karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
karmada/.github/workflows/release.yml

224 lines
8.2 KiB
YAML
Raw Blame History

on:
release:
types:
- published
name: Build Release
permissions:
contents: read
jobs:
release-assests:
permissions:
contents: write # for softprops/action-gh-release to create GitHub release
name: release kubectl-karmada
runs-on: ubuntu-22.04
strategy:
matrix:
target:
- karmadactl
- kubectl-karmada
os:
- linux
- darwin
arch:
- amd64
- arm64
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Making and packaging
env:
GOOS: ${{ matrix.os }}
GOARCH: ${{ matrix.arch }}
run: make release-${{ matrix.target }}
- name: upload cli
uses: actions/upload-artifact@v4
with:
name: cli-${{ matrix.target }}-${{ matrix.os }}-${{ matrix.arch }}.tgz
path: _output/release/${{ matrix.target }}-${{ matrix.os }}-${{ matrix.arch }}.tgz
- name: Uploading assets...
if: ${{ !env.ACT }}
uses: softprops/action-gh-release@v2
with:
files: |
_output/release/${{ matrix.target }}-${{ matrix.os }}-${{ matrix.arch }}.tgz
_output/release/${{ matrix.target }}-${{ matrix.os }}-${{ matrix.arch }}.tgz.sha256
generate-subject-for-cli-provenance:
needs: [release-assests]
runs-on: ubuntu-22.04
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
steps:
- name: download cli
uses: actions/download-artifact@v4
with:
path: _output/release
pattern: cli-*
merge-multiple: true
- name: generate cli hash
id: hash
run: |
cd _output/release
# sha256sum generates sha256 hash for cli.
# base64 -w0 encodes to base64 and outputs on a single line.
echo "hashes=$(sha256sum *.tgz|base64 -w0)" >> "$GITHUB_OUTPUT"
cli-provenance:
needs: [generate-subject-for-cli-provenance]
permissions:
actions: read # for detecting the Github Actions environment
id-token: write # Needed for provenance signing and ID
contents: write # Needed for release uploads
# Must be referenced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
with:
base64-subjects: "${{ needs.generate-subject-for-cli-provenance.outputs.hashes }}"
provenance-name: "karmada-cli.intoto.jsonl"
upload-assets: true
release-crds-assests:
permissions:
contents: write # for softprops/action-gh-release to create GitHub release
name: release crds
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Rename the crds directory
run: |
mv ./charts/karmada/_crds ./charts/karmada/crds
- name: Tar the crds
uses: a7ul/tar-action@v1.2.0
with:
command: c
cwd: ./charts/karmada/
files: crds
outPath: crds.tar.gz
- name: generate crds hash
id: hash
run: |
# sha256sum generates sha256 hash for crds.
# base64 -w0 encodes to base64 and outputs on a single line.
echo "hashes=$(sha256sum crds.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT"
- name: Uploading crd assets...
uses: softprops/action-gh-release@v2
with:
files: |
crds.tar.gz
crds-provenance:
needs: [release-crds-assests]
permissions:
actions: read # for detecting the Github Actions environment
id-token: write # Needed for provenance signing and ID
contents: write # Needed for release uploads
# Must be referenced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
with:
base64-subjects: "${{ needs.release-crds-assests.outputs.hashes }}"
provenance-name: "karmada-crds.intoto.jsonl"
upload-assets: true
release-charts:
permissions:
contents: write # for softprops/action-gh-release to create GitHub release
name: Release charts
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Making helm charts
env:
VERSION: ${{ github.ref_name }}
run: make package-chart
- name: Uploading assets...
if: ${{ !env.ACT }}
uses: softprops/action-gh-release@v2
with:
files: |
_output/charts/karmada-chart-${{ github.ref_name }}.tgz
_output/charts/karmada-chart-${{ github.ref_name }}.tgz.sha256
_output/charts/karmada-operator-chart-${{ github.ref_name }}.tgz
_output/charts/karmada-operator-chart-${{ github.ref_name }}.tgz.sha256
- name: generate charts hash
id: hash
run: |
cd _output/charts
echo "hashes=$(sha256sum *.tgz|base64 -w0)" >> "$GITHUB_OUTPUT"
charts-provenance:
needs: [release-charts]
permissions:
actions: read # for detecting the Github Actions environment
id-token: write # Needed for provenance signing and ID
contents: write # Needed for release uploads
# Must be referenced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
with:
base64-subjects: "${{ needs.release-charts.outputs.hashes }}"
provenance-name: "karmada-charts.intoto.jsonl"
upload-assets: true
sbom-assests:
permissions:
contents: write # for softprops/action-gh-release to create GitHub release
name: Release sbom
outputs:
hashes: ${{ steps.sbom-hash.outputs.hashes}}
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Generate sbom for karmada file system
uses: aquasecurity/trivy-action@0.29.0
with:
scan-type: 'fs'
format: 'spdx'
output: 'sbom-karmada.spdx'
scan-ref: "${{ github.workspace }}/"
- name: Tar the sbom files
run: |
tar -zcf sbom.tar.gz *.spdx
- name: Generate SBOM hash
shell: bash
id: sbom-hash
run: |
# sha256sum generates sha256 hash for sbom.
# base64 -w0 encodes to base64 and outputs on a single line.
echo "hashes=$(sha256sum sbom.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT"
- name: Uploading sbom assets...
uses: softprops/action-gh-release@v2
with:
files: |
sbom.tar.gz
sbom-provenance:
needs: [sbom-assests]
permissions:
actions: read # for detecting the Github Actions environment
id-token: write # Needed for provenance signing and ID
contents: write # Needed for release uploads
# Must be referenced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
with:
base64-subjects: "${{ needs.sbom-assests.outputs.hashes }}"
provenance-name: "karmada-sbom.intoto.jsonl"
upload-assets: true
update-krew-index:
env:
GH_TOKEN: ${{ github.token }}
needs:
- release-assests
name: Update krew-index
runs-on: ubuntu-22.04
steps:
- name: get latest tag
id: get-latest-tag
run: |
export LATEST_TAG=`gh api repos/karmada-io/karmada/releases/latest | jq -r '.tag_name'`
echo "Got the latest tag:$LATEST_TAG"
echo "event.tag:"${{ github.event.release.tag_name }}
echo "latestTag=$LATEST_TAG" >> "$GITHUB_OUTPUT"
- uses: actions/checkout@v4
if: steps.get-latest-tag.outputs.latestTag == github.event.release.tag_name
- name: Update new version in krew-index
if: steps.get-latest-tag.outputs.latestTag == github.event.release.tag_name
uses: rajatjindal/krew-release-bot@v0.0.47
Reference in New Issue View Git Blame Copy Permalink