Skip to content

v1.23.0

v1.23.0 #137

Workflow file for this run

name: Release
on:
release:
types:
- published
env:
CR_CONFIGFILE: "${{ github.workspace }}/cr.yaml"
CT_CONFIGFILE: "${{ github.workspace }}/ct.yaml"
CR_INDEX_PATH: "${{ github.workspace }}/.cr-index"
CR_PACKAGE_PATH: "${{ github.workspace }}/.cr-release-packages"
CR_TOOL_PATH: "${{ github.workspace }}/.cr-tool"
CHART_PATH: "${{ github.workspace }}/charts/kvisor"
jobs:
release_docker:
name: Release Docker
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Setup Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5
with:
go-version-file: "go.mod"
- name: Get release tag
run: echo "RELEASE_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Build agent go binary amd64
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-agent
- name: Build controller go binary amd64
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-controller
- name: Build image-scanner go binary amd64
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-image-scanner
- name: Build linter go binary amd64
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-linter
- name: Build agent go binary arm64
run: UNAME_M=arm64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-agent
- name: Build controller go binary arm64
run: UNAME_M=arm64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-controller
- name: Build image-scanner go binary arm64
run: UNAME_M=arm64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-image-scanner
- name: Build linter go binary arm64
run: UNAME_M=arm64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-linter
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
- name: Login to Google Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
registry: us-docker.pkg.dev
username: _json_key
password: ${{ secrets.ARTIFACT_BUILDER_JSON_KEY }}
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push release (kvisor-agent)
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6
with:
context: .
push: true
file: ./Dockerfile.agent
platforms: linux/arm64,linux/amd64
tags: |
ghcr.io/castai/kvisor/kvisor-agent:${{ env.RELEASE_TAG }}
ghcr.io/castai/kvisor/kvisor-agent:latest
us-docker.pkg.dev/castai-hub/library/kvisor-agent:${{ env.RELEASE_TAG }}
us-docker.pkg.dev/castai-hub/library/kvisor-agent:latest
- name: Build and push release (kvisor-controller)
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6
with:
context: .
push: true
file: ./Dockerfile.controller
platforms: linux/arm64,linux/amd64
tags: |
ghcr.io/castai/kvisor/kvisor-controller:${{ env.RELEASE_TAG }}
ghcr.io/castai/kvisor/kvisor-controller:latest
us-docker.pkg.dev/castai-hub/library/kvisor-controller:${{ env.RELEASE_TAG }}
us-docker.pkg.dev/castai-hub/library/kvisor-controller:latest
- name: Build and push release (kvisor-scanners)
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6
with:
context: .
push: true
file: ./Dockerfile.scanners
platforms: linux/arm64,linux/amd64
tags: |
ghcr.io/castai/kvisor/kvisor-scanners:${{ env.RELEASE_TAG }}
ghcr.io/castai/kvisor/kvisor-scanners:latest
us-docker.pkg.dev/castai-hub/library/kvisor-scanners:${{ env.RELEASE_TAG }}
us-docker.pkg.dev/castai-hub/library/kvisor-scanners:latest
release_chart:
name: Release Helm Chart
runs-on: ubuntu-24.04
needs: release_docker
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: "0"
- name: Get release tag
run: echo "RELEASE_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Checkout helm-charts
# The cr tool only works if the target repository is already checked out
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
repository: castai/helm-charts
path: helm-charts
token: ${{ secrets.HELM_CHARTS_REPO_TOKEN }}
- name: Configure Git for helm-charts
run: |
cd helm-charts
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Install Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4
with:
version: v3.5.2
- name: Install CR tool
run: |
mkdir "${CR_TOOL_PATH}"
mkdir "${CR_PACKAGE_PATH}"
mkdir "${CR_INDEX_PATH}"
curl -sSLo cr.tar.gz "https://github.com/helm/chart-releaser/releases/download/v1.4.0/chart-releaser_1.4.0_linux_amd64.tar.gz"
tar -xzf cr.tar.gz -C "${CR_TOOL_PATH}"
rm -f cr.tar.gz
- name: Bump chart version
run: |
python ./.github/workflows/bump_chart.py ${CHART_PATH}/Chart.yaml ${{env.RELEASE_TAG}}
- name: Parse Chart.yaml
id: parse-chart
run: |
description=$(yq ".description" < ${CHART_PATH}/Chart.yaml)
name=$(yq ".name" < ${CHART_PATH}/Chart.yaml)
version=$(yq ".version" < ${CHART_PATH}/Chart.yaml)
echo "::set-output name=chartpath::${CHART_PATH}"
echo "::set-output name=desc::${description}"
if [[ -n "${HELM_TAG_PREFIX}" ]]; then
echo "::set-output name=tagname::${name}-${version}"
else
echo "::set-output name=tagname::${name}-${version}"
fi
echo "::set-output name=packagename::${name}-${version}"
- name: Create helm package
run: |
"${CR_TOOL_PATH}/cr" package "${{ steps.parse-chart.outputs.chartpath }}" --config "${CR_CONFIGFILE}" --package-path "${CR_PACKAGE_PATH}"
echo "Result of chart package:"
ls -l "${CR_PACKAGE_PATH}"
git status
- name: Make helm charts github release
uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2
with:
body: |
${{ steps.parse-chart.outputs.desc }}
Source commit: https://github.com/${{ github.repository }}/commit/${{ github.sha }}
files: |
${{ env.CR_PACKAGE_PATH }}/${{ steps.parse-chart.outputs.packagename }}.tgz
${{ env.CR_PACKAGE_PATH }}/${{ steps.parse-chart.outputs.packagename }}.tgz.prov
repository: castai/helm-charts
tag_name: ${{ steps.parse-chart.outputs.tagname }}
token: ${{ secrets.HELM_CHARTS_REPO_TOKEN }}
- name: Update helm repo index.yaml
run: |
cd helm-charts
"${CR_TOOL_PATH}/cr" index --config "${CR_CONFIGFILE}" --token "${{ secrets.HELM_CHARTS_REPO_TOKEN }}" --index-path "${CR_INDEX_PATH}" --package-path "${CR_PACKAGE_PATH}" --push
- name: Commit Chart.yaml changes
run: |
git status
git diff
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
git checkout main
git add ${CHART_PATH}/Chart.yaml
git commit -m "[Release] Update Chart.yaml"
git push
# TODO: Enable this step to sync chart content into helm-charts repo
# - name: Sync chart with helm-charts github
# run: |
# cd helm-charts
# git config user.name "$GITHUB_ACTOR"
# git config user.email "[email protected]"
# git checkout main
# cp -r ${CHART_PATH}/* ./charts/castai-kvisor
# git add charts/castai-kvisor
# git commit -m "Update castai-kvisor chart to ${{env.RELEASE_TAG}}"
# git push