v1.29.0 #143
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
release: | |
types: | |
- published | |
env: | |
CR_CONFIGFILE: "${{ github.workspace }}/cr.yaml" | |
CT_CONFIGFILE: "${{ github.workspace }}/ct.yaml" | |
CR_INDEX_PATH: "${{ github.workspace }}/.cr-index" | |
CR_PACKAGE_PATH: "${{ github.workspace }}/.cr-release-packages" | |
CR_TOOL_PATH: "${{ github.workspace }}/.cr-tool" | |
CHART_PATH: "${{ github.workspace }}/charts/kvisor" | |
jobs: | |
release_docker: | |
name: Release Docker | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
- name: Setup Go | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 | |
with: | |
go-version-file: "go.mod" | |
- name: Get release tag | |
run: echo "RELEASE_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
- name: Build agent go binary amd64 | |
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-agent | |
- name: Build controller go binary amd64 | |
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-controller | |
- name: Build image-scanner go binary amd64 | |
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-image-scanner | |
- name: Build linter go binary amd64 | |
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-linter | |
- name: Build agent go binary arm64 | |
run: UNAME_M=arm64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-agent | |
- name: Build controller go binary arm64 | |
run: UNAME_M=arm64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-controller | |
- name: Build image-scanner go binary arm64 | |
run: UNAME_M=arm64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-image-scanner | |
- name: Build linter go binary arm64 | |
run: UNAME_M=arm64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-linter | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 | |
- name: Login to Google Container Registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
with: | |
registry: us-docker.pkg.dev | |
username: _json_key | |
password: ${{ secrets.ARTIFACT_BUILDER_JSON_KEY }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push release (kvisor-agent) | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 | |
with: | |
context: . | |
push: true | |
file: ./Dockerfile.agent | |
platforms: linux/arm64,linux/amd64 | |
tags: | | |
ghcr.io/castai/kvisor/kvisor-agent:${{ env.RELEASE_TAG }} | |
ghcr.io/castai/kvisor/kvisor-agent:latest | |
us-docker.pkg.dev/castai-hub/library/kvisor-agent:${{ env.RELEASE_TAG }} | |
us-docker.pkg.dev/castai-hub/library/kvisor-agent:latest | |
- name: Build and push release (kvisor-controller) | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 | |
with: | |
context: . | |
push: true | |
file: ./Dockerfile.controller | |
platforms: linux/arm64,linux/amd64 | |
tags: | | |
ghcr.io/castai/kvisor/kvisor-controller:${{ env.RELEASE_TAG }} | |
ghcr.io/castai/kvisor/kvisor-controller:latest | |
us-docker.pkg.dev/castai-hub/library/kvisor-controller:${{ env.RELEASE_TAG }} | |
us-docker.pkg.dev/castai-hub/library/kvisor-controller:latest | |
- name: Build and push release (kvisor-scanners) | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 | |
with: | |
context: . | |
push: true | |
file: ./Dockerfile.scanners | |
platforms: linux/arm64,linux/amd64 | |
tags: | | |
ghcr.io/castai/kvisor/kvisor-scanners:${{ env.RELEASE_TAG }} | |
ghcr.io/castai/kvisor/kvisor-scanners:latest | |
us-docker.pkg.dev/castai-hub/library/kvisor-scanners:${{ env.RELEASE_TAG }} | |
us-docker.pkg.dev/castai-hub/library/kvisor-scanners:latest | |
release_chart: | |
name: Release Helm Chart | |
runs-on: ubuntu-24.04 | |
needs: release_docker | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
with: | |
fetch-depth: "0" | |
- name: Get release tag | |
run: echo "RELEASE_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
- name: Checkout helm-charts | |
# The cr tool only works if the target repository is already checked out | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
with: | |
fetch-depth: 0 | |
repository: castai/helm-charts | |
path: helm-charts | |
token: ${{ secrets.HELM_CHARTS_REPO_TOKEN }} | |
- name: Configure Git for helm-charts | |
run: | | |
cd helm-charts | |
git config user.name "$GITHUB_ACTOR" | |
git config user.email "[email protected]" | |
- name: Install Helm | |
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4 | |
with: | |
version: v3.5.2 | |
- name: Install CR tool | |
run: | | |
mkdir "${CR_TOOL_PATH}" | |
mkdir "${CR_PACKAGE_PATH}" | |
mkdir "${CR_INDEX_PATH}" | |
curl -sSLo cr.tar.gz "https://github.com/helm/chart-releaser/releases/download/v1.4.0/chart-releaser_1.4.0_linux_amd64.tar.gz" | |
tar -xzf cr.tar.gz -C "${CR_TOOL_PATH}" | |
rm -f cr.tar.gz | |
- name: Bump chart version | |
run: | | |
python ./.github/workflows/bump_chart.py ${CHART_PATH}/Chart.yaml ${{env.RELEASE_TAG}} | |
- name: Parse Chart.yaml | |
id: parse-chart | |
run: | | |
description=$(yq ".description" < ${CHART_PATH}/Chart.yaml) | |
name=$(yq ".name" < ${CHART_PATH}/Chart.yaml) | |
version=$(yq ".version" < ${CHART_PATH}/Chart.yaml) | |
echo "::set-output name=chartpath::${CHART_PATH}" | |
echo "::set-output name=desc::${description}" | |
if [[ -n "${HELM_TAG_PREFIX}" ]]; then | |
echo "::set-output name=tagname::${name}-${version}" | |
else | |
echo "::set-output name=tagname::${name}-${version}" | |
fi | |
echo "::set-output name=packagename::${name}-${version}" | |
- name: Create helm package | |
run: | | |
"${CR_TOOL_PATH}/cr" package "${{ steps.parse-chart.outputs.chartpath }}" --config "${CR_CONFIGFILE}" --package-path "${CR_PACKAGE_PATH}" | |
echo "Result of chart package:" | |
ls -l "${CR_PACKAGE_PATH}" | |
git status | |
- name: Make helm charts github release | |
uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2 | |
with: | |
body: | | |
${{ steps.parse-chart.outputs.desc }} | |
Source commit: https://github.com/${{ github.repository }}/commit/${{ github.sha }} | |
files: | | |
${{ env.CR_PACKAGE_PATH }}/${{ steps.parse-chart.outputs.packagename }}.tgz | |
${{ env.CR_PACKAGE_PATH }}/${{ steps.parse-chart.outputs.packagename }}.tgz.prov | |
repository: castai/helm-charts | |
tag_name: ${{ steps.parse-chart.outputs.tagname }} | |
token: ${{ secrets.HELM_CHARTS_REPO_TOKEN }} | |
- name: Update helm repo index.yaml | |
run: | | |
cd helm-charts | |
"${CR_TOOL_PATH}/cr" index --config "${CR_CONFIGFILE}" --token "${{ secrets.HELM_CHARTS_REPO_TOKEN }}" --index-path "${CR_INDEX_PATH}" --package-path "${CR_PACKAGE_PATH}" --push | |
- name: Commit Chart.yaml changes | |
run: | | |
git status | |
git diff | |
git config user.name "$GITHUB_ACTOR" | |
git config user.email "[email protected]" | |
git checkout main | |
git add ${CHART_PATH}/Chart.yaml | |
git commit -m "[Release] Update Chart.yaml" | |
git push | |
# TODO: Enable this step to sync chart content into helm-charts repo | |
# - name: Sync chart with helm-charts github | |
# run: | | |
# cd helm-charts | |
# git config user.name "$GITHUB_ACTOR" | |
# git config user.email "[email protected]" | |
# git checkout main | |
# cp -r ${CHART_PATH}/* ./charts/castai-kvisor | |
# git add charts/castai-kvisor | |
# git commit -m "Update castai-kvisor chart to ${{env.RELEASE_TAG}}" | |
# git push |