actions/fluxcd-flux2
3
0
Fork 0
mirror of https://github.com/fluxcd/flux2.git synced 2026-02-23 16:11:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fix release workflow

Browse source 
Signed-off-by: Soule BA <soule@weave.works>
This commit is contained in:
Soule BA 2023-09-14 17:50:15 +02:00
parent 904226fcf3
commit e9819b4c2d
No known key found for this signature in database
GPG key ID: 4D40965192802994
2 changed files with 18 additions and 97 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
.github/workflows/release.yaml vendored
View file

@ -43,13 +43,8 @@ jobs:
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with: with:
registry: ghcr.io registry: ghcr.io
username: fluxcdbot username: ${{ github.actor }}
password: ${{ secrets.GHCR_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
username: fluxcdbot
password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
- name: Generate manifests - name: Generate manifests
run: | run: |
make cmd/flux/.manifests.done make cmd/flux/.manifests.done
@ -74,7 +69,7 @@ jobs:
run: | run: |
NOTES="./output/notes.md" NOTES="./output/notes.md"
echo '## CLI Changelog' > ${NOTES} echo '## CLI Changelog' > ${NOTES}
github-release-notes -org fluxcd -repo flux2 -since-latest-release -include-author >> ${NOTES} github-release-notes -org weaveworks -repo weave-assured-flux2 -since-latest-release -include-author >> ${NOTES}
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Run GoReleaser - name: Run GoReleaser
@ -97,7 +92,7 @@ jobs:
hashes=$(echo -E $ARTIFACTS | jq --raw-output '.[] | {name, "digest": (.extra.Digest // .extra.Checksum)} | select(.digest) | {digest} + {name} | join(" ") | sub("^sha256:";"")' | base64 -w0) hashes=$(echo -E $ARTIFACTS | jq --raw-output '.[] | {name, "digest": (.extra.Digest // .extra.Checksum)} | select(.digest) | {digest} + {name} | join(" ") | sub("^sha256:";"")' | base64 -w0)
echo "hashes=$hashes" >> $GITHUB_OUTPUT echo "hashes=$hashes" >> $GITHUB_OUTPUT
image_url=fluxcd/flux-cli:$GITHUB_REF_NAME image_url=ghcr.io/weaveworks/weave-assured-flux-cli:$GITHUB_REF_NAME
echo "image_url=$image_url" >> $GITHUB_OUTPUT echo "image_url=$image_url" >> $GITHUB_OUTPUT
image_digest=$(docker buildx imagetools inspect ${image_url} --format '{{json .}}' | jq -r .manifest.digest) image_digest=$(docker buildx imagetools inspect ${image_url} --format '{{json .}}' | jq -r .manifest.digest)
@ -124,13 +119,8 @@ jobs:
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with: with:
registry: ghcr.io registry: ghcr.io
username: fluxcdbot username: ${{ github.actor }}
password: ${{ secrets.GHCR_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to DockerHub
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
username: fluxcdbot
password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
- name: Push manifests to GHCR - name: Push manifests to GHCR
run: | run: |
mkdir -p ./ghcr.io/flux-system mkdir -p ./ghcr.io/flux-system
@ -139,19 +129,7 @@ jobs:
--export > ./ghcr.io/flux-system/gotk-components.yaml --export > ./ghcr.io/flux-system/gotk-components.yaml
cd ./ghcr.io && flux push artifact \ cd ./ghcr.io && flux push artifact \
oci://ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }} \ oci://ghcr.io/weaveworks/weave-assured-flux-manifests:${{ steps.prep.outputs.version }} \
--path="./flux-system" \
--source=${{ github.repositoryUrl }} \
--revision="${{ github.ref_name }}@sha1:${{ github.sha }}"
- name: Push manifests to DockerHub
run: |
mkdir -p ./docker.io/flux-system
flux install --registry=docker.io/fluxcd \
--components-extra=image-reflector-controller,image-automation-controller \
--export > ./docker.io/flux-system/gotk-components.yaml
cd ./docker.io && flux push artifact \
oci://docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }} \
--path="./flux-system" \ --path="./flux-system" \
--source=${{ github.repositoryUrl }} \ --source=${{ github.repositoryUrl }} \
--revision="${{ github.ref_name }}@sha1:${{ github.sha }}" --revision="${{ github.ref_name }}@sha1:${{ github.sha }}"
@ -160,14 +138,10 @@ jobs:
env: env:
COSIGN_EXPERIMENTAL: 1 COSIGN_EXPERIMENTAL: 1
run: | run: |
cosign sign --yes ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }} cosign sign --yes ghcr.io/weaveworks/weave-assured-flux-manifests:${{ steps.prep.outputs.version }}
cosign sign --yes docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }}
- name: Tag manifests - name: Tag manifests
run: | run: |
flux tag artifact oci://ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }} \ flux tag artifact oci://ghcr.io/weaveworks/weave-assured-flux-manifests:${{ steps.prep.outputs.version }} \
--tag latest
flux tag artifact oci://docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }} \
--tag latest --tag latest
release-provenance: release-provenance:
@ -182,20 +156,6 @@ jobs:
base64-subjects: "${{ needs.release-flux-cli.outputs.hashes }}" base64-subjects: "${{ needs.release-flux-cli.outputs.hashes }}"
upload-assets: true upload-assets: true
dockerhub-provenance:
needs: [release-flux-cli]
permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestations.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0
with:
image: ${{ needs.release-flux-cli.outputs.image_url }}
digest: ${{ needs.release-flux-cli.outputs.image_digest }}
registry-username: fluxcdbot
secrets:
registry-password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
ghcr-provenance: ghcr-provenance:
needs: [release-flux-cli] needs: [release-flux-cli]
permissions: permissions:
@ -206,6 +166,6 @@ jobs:
with: with:
image: ghcr.io/${{ needs.release-flux-cli.outputs.image_url }} image: ghcr.io/${{ needs.release-flux-cli.outputs.image_url }}
digest: ${{ needs.release-flux-cli.outputs.image_digest }} digest: ${{ needs.release-flux-cli.outputs.image_digest }}
registry-username: fluxcdbot registry-username: ${{ github.actor }}
secrets: secrets:
registry-password: ${{ secrets.GHCR_TOKEN }} registry-password: ${{ secrets.GITHUB_TOKEN }}

53
.goreleaser.yml
View file

@ -71,41 +71,9 @@ signs:
- '${artifact}' - '${artifact}'
artifacts: checksum artifacts: checksum
output: true output: true
brews:
- name: flux
tap:
owner: fluxcd
name: homebrew-tap
token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
folder: Formula
homepage: "https://fluxcd.io/"
description: "Flux CLI"
install: |
bin.install "flux"
generate_completions_from_executable(bin/"flux", "completion")
test: |
system "#{bin}/flux --version"
publishers:
- name: aur-pkg-bin
env:
- AUR_BOT_SSH_PRIVATE_KEY={{ .Env.AUR_BOT_SSH_PRIVATE_KEY }}
cmd: |
.github/aur/flux-bin/publish.sh {{ .Version }}
- name: aur-pkg-scm
env:
- AUR_BOT_SSH_PRIVATE_KEY={{ .Env.AUR_BOT_SSH_PRIVATE_KEY }}
cmd: |
.github/aur/flux-scm/publish.sh {{ .Version }}
- name: aur-pkg-go
env:
- AUR_BOT_SSH_PRIVATE_KEY={{ .Env.AUR_BOT_SSH_PRIVATE_KEY }}
cmd: |
.github/aur/flux-go/publish.sh {{ .Version }}
dockers: dockers:
- image_templates: - image_templates:
- 'fluxcd/flux-cli:{{ .Tag }}-amd64' - 'ghcr.io/weaveworks/weave-assured-flux-cli:{{ .Tag }}-amd64'
- 'ghcr.io/fluxcd/flux-cli:{{ .Tag }}-amd64'
dockerfile: Dockerfile dockerfile: Dockerfile
use: buildx use: buildx
goos: linux goos: linux
@ -120,8 +88,7 @@ dockers:
- "--label=org.opencontainers.image.source={{ .GitURL }}" - "--label=org.opencontainers.image.source={{ .GitURL }}"
- "--platform=linux/amd64" - "--platform=linux/amd64"
- image_templates: - image_templates:
- 'fluxcd/flux-cli:{{ .Tag }}-arm64' - 'ghcr.io/weaveworks/weave-assured-flux-cli:{{ .Tag }}-arm64'
- 'ghcr.io/fluxcd/flux-cli:{{ .Tag }}-arm64'
dockerfile: Dockerfile dockerfile: Dockerfile
use: buildx use: buildx
goos: linux goos: linux
@ -136,8 +103,7 @@ dockers:
- "--label=org.opencontainers.image.source={{ .GitURL }}" - "--label=org.opencontainers.image.source={{ .GitURL }}"
- "--platform=linux/arm64" - "--platform=linux/arm64"
- image_templates: - image_templates:
- 'fluxcd/flux-cli:{{ .Tag }}-arm' - 'ghcr.io/weaveworks/weave-assured-flux-cli:{{ .Tag }}-arm'
- 'ghcr.io/fluxcd/flux-cli:{{ .Tag }}-arm'
dockerfile: Dockerfile dockerfile: Dockerfile
use: buildx use: buildx
goos: linux goos: linux
@ -153,16 +119,11 @@ dockers:
- "--label=org.opencontainers.image.source={{ .GitURL }}" - "--label=org.opencontainers.image.source={{ .GitURL }}"
- "--platform=linux/arm/v7" - "--platform=linux/arm/v7"
docker_manifests: docker_manifests:
- name_template: 'fluxcd/flux-cli:{{ .Tag }}' - name_template: 'ghcr.io/weaveworks/weave-assured-flux-cli:{{ .Tag }}'
image_templates: image_templates:
- 'fluxcd/flux-cli:{{ .Tag }}-amd64' - 'ghcr.io/weaveworks/weave-assured-flux-cli:{{ .Tag }}-amd64'
- 'fluxcd/flux-cli:{{ .Tag }}-arm64' - 'ghcr.io/weaveworks/weave-assured-flux-cli:{{ .Tag }}-arm64'
- 'fluxcd/flux-cli:{{ .Tag }}-arm' - 'ghcr.io/weaveworks/weave-assured-flux-cli:{{ .Tag }}-arm'
- name_template: 'ghcr.io/fluxcd/flux-cli:{{ .Tag }}'
image_templates:
- 'ghcr.io/fluxcd/flux-cli:{{ .Tag }}-amd64'
- 'ghcr.io/fluxcd/flux-cli:{{ .Tag }}-arm64'
- 'ghcr.io/fluxcd/flux-cli:{{ .Tag }}-arm'
docker_signs: docker_signs:
- cmd: cosign - cmd: cosign
env: env: