workout #27

Workflow file for this run

.github/workflows/release.yaml at 27df03c

	name: release

	on:
	push:
	tags:
	- "v[0-9]+.[0-9]+.[0-9]+"
	- "v[0-9]+.[0-9]+.[0-9]+-testing[0-9]+"

	permissions:
	contents: write
	packages: write
	id-token: write
	attestations: write

	env:
	GH_REGISTRY: ghcr.io
	IMAGE_NAME: ${{ github.repository }}
	RELEASE_VERSION: ${{ github.ref_name }}
	SCANNER_IMG_VERSION: v1.0.10
	SNIFFER_IMG_VERSION: v1.1.8

	jobs:
	goreleaser:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: Set up Go
	uses: actions/setup-go@v3
	with:
	go-version: '1.25.4'

	- uses: anchore/sbom-action/download-syft@v0.20.6

	- name: Run GoReleaser
	uses: goreleaser/goreleaser-action@v4
	with:
	distribution: goreleaser
	args: release --clean
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	docker:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout repository
	uses: actions/checkout@v5

	# - name: Extract metadata (tags, labels) for Docker
	# id: meta
	# uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
	# with:
	# images: ${{ env.GH_REGISTRY }}/${{ env.IMAGE_NAME }}

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Install cosign
	uses: sigstore/cosign-installer@v3

	- name: Log in to the GitHub Container registry
	uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
	with:
	registry: ${{ env.GH_REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Login to Docker Hub
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Build and push
	id: buildpush
	uses: docker/build-push-action@v6
	with:
	platforms: linux/amd64,linux/arm64
	sbom: true
	provenance: mode=max
	push: true
	tags: \|
	docker.io/controlplane/netassert:${{ env.RELEASE_VERSION }}
	docker.io/controlplane/netassert:latest
	${{ env.GH_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
	${{ env.GH_REGISTRY }}/${{ env.IMAGE_NAME }}:latest
	build-args: \|
	VERSION=${{ env.RELEASE_VERSION }}
	SCANNER_IMG_VERSION=${{ env.SCANNER_IMG_VERSION }}
	SNIFFER_IMG_VERSION=${{ env.SNIFFER_IMG_VERSION }}

	- name: Sign artifact
	run: \|
	cosign sign --yes \
	"${{ env.GH_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.buildpush.outputs.digest }}"
	cosign sign --yes \
	"docker.io/controlplane/netassert@${{ steps.buildpush.outputs.digest }}"

	helm:
	runs-on: ubuntu-latest

	steps:
	- name: Set up Helm
	uses: azure/setup-helm@v4

	- name: Setup yq
	uses: mikefarah/yq@v4

	- name: Log in to GitHub Container Registry
	run: \|
	echo "${{ secrets.GITHUB_TOKEN }}" \| helm registry login ghcr.io -u ${{ github.actor }} --password-stdin

	- name: Prepare and package Helm chart
	run: \|
	CLEAN_VERSION=$(echo "$RELEASE_VERSION" \| sed 's/^v//')
	echo "Using chart version and appVersion: $CLEAN_VERSION"
	yq -i ".image.tag = \"${RELEASE_VERSION}\"" ./helm/values.yaml
	yq -i ".version = \"${CLEAN_VERSION}\"" ./helm/Chart.yaml
	yq -i ".appVersion = \"${CLEAN_VERSION}\"" ./helm/Chart.yaml
	helm package ./helm -d .

	- name: Push Helm chart to GHCR
	run: \|
	CLEAN_VERSION=$(echo "$RELEASE_VERSION" \| sed 's/^v//')
	helm push "./netassert-${CLEAN_VERSION}.tgz" oci://ghcr.io/${{ github.repository_owner }}/charts

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

workout #27

Workflow file

workout #27

Uh oh!

Workflow file for this run