Skip to content

deps: update github.com/keptn/lifecycle-toolkit/klt-cert-manager dige… #18

deps: update github.com/keptn/lifecycle-toolkit/klt-cert-manager dige…

deps: update github.com/keptn/lifecycle-toolkit/klt-cert-manager dige… #18

Workflow file for this run

name: Release Please
on:
push:
branches:
- main
- '[0-9]+.[0-9]+.x'
workflow_dispatch:
defaults:
run:
shell: bash
env:
GO_VERSION: "~1.20"
# renovate: datasource=github-releases depName=kubernetes-sigs/controller-tools
CONTROLLER_TOOLS_VERSION: "v0.13.0"
SCHEDULER_COMPATIBLE_K8S_VERSION: "v0.24.3"
PUBLISHABLE_ITEMS: '[".", "lifecycle-operator", "metrics-operator", "klt-cert-manager", "runtimes/deno-runtime", "runtimes/python-runtime", "scheduler"]'
jobs:
release-please:
runs-on: ubuntu-22.04
outputs:
klt-release-created: ${{ steps.release.outputs.release_created }}
klt-tag-name: ${{ steps.release.outputs.tag_name }}
cert-manager-release-created: ${{ steps.release.outputs.klt-cert-manager--release_created }}
cert-manager-tag-name: ${{ steps.release.outputs.klt-cert-manager--tag_name }}
metrics-operator-release-created: ${{ steps.release.outputs.metrics-operator--release_created }}
metrics-operator-tag-name: ${{ steps.release.outputs.metrics-operator--tag_name }}
releases-created: ${{ steps.release.outputs.releases_created }}
build-matrix: ${{ steps.build-matrix.outputs.result }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run release please
uses: google-github-actions/release-please-action@v3
id: release
with:
command: manifest
token: ${{ secrets.KEPTN_BOT_TOKEN }}
default-branch: main
signoff: "keptn-bot <86361500+keptn-bot@users.noreply.github.com>"
- name: Debug info
env:
CHANGED_ITEMS: ${{ steps.release.outputs.paths_released }}
KLT_TAG: ${{ steps.release.outputs.tag_name }}
PATHS_RELEASED: ${{ steps.release.outputs.paths_released }}
ARTIFACT_TAG_NAME: ${{ steps.release.outputs[format('{0}--tag_name', fromJson(steps.release.outputs.paths_released)[0])] }}
FULL_RELEASE_OUTPUT: ${{ toJSON(steps.release.outputs) }}
run: |
echo "PATHS_RELEASE_JSON: ${PATHS_RELEASE_JSON}"
echo "FULL RELEASE OUTPUT: ${FULL_RELEASE_OUTPUT}"
echo "CHANGED_ITEMS: ${CHANGED_ITEMS}"
echo "KLT_TAG: ${KLT_TAG}"
echo "ARTIFACT_TAG_NAME: ${ARTIFACT_TAG_NAME}"
echo "PATHS_RELEASED: ${PATHS_RELEASED}"
echo "CERT_MANAGER_TAG_NAME: ${{ steps.release.outputs.klt-cert-manager--tag_name }}"
echo "KLT_TAG_NAME: ${{ steps.release.outputs.tag_name }}"
echo "METRICS_OPERATOR_TAG_NAME: ${{ steps.release.outputs.metrics-operator--tag_name }}"
- name: Create release matrix
id: build-matrix
uses: actions/github-script@v6
env:
CHANGED_ITEMS: ${{ steps.release.outputs.paths_released }}
KLT_TAG: ${{ steps.release.outputs.tag_name }}
ARTIFACT_TAG_NAME: ${{ steps.release.outputs[format('{0}--tag_name', fromJson(steps.release.outputs.paths_released)[0])] }}
with:
script: |
const changedItems = JSON.parse(process.env.CHANGED_ITEMS || '[]');
console.log("changed items", changedItems);
const eligibleItems = JSON.parse(process.env.PUBLISHABLE_ITEMS || '[]');
console.log("eligible items", eligibleItems);
const itemsToPublish = changedItems.filter(i => eligibleItems.includes(i));
console.log("items to publish", itemsToPublish);
console.log("setting up build matrix...");
const releaseMatrix = [];
itemsToPublish.forEach(item => {
switch (item) {
case "lifecycle-operator":
case "scheduler":
case "metrics-operator":
releaseMatrix.push({
name: item,
folder: item,
tagName: process.env.ARTIFACT_TAG_NAME
});
break;
case "klt-cert-manager":
releaseMatrix.push({
name: "certificate-operator",
folder: item,
tagName: process.env.ARTIFACT_TAG_NAME
});
break;
case "runtimes/deno-runtime":
case "runtimes/python-runtime":
releaseMatrix.push({
name: item.replace("runtimes/", ""),
folder: item,
tagName: process.env.ARTIFACT_TAG_NAME
});
break;
case ".":
default:
break;
}
});
console.log("release matrix: " + JSON.stringify({ config: releaseMatrix }));
return releaseMatrix.length > 0 ? { config: releaseMatrix } : {};
build-release:
if: needs.release-please.outputs.releases-created == 'true' && needs.release-please.outputs.build-matrix != '{}'
needs:
- release-please
strategy:
matrix: ${{ fromJson(needs.release-please.outputs.build-matrix) }}
runs-on: ubuntu-22.04
permissions:
contents: write
packages: write
id-token: write
env:
IMAGE_NAME: ghcr.io/keptn/${{ matrix.config.name }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: "ghcr.io"
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Cosign
uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
- name: Clean up image tag
id: clean-image-tag
env:
IMAGE_TAG: ${{ matrix.config.tagName }}
run: |
# Remove artifact prefix from tag so that we get clean image tags
temp="${IMAGE_TAG##klt-}"
temp="${temp##cert-manager-}"
temp="${temp##python-runtime-}"
temp="${temp##deno-runtime-}"
temp="${temp##scheduler-}"
temp="${temp##lifecycle-operator-}"
echo "IMAGE_TAG=${temp##metrics-operator-}" >> "$GITHUB_OUTPUT"
- name: Build Docker Image
id: docker_build_image
uses: docker/build-push-action@v5
with:
context: ${{ matrix.config.folder }}
platforms: linux/amd64,linux/arm64
target: production
tags: |
${{ env.IMAGE_NAME }}:${{ steps.clean-image-tag.outputs.IMAGE_TAG }}
build-args: |
GIT_HASH=${{ env.GIT_SHA }}
RELEASE_VERSION=dev-${{ env.DATETIME }}
BUILD_TIME=${{ env.BUILD_TIME }}
CONTROLLER_TOOLS_VERSION=${{ env.CONTROLLER_TOOLS_VERSION }}
SCHEDULER_COMPATIBLE_K8S_VERSION=${{ env.SCHEDULER_COMPATIBLE_K8S_VERSION }}
builder: ${{ steps.buildx.outputs.name }}
push: true
cache-from: type=gha,scope=${{ github.ref_name }}-${{ matrix.config.name }}
cache-to: type=gha,scope=${{ github.ref_name }}-${{ matrix.config.name }}
- name: Sign container image
env:
IMAGE_DIGEST: ${{ steps.docker_build_image.outputs.digest }}
run: |
cosign sign --yes ${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }}
cosign verify \
--certificate-identity-regexp="https://github.com/keptn/lifecycle-toolkit/.*" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }}
- name: Generate SBOM
uses: anchore/sbom-action@v0.14.3
with:
image: ${{ env.IMAGE_NAME }}:${{ steps.clean-image-tag.outputs.IMAGE_TAG }}
artifact-name: sbom-${{ matrix.config.name }}
output-file: ./sbom-${{ matrix.config.name }}.spdx.json
- name: Attach SBOM to release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ matrix.config.tagName }}
files: ./sbom-${{ matrix.config.name }}.spdx.json
update-docs:
name: Update Documentation
needs:
- release-please
if: needs.release-please.outputs.klt-release-created == 'true'
with:
tag_name: ${{ needs.release-please.outputs.klt-tag-name }}
uses: keptn/docs-tooling/.github/workflows/release-docs.yml@v0.1.5
secrets: inherit
update-examples:
name: Update examples
needs:
- release-please
if: needs.release-please.outputs.klt-release-created == 'true'
with:
tag_name: ${{ needs.release-please.outputs.klt-tag-name }}
uses: ./.github/workflows/release-examples.yml
secrets: inherit