Skip to content
release

bump deps, add Kind CI, cleanup, bug fixes (#43) #30

Sign in to view logs

bump deps, add Kind CI, cleanup, bug fixes (#43)

bump deps, add Kind CI, cleanup, bug fixes (#43) #30

Workflow file for this run

.github/workflows/release.yaml at f98a42f
name: release
on:
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+-testing[0-9]+"
permissions:
contents: write
packages: write
id-token: write
attestations: write
env:
GH_REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
RELEASE_VERSION: ${{ github.ref_name }}
SCANNER_IMG_VERSION: v1.0.11
SNIFFER_IMG_VERSION: v1.1.9
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
- name: Set up Go
uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3
with:
go-version: '1.25.4'
- uses: anchore/sbom-action/download-syft@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4
with:
distribution: goreleaser
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
# - name: Extract metadata (tags, labels) for Docker
# id: meta
# uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
# with:
# images: ${{ env.GH_REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Set up QEMU
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
- name: Install cosign
uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3
- name: Log in to the GitHub Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ${{ env.GH_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
id: buildpush
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
with:
platforms: linux/amd64,linux/arm64
sbom: true
provenance: mode=max
push: true
tags: |
docker.io/controlplane/netassert:${{ env.RELEASE_VERSION }}
docker.io/controlplane/netassert:latest
${{ env.GH_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
${{ env.GH_REGISTRY }}/${{ env.IMAGE_NAME }}:latest
build-args: |
VERSION=${{ env.RELEASE_VERSION }}
SCANNER_IMG_VERSION=${{ env.SCANNER_IMG_VERSION }}
SNIFFER_IMG_VERSION=${{ env.SNIFFER_IMG_VERSION }}
- name: Sign artifact
run: |
cosign sign --yes \
"${{ env.GH_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.buildpush.outputs.digest }}"
cosign sign --yes \
"docker.io/controlplane/netassert@${{ steps.buildpush.outputs.digest }}"
helm:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
- name: Set up Helm
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
- name: Setup yq
uses: mikefarah/yq@065b200af9851db0d5132f50bc10b1406ea5c0a8 # v4
- name: Log in to GitHub Container Registry
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Prepare and package Helm chart
run: |
CLEAN_VERSION=$(echo "$RELEASE_VERSION" | sed 's/^v//')
echo "Using chart version and appVersion: $CLEAN_VERSION"
yq -i ".image.tag = \"${RELEASE_VERSION}\"" ./helm/values.yaml
yq -i ".version = \"${CLEAN_VERSION}\"" ./helm/Chart.yaml
yq -i ".appVersion = \"${CLEAN_VERSION}\"" ./helm/Chart.yaml
helm package ./helm -d .
- name: Push Helm chart to GHCR
run: |
CLEAN_VERSION=$(echo "$RELEASE_VERSION" | sed 's/^v//')
helm push "./netassert-${CLEAN_VERSION}.tgz" oci://ghcr.io/${{ github.repository_owner }}/charts