" Makefile.core.mk | |
| - name: Tweak release-binary script | |
| if: ${{ steps.check_already_built.outputs.should_build == '1' }} | |
| # 1) Setup in-docker auth against gcloud | |
| # 2) Remove unnecessary debug build | |
| # 3) Remove unnecessary Wasm build and publish | |
| # Note that /work is the mount destination of the current home of make command with BUILD_WITH_CONTAINER=1. | |
| run: | | |
| echo H4sIAJNQ32EAA+VXbXPaOBD+zq/YczMFCgKcBkjSY6aE0CTTBDIBru31OoxsC9Bgyz5LbkLT/PdbWZhA3m7au364Kx9Col3tap/dZ3fj8ckECJlyBbQq3ZhHSlajRM6IxxxORUXOwHlEkOPCY1dQ223UX7oNVqm8dKhbn3hNsGu1Zr2eI4Q8ajVXKpUet/z6NZDGTtm2oaS/GoAHE56DHHz8COQLWFvXR53B+Lw9PL6x4NMneP78VtIfDc9Hw/HhycVKlkg6ZXi95FLJUKeQCBowIEHRAi5yJQDrarcxbuxYRTho/949HbcvOscta75rvXqViimN3dk9eXZqlF4UgbmzEKyRkEkUhbFiHmgNrpirkpiVIUikAoeB8QZhjPJAGwB2hTmwtSEmqZuDZzBYBD4XcwleKPIKLsN4XsZIGEwS34eIqhlQCRQUC9AXjRepCo3DRHiV1ABj+zBTKpL71SqmeJY4FTcMqlwqHq5+yoTJql1v2jswwfd4TFHuy9TAfJeEkQIuQc0YhImKEgUejzGaEN1p9SyQSPGAf8F4nYT7noQCcfVhGWSI9eWGYsKnrZj5DBNA5CJwQh+o8O7JiqljOWO+786YO0d3kjo+aw0621hpOWLgxxy3MI0O/cJ8zOAkhK1rIzkYnZweYnqOBjfLF481VMWqCabqcGHlSt9tJVPQ+b+5NbisioOTXvviA9q8Xjm4qaow9GUVi9tATqI4vFpYupifCtR7iJkZgOgT871JznuyJT+btfrepO7ayE9X/1Lffpif9+9vUvS+XLN0t1beRpbiV0pSPoGPmoOHgyGSr9UCS4SCIQ1f6RISOQBAUcvC8FM+k2dwRucMJLIjLbKlF0i9cIb1jQJdUwpCkVXbyEmESsBuVGo7UHjPBKd+MUcy553jbuctuifsT7DBNAd9bpL6pn8x7nR7w/5gqVJbvY5AGoBRvlsHFvzSghfWWsEGoWLEeoE95vY+wOhg1BuOxhfd02570G1tXW8e7JOtgi+dcRYo8oTI4o25a1xvXjA45q/SKPO6oX39Ctem0+TPdD+JE6HBeRCVSn7VWiB1grCTpaP1Lpi6SNF9yoXRuGOT+d8JvL0O/LcVQocJ1R9AcxnLVuHXKlNu1cXjUJLsroqBeC7ka2Svkv/qYvMiHvxRATKxi2lxNq3NYK31YDMfZZiGCl24VMEdD0XrISSIuKXAWoTGwxBjIzxtmOgDW6tA49T3w0tsniqcMlSP4RK7tX6sUatY6f3UUY7oDOreoS2lvcRgtACdTWyfg+O27mq6c8TsM4lorMuMfGYxnyzguNs+LOruo9lr15rI29LedtneXtH3oefr4tQ4mZI40D2eiykOH8Eul+4r+SWn/ztDtqRhXHXq/Z924qalYO+V8UEl267pbzzyQpN2ADPWxgfYjca99lnXDDj8YynQZzeE+tGMWtmd83bnbfuou35pc/yZz5Ozfun9X5n4/9DWY3PffLCi0m9rE2+rmCl0+r03J0e4sF60zwYt65H8WN8G+J1LDyD+f4WZSipuwX0Gvf6wuw8+d1xcWZA83gJbD3exrS5AMxpZwgVSCkUpW5Yl/7JuSn678b0lr9/xE+KPy2wy/fvqNmrfBunmnae7yB3lHwyy50x/BMgrsxsgm38C0zLF9+shbe/tlXfXd2xjv9v7rf8hg7DfO/1wb7mC5epQy+bzQ8tfNprv7EODOY8iPenftQdnhjt6NRK3u3jkU4VjKahk47WmVyEzWVN1PXOixPE5/rfyjsoAbyRTLmQO1RUTEvcb2SpIRZWEAEehRxUdsyt3RsWUAVUq5k6i2JQJrLfh2flYP6W1VQjmegzrJYngqEbDZGmYvF99irm/AJDMXDzhEAAA \ | |
| | base64 -d | gunzip | patch -p1 | |
| CREDENTIAL_FILE_NAME=$(echo ${GOOGLE_APPLICATION_CREDENTIALS} | awk -F/ '{print $NF}') | |
| cp scripts/release-binary.sh scripts/release-binary.sh.tmp | |
| echo gcloud auth activate-service-account --key-file="/work/${CREDENTIAL_FILE_NAME}" > scripts/release-binary.sh | |
| cat scripts/release-binary.sh.tmp >> scripts/release-binary.sh | |
| sed -i 's/release release\-symbol debug/release release\-symbol/' scripts/release-binary.sh | |
| sed -i -n '/Build and publish Wasm plugins/q;p' scripts/release-binary.sh | |
| cat scripts/release-binary.sh | |
| - name: Build and push | |
| if: ${{ steps.check_already_built.outputs.should_build == '1' }} | |
| env: | |
| BUILD_WITH_CONTAINER: 1 | |
| IMG: gcr.io/tetrate-istio-arm/build-tools-proxy:release-${{ steps.get_minor_ver.outputs.RELEASE_VERSION }}-tid | |
| run: make push_release | |
| - name: Put CentOS binary | |
| # Copy the binary built on Ubuntu to CentOS path - this binar cannot run on CentOS/RHEL 7, but fine with CentOS 8. | |
| # The point is that we cannot build FIPS binary directly on CentOS 7 due to the constraints described in the BoringCrypto certification. | |
| run: | | |
| SHA=$(git rev-parse --verify HEAD) | |
| gsutil cp ${RELEASE_GCS_PATH}/envoy-alpha-${SHA}.tar.gz ${RELEASE_GCS_PATH}/envoy-centos-alpha-${SHA}.tar.gz | |
| - name: Put Wasm binary | |
| # Copy the built Wasm binary in the upstream to the bucket - Wasm is nothing to do with FIPS stuff. | |
| env: | |
| UPSTREAM_GCSP_PATH: gs://istio-build/proxy | |
| run: | | |
| SHA=$(git rev-parse --verify HEAD) | |
| gsutil cp "${UPSTREAM_GCSP_PATH}/metadata_exchange-${SHA}*" ${RELEASE_GCS_PATH}/ | |
| gsutil cp "${UPSTREAM_GCSP_PATH}/stats-${SHA}*" ${RELEASE_GCS_PATH}/ | |
| gsutil cp "${UPSTREAM_GCSP_PATH}/attributegen-${SHA}*" ${RELEASE_GCS_PATH}/ | |
| create-images-arm64: | |
| name: create-images-arm64 | |
| runs-on: ["self-hosted", "arm64"] | |
| env: | |
| TARGETARCH: arm64 | |
| DOCKER_ARCHITECTURES: linux/arm64 | |
| HUB: ${{ secrets.CLOUDSMITH_HUB }} | |
| needs: [build_arm_proxy] | |
| # 'if' condition causes this job to run even if some of the dependent jobs | |
| # have been skipped, e.g. `build_fips_proxy`. | |
| # see https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-not-requiring-dependent-jobs-to-be-successful | |
| if: "contains(github.event.ref, 'multiarch')" | |
| steps: | |
| - name: Checkout to choosen tag | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.inputs.tag }} | |
| fetch-depth: 0 | |
| - name: Login to CloudSmith | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ env.HUB }} | |
| username: ${{ secrets.CLOUDSMITH_USER }} | |
| password: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| - name: Login to CloudSmith | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ env.HUB }} | |
| username: ${{ secrets.CLOUDSMITH_USER }} | |
| password: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| - name: Get Registry | |
| id: get_registry | |
| run: | | |
| [[ ${HUB} == *.* ]] && REGISTRY=$(echo ${HUB} | cut -d/ -f1) | |
| echo REGISTRY=${REGISTRY} | |
| echo REGISTRY=${REGISTRY} >> $GITHUB_ENV | |
| - name: Get the tag | |
| id: get_tag | |
| run: echo ::set-output name=TAG::${GITHUB_REF/refs\/tags\/test-/} | |
| shell: bash | |
| - name: Get minor version | |
| id: get_minor_ver | |
| run: echo ::set-output name=REL_BRANCH_VER::$(echo $TAG | grep -Eo '[0-9]+\.[0-9]+') | |
| shell: bash | |
| env: | |
| TAG: ${{ github.event.inputs.tag }} | |
| - name: build and push images | |
| run: bash ./tetrateci/create_istio_release.sh | |
| env: | |
| CLOUDSMITH_USER: ${{ secrets.CLOUDSMITH_USER }} | |
| CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| TAG: ${{ github.event.inputs.tag }} | |
| REL_BRANCH_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }} | |
| create-images-amd64: | |
| name: create-images-amd64 | |
| runs-on: ['self-hosted','Linux','x64','c5.4xlarge'] | |
| needs: [build_fips_proxy] | |
| # 'if' condition causes this job to run even if some of the dependent jobs | |
| # have been skipped, e.g. `build_fips_proxy`. | |
| # see https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-not-requiring-dependent-jobs-to-be-successful | |
| if: ${{ !cancelled() && !failure() }} | |
| env: | |
| PUBLIC_HUB: ${{ secrets.CLOUDSMITH_HUB }} | |
| HUB: ${{ secrets.CLOUDSMITH_ADDON_HUB }} | |
| ECR_REGISTRY: 957006768579.dkr.ecr.us-east-2.amazonaws.com | |
| steps: | |
| - name: Checkout to choosen tag | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.inputs.tag }} | |
| fetch-depth: 0 | |
| - id: 'auth' | |
| name: 'Authenticate to Google Cloud' | |
| uses: 'google-github-actions/auth@v1' | |
| with: | |
| token_format: 'access_token' | |
| workload_identity_provider: 'projects/733020594933/locations/global/workloadIdentityPools/image-signing-oidc/providers/githuboidcprovider' | |
| service_account: '[email protected]' | |
| env: | |
| HUB: gcr.io/tid-testing | |
| - name: Login to CloudSmith | |
| uses: docker/login-action@v1 | |
| if: contains(github.event.ref, 'fips') | |
| with: | |
| registry: ${{ secrets.CLOUDSMITH_FIPS_HUB }} | |
| username: ${{ secrets.CLOUDSMITH_USER }} | |
| password: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| - name: Login to CloudSmith | |
| uses: docker/login-action@v1 | |
| if: ${{ ! contains(github.event.ref, 'fips') }} | |
| with: | |
| registry: ${{ env.HUB }} | |
| username: ${{ secrets.CLOUDSMITH_USER }} | |
| password: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| - name: Login to CloudSmith | |
| uses: docker/login-action@v1 | |
| if: ${{ ! contains(github.event.ref, 'fips') }} | |
| with: | |
| registry: ${{ env.PUBLIC_HUB }} | |
| username: ${{ secrets.CLOUDSMITH_USER }} | |
| password: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v3 | |
| with: | |
| role-to-assume: ${{ secrets.ECR_PUSH_ROLE }} | |
| aws-region: us-east-2 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| with: | |
| mask-password: 'true' | |
| - name: Get Registry | |
| id: get_registry | |
| run: | | |
| [[ ${HUB} == *.* ]] && REGISTRY=$(echo ${HUB} | cut -d/ -f1) | |
| echo REGISTRY=${REGISTRY} | |
| echo REGISTRY=${REGISTRY} >> $GITHUB_ENV | |
| - name: Get minor version | |
| id: get_minor_ver | |
| run: echo ::set-output name=REL_BRANCH_VER::$(echo $TAG | grep -Eo '[0-9]+\.[0-9]+') | |
| shell: bash | |
| env: | |
| TAG: ${{ github.event.inputs.tag }} | |
| - uses: sigstore/cosign-installer@main | |
| - name: 'Set up Cloud SDK' | |
| uses: 'google-github-actions/setup-gcloud@v1' | |
| - uses: imjasonh/[email protected] | |
| - name: 'Set Hub' | |
| if: contains(github.event.ref, 'fips') | |
| env: | |
| HUB: ${{ secrets.CLOUDSMITH_FIPS_HUB }} | |
| run: echo "HUB=$HUB" >> $GITHUB_ENV | |
| - name: build and push images | |
| run: bash ./tetrateci/create_istio_release.sh | |
| env: | |
| CLOUDSMITH_USER: ${{ secrets.CLOUDSMITH_USER }} | |
| CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| TAG: ${{ github.event.inputs.tag }} | |
| REL_BRANCH_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }} | |
| ACCESS_TOKEN: '${{ steps.auth.outputs.access_token }}' | |
| - name: Push images to ECR | |
| if: ${{ ! contains(github.event.ref, 'fips') }} | |
| run: bash ./tetrateci/push_ecr.sh | |
| env: | |
| CLOUDSMITH_USER: ${{ secrets.CLOUDSMITH_USER }} | |
| CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| TAG: ${{ github.event.inputs.tag }} | |
| BACKPORT: "false" | |
| REL_BRANCH_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }} | |
| - name: Sign Images | |
| run: bash ./tetrateci/images.sh | |
| env: | |
| CLOUDSMITH_USER: ${{ secrets.CLOUDSMITH_USER }} | |
| CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| TAG: ${{ github.event.inputs.tag }} | |
| REL_BRANCH_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }} | |
| create-multiarch-images: | |
| name: create-multiarch-images | |
| runs-on: ubuntu-latest | |
| needs: [create-images-amd64, create-images-arm64] | |
| # 'if' condition causes this job to run even if some of the dependent jobs | |
| # have been skipped, e.g. `build_fips_proxy`. | |
| # see https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-not-requiring-dependent-jobs-to-be-successful | |
| if: "contains(github.event.ref, 'multiarch')" | |
| env: | |
| HUB: ${{ secrets.CLOUDSMITH_HUB }} | |
| steps: | |
| - name: Checkout to choosen tag | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.inputs.tag }} | |
| fetch-depth: 0 | |
| - name: Login to CloudSmith | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ env.HUB }} | |
| username: ${{ secrets.CLOUDSMITH_USER }} | |
| password: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| - name: Get Registry | |
| id: get_registry | |
| run: | | |
| [[ ${HUB} == *.* ]] && REGISTRY=$(echo ${HUB} | cut -d/ -f1) | |
| echo REGISTRY=${REGISTRY} | |
| echo REGISTRY=${REGISTRY} >> $GITHUB_ENV | |
| - name: Get minor version | |
| id: get_minor_ver | |
| run: echo ::set-output name=REL_BRANCH_VER::$(echo $TAG | grep -Eo '[0-9]+\.[0-9]+') | |
| shell: bash | |
| env: | |
| TAG: ${{ github.event.inputs.tag }} | |
| - name: build and push images | |
| run: bash ./tetrateci/create_multiarch_images.sh | |
| env: | |
| CLOUDSMITH_USER: ${{ secrets.CLOUDSMITH_USER }} | |
| CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| TAG: ${{ github.event.inputs.tag }} | |
| REL_BRANCH_VER: ${{ steps.get_minor_ver.outputs.REL_BRANCH_VER }} |