Merge pull request #596 from GrahamDumpleton/cookie-cve-fix #371
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Publish Images | |
on: | |
workflow_dispatch: | |
inputs: | |
target_platforms: | |
type: choice | |
description: Platforms | |
options: | |
- linux/amd64 | |
- linux/arm64 | |
- linux/amd64,linux/arm64 | |
push: | |
tags: | |
- "[0-9]+.[0-9]+.[0-9]+" | |
- "[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+" | |
- "[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+" | |
- "[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+" | |
env: | |
GO_VERSION: "1.22.5" | |
BUILDKIT_VERSION: "v0.15.1" | |
jobs: | |
publish-generic-images: | |
name: Publish | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- image: docker-registry | |
- image: pause-container | |
- image: session-manager | |
- image: training-portal | |
- image: secrets-manager | |
- image: tunnel-manager | |
- image: image-cache | |
- image: assets-server | |
- image: lookup-service | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v4 | |
- name: Calculate platforms | |
shell: bash | |
run: | | |
TARGET_PLATFORMS="${{github.event.inputs.target_platforms}}" | |
if [ -z "$TARGET_PLATFORMS" ]; then | |
TARGET_PLATFORMS="${{secrets.TARGET_PLATFORMS}}" | |
fi | |
if [ -z "$TARGET_PLATFORMS" ]; then | |
IS_FORK=$(if [[ $GITHUB_EVENT_NAME == 'push' && $GITHUB_EVENT_PATH ]]; then jq -r .repository.fork <<< $(cat $GITHUB_EVENT_PATH); else echo false; fi) | |
if [ $IS_FORK == "true" ]; then | |
TARGET_PLATFORMS="linux/amd64" | |
else | |
TARGET_PLATFORMS="linux/amd64,linux/arm64" | |
fi | |
fi | |
echo "TARGET_PLATFORMS=${TARGET_PLATFORMS}" >>${GITHUB_ENV} | |
- name: Calculate variables | |
shell: bash | |
run: | | |
REPOSITORY_OWNER=${{github.repository_owner}} | |
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver-opts: | | |
image=moby/buildkit:${{env.BUILDKIT_VERSION}} | |
- name: Restore Docker cache (amd64) | |
if: ${{ (matrix.image == 'secrets-manager') || (matrix.image == 'session-manager') || (matrix.image == 'training-portal') || (matrix.image == 'tunnel-manager') || (matrix.image == 'lookup-service') }} | |
uses: actions/cache/restore@v4 | |
with: | |
path: /tmp/.buildx-cache-amd64-new | |
key: ${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-${{github.sha}} | |
restore-keys: | | |
${{runner.os}}-buildx-cache-amd64-${{matrix.image}}- | |
- name: Restore Docker cache (arm64) | |
if: ${{ (matrix.image == 'secrets-manager') || (matrix.image == 'session-manager') || (matrix.image == 'training-portal') || (matrix.image == 'tunnel-manager') || (matrix.image == 'lookup-service') }} | |
uses: actions/cache/restore@v4 | |
with: | |
path: /tmp/.buildx-cache-arm64-new | |
key: ${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-${{github.sha}} | |
restore-keys: | | |
${{runner.os}}-buildx-cache-arm64-${{matrix.image}}- | |
- name: Rename cache directories | |
run: | | |
test -d /tmp/.buildx-cache-amd64-new && mv /tmp/.buildx-cache-amd64-new /tmp/.buildx-cache-amd64-old || true | |
test -d /tmp/.buildx-cache-arm64-new && mv /tmp/.buildx-cache-arm64-new /tmp/.buildx-cache-arm64-old || true | |
du -ks /tmp/.buildx-cache-* || true | |
- name: Generate container image metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
ghcr.io/${{env.REPOSITORY_OWNER}}/educates-${{matrix.image}} | |
tags: | | |
type=ref,event=branch | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
- name: Login to GitHub container registry | |
uses: docker/login-action@v3 | |
with: | |
username: ${{github.actor}} | |
password: ${{secrets.GITHUB_TOKEN}} | |
registry: ghcr.io | |
- name: Build and push ${{matrix.image}} image | |
uses: docker/build-push-action@v6 | |
with: | |
context: ${{matrix.image}} | |
platforms: ${{env.TARGET_PLATFORMS}} | |
tags: ${{steps.meta.outputs.tags}} | |
cache-from: | | |
type=local,src=/tmp/.buildx-cache-arm64-old | |
type=local,src=/tmp/.buildx-cache-amd64-old | |
push: true | |
- name: Cache build ${{matrix.image}} (amd64) | |
if: contains(env.TARGET_PLATFORMS, 'linux/amd64') | |
uses: docker/build-push-action@v6 | |
with: | |
context: ${{matrix.image}} | |
platforms: linux/amd64 | |
cache-from: type=local,src=/tmp/.buildx-cache-amd64-old | |
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-amd64-new | |
push: false | |
- name: Cache build ${{matrix.image}} (arm64) | |
if: contains(env.TARGET_PLATFORMS, 'linux/arm64') | |
uses: docker/build-push-action@v6 | |
with: | |
context: ${{matrix.image}} | |
platforms: linux/arm64 | |
cache-from: type=local,src=/tmp/.buildx-cache-arm64-old | |
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-arm64-new | |
push: false | |
- name: Dump cache directory sizes | |
if: ${{ (matrix.image == 'secrets-manager') || (matrix.image == 'session-manager') || (matrix.image == 'training-portal') || (matrix.image == 'tunnel-manager') || (matrix.image == 'lookup-service') }} | |
run: | | |
du -ks /tmp/.buildx-cache-* || true | |
- name: Save Docker cache (amd64) | |
if: ${{ (matrix.image == 'secrets-manager') || (matrix.image == 'session-manager') || (matrix.image == 'training-portal') || (matrix.image == 'tunnel-manager') || (matrix.image == 'lookup-service') }} | |
uses: actions/cache/save@v4 | |
with: | |
path: /tmp/.buildx-cache-amd64-new | |
key: ${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-${{github.sha}} | |
- name: Save Docker cache (arm64) | |
if: ${{ (matrix.image == 'secrets-manager') || (matrix.image == 'session-manager') || (matrix.image == 'training-portal') || (matrix.image == 'tunnel-manager') || (matrix.image == 'lookup-service') }} | |
uses: actions/cache/save@v4 | |
with: | |
path: /tmp/.buildx-cache-arm64-new | |
key: ${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-${{github.sha}} | |
publish-workshop-base-image: | |
name: Publish (base-environment) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v4 | |
- name: Calculate platforms | |
shell: bash | |
run: | | |
TARGET_PLATFORMS="${{github.event.inputs.target_platforms}}" | |
if [ -z "$TARGET_PLATFORMS" ]; then | |
TARGET_PLATFORMS="${{secrets.TARGET_PLATFORMS}}" | |
fi | |
if [ -z "$TARGET_PLATFORMS" ]; then | |
IS_FORK=$(if [[ $GITHUB_EVENT_NAME == 'push' && $GITHUB_EVENT_PATH ]]; then jq -r .repository.fork <<< $(cat $GITHUB_EVENT_PATH); else echo false; fi) | |
if [ $IS_FORK == "true" ]; then | |
TARGET_PLATFORMS="linux/amd64" | |
else | |
TARGET_PLATFORMS="linux/amd64,linux/arm64" | |
fi | |
fi | |
echo "TARGET_PLATFORMS=${TARGET_PLATFORMS}" >>${GITHUB_ENV} | |
- name: Calculate variables | |
shell: bash | |
run: | | |
REPOSITORY_OWNER=${{github.repository_owner}} | |
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver-opts: | | |
image=moby/buildkit:${{env.BUILDKIT_VERSION}} | |
- name: Verify docker daemon image contents | |
run: | | |
docker images | |
- name: Remove unwanted images to free storage space | |
run: | | |
docker rmi node:14 || true | |
docker rmi node:16 || true | |
docker rmi node:18 || true | |
docker rmi node:20 || true | |
docker images prune | |
- name: Restore Docker cache (amd64) | |
uses: actions/cache/restore@v4 | |
with: | |
path: /tmp/.buildx-cache-amd64-new | |
key: ${{runner.os}}-buildx-cache-amd64-base-environment-${{github.sha}} | |
restore-keys: | | |
${{runner.os}}-buildx-cache-amd64-base-environment- | |
- name: Restore Docker cache (arm64) | |
uses: actions/cache/restore@v4 | |
with: | |
path: /tmp/.buildx-cache-arm64-new | |
key: ${{runner.os}}-buildx-cache-arm64-base-environment-${{github.sha}} | |
restore-keys: | | |
${{runner.os}}-buildx-cache-arm64-base-environment- | |
- name: Rename cache directories | |
run: | | |
test -d /tmp/.buildx-cache-amd64-new && mv /tmp/.buildx-cache-amd64-new /tmp/.buildx-cache-amd64-old || true | |
test -d /tmp/.buildx-cache-arm64-new && mv /tmp/.buildx-cache-arm64-new /tmp/.buildx-cache-arm64-old || true | |
du -ks /tmp/.buildx-cache-* || true | |
- name: Generate container image metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
ghcr.io/${{env.REPOSITORY_OWNER}}/educates-base-environment | |
tags: | | |
type=ref,event=branch | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=sha | |
- name: Login to GitHub container registry | |
uses: docker/login-action@v3 | |
with: | |
username: ${{github.actor}} | |
password: ${{secrets.GITHUB_TOKEN}} | |
registry: ghcr.io | |
- name: Build and push base-environment image | |
uses: docker/build-push-action@v6 | |
with: | |
context: workshop-images/base-environment | |
platforms: ${{env.TARGET_PLATFORMS}} | |
tags: ${{steps.meta.outputs.tags}} | |
cache-from: | | |
type=local,src=/tmp/.buildx-cache-arm64-old | |
type=local,src=/tmp/.buildx-cache-amd64-old | |
push: true | |
- name: Cache build ${{matrix.image}} (amd64) | |
if: contains(env.TARGET_PLATFORMS, 'linux/amd64') | |
uses: docker/build-push-action@v6 | |
with: | |
context: workshop-images/base-environment | |
platforms: linux/amd64 | |
cache-from: type=local,src=/tmp/.buildx-cache-amd64-old | |
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-amd64-new | |
push: false | |
- name: Remove old cache directories | |
run: | | |
rm -rf /tmp/.buildx-cache-amd64-old | |
- name: Cache build ${{matrix.image}} (arm64) | |
if: contains(env.TARGET_PLATFORMS, 'linux/arm64') | |
uses: docker/build-push-action@v6 | |
with: | |
context: workshop-images/base-environment | |
platforms: linux/arm64 | |
cache-from: type=local,src=/tmp/.buildx-cache-arm64-old | |
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-arm64-new | |
push: false | |
- name: Dump cache directory sizes | |
run: | | |
du -ks /tmp/.buildx-cache-* || true | |
- name: Save Docker cache (amd64) | |
uses: actions/cache/save@v4 | |
with: | |
path: /tmp/.buildx-cache-amd64-new | |
key: ${{runner.os}}-buildx-cache-amd64-base-environment-${{github.sha}} | |
- name: Save Docker cache (arm64) | |
uses: actions/cache/save@v4 | |
with: | |
path: /tmp/.buildx-cache-arm64-new | |
key: ${{runner.os}}-buildx-cache-arm64-base-environment-${{github.sha}} | |
publish-workshop-images: | |
name: Publish | |
runs-on: ubuntu-latest | |
needs: | |
- publish-workshop-base-image | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- image: jdk8-environment | |
- image: jdk11-environment | |
- image: jdk17-environment | |
- image: jdk21-environment | |
- image: conda-environment | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v4 | |
- name: Calculate platforms | |
shell: bash | |
run: | | |
TARGET_PLATFORMS="${{github.event.inputs.target_platforms}}" | |
if [ -z "$TARGET_PLATFORMS" ]; then | |
TARGET_PLATFORMS="${{secrets.TARGET_PLATFORMS}}" | |
fi | |
if [ -z "$TARGET_PLATFORMS" ]; then | |
IS_FORK=$(if [[ $GITHUB_EVENT_NAME == 'push' && $GITHUB_EVENT_PATH ]]; then jq -r .repository.fork <<< $(cat $GITHUB_EVENT_PATH); else echo false; fi) | |
if [ $IS_FORK == "true" ]; then | |
TARGET_PLATFORMS="linux/amd64" | |
else | |
TARGET_PLATFORMS="linux/amd64,linux/arm64" | |
fi | |
fi | |
echo "TARGET_PLATFORMS=${TARGET_PLATFORMS}" >>${GITHUB_ENV} | |
- name: Calculate variables | |
shell: bash | |
run: | | |
REPOSITORY_OWNER=${{github.repository_owner}} | |
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV} | |
echo "REPOSITORY_SHA_TAG=sha-${GITHUB_SHA::7}" >>${GITHUB_ENV} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver-opts: | | |
image=moby/buildkit:${{env.BUILDKIT_VERSION}} | |
- name: Verify docker daemon image contents | |
run: | | |
docker images | |
- name: Remove unwanted images to free storage space | |
run: | | |
docker rmi node:14 || true | |
docker rmi node:16 || true | |
docker rmi node:18 || true | |
docker rmi node:20 || true | |
docker images prune | |
- name: Restore Docker cache (amd64) | |
if: ${{ (matrix.image == 'conda-environment') }} | |
uses: actions/cache/restore@v4 | |
with: | |
path: /tmp/.buildx-cache-amd64-new | |
key: ${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-${{github.sha}} | |
restore-keys: | | |
${{runner.os}}-buildx-cache-amd64-${{matrix.image}}- | |
- name: Restore Docker cache (arm64) | |
if: ${{ (matrix.image == 'conda-environment') }} | |
uses: actions/cache/restore@v4 | |
with: | |
path: /tmp/.buildx-cache-arm64-new | |
key: ${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-${{github.sha}} | |
restore-keys: | | |
${{runner.os}}-buildx-cache-arm64-${{matrix.image}}- | |
- name: Rename cache directories | |
run: | | |
test -d /tmp/.buildx-cache-amd64-new && mv /tmp/.buildx-cache-amd64-new /tmp/.buildx-cache-amd64-old || true | |
test -d /tmp/.buildx-cache-arm64-new && mv /tmp/.buildx-cache-arm64-new /tmp/.buildx-cache-arm64-old || true | |
du -ks /tmp/.buildx-cache-* || true | |
- name: Generate container image metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
ghcr.io/${{env.REPOSITORY_OWNER}}/educates-${{matrix.image}} | |
tags: | | |
type=ref,event=branch | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
- name: Login to GitHub container registry | |
uses: docker/login-action@v3 | |
with: | |
username: ${{github.actor}} | |
password: ${{secrets.GITHUB_TOKEN}} | |
registry: ghcr.io | |
- name: Build and push ${{matrix.image}} image | |
uses: docker/build-push-action@v6 | |
with: | |
context: workshop-images/${{matrix.image}} | |
platforms: ${{env.TARGET_PLATFORMS}} | |
tags: ${{steps.meta.outputs.tags}} | |
build-args: | | |
IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}} | |
BASE_IMAGE_NAME=educates-base-environment | |
PACKAGE_VERSION=${{env.REPOSITORY_SHA_TAG}} | |
cache-from: | | |
type=local,src=/tmp/.buildx-cache-arm64-old | |
type=local,src=/tmp/.buildx-cache-amd64-old | |
push: true | |
- name: Cache build ${{matrix.image}} (amd64) | |
if: contains(env.TARGET_PLATFORMS, 'linux/amd64') | |
uses: docker/build-push-action@v6 | |
with: | |
context: workshop-images/${{matrix.image}} | |
platforms: linux/amd64 | |
build-args: | | |
IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}} | |
BASE_IMAGE_NAME=educates-base-environment | |
PACKAGE_VERSION=${{env.REPOSITORY_SHA_TAG}} | |
cache-from: type=local,src=/tmp/.buildx-cache-amd64-old | |
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-amd64-new | |
push: false | |
- name: Remove old cache directories | |
run: | | |
rm -rf /tmp/.buildx-cache-amd64-old | |
- name: Cache build ${{matrix.image}} (arm64) | |
if: contains(env.TARGET_PLATFORMS, 'linux/arm64') | |
uses: docker/build-push-action@v6 | |
with: | |
context: workshop-images/${{matrix.image}} | |
platforms: linux/arm64 | |
build-args: | | |
IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}} | |
BASE_IMAGE_NAME=educates-base-environment | |
PACKAGE_VERSION=${{env.REPOSITORY_SHA_TAG}} | |
cache-from: type=local,src=/tmp/.buildx-cache-arm64-old | |
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-arm64-new | |
push: false | |
- name: Dump cache directory sizes | |
if: ${{ (matrix.image == 'conda-environment') }} | |
run: | | |
du -ks /tmp/.buildx-cache-* || true | |
- name: Save Docker cache (amd64) | |
if: ${{ (matrix.image == 'conda-environment') }} | |
uses: actions/cache/save@v4 | |
with: | |
path: /tmp/.buildx-cache-amd64-new | |
key: ${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-${{github.sha}} | |
- name: Save Docker cache (arm64) | |
if: ${{ (matrix.image == 'conda-environment') }} | |
uses: actions/cache/save@v4 | |
with: | |
path: /tmp/.buildx-cache-arm64-new | |
key: ${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-${{github.sha}} | |
publish-carvel-bundles: | |
name: Bundle | |
runs-on: ubuntu-latest | |
needs: | |
- publish-generic-images | |
- publish-workshop-images | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v4 | |
- name: Install Carvel tools | |
shell: bash | |
run: curl -L https://carvel.dev/install.sh | bash | |
- name: Calculate variables | |
shell: bash | |
run: | | |
REPOSITORY_OWNER=${{github.repository_owner}} | |
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV} | |
echo "REPOSITORY_TAG=${GITHUB_REF##*/}" >>${GITHUB_ENV} | |
echo "REPOSITORY_SHA_TAG=sha-${GITHUB_SHA::7}" >>${GITHUB_ENV} | |
- name: Create publish values file | |
shell: bash | |
run: | | |
cat <<EOF > publish-values.yaml | |
clusterInfrastructure: | |
provider: "custom" | |
clusterPackages: | |
contour: | |
enabled: true | |
settings: | |
infraProvider: custom | |
cert-manager: | |
enabled: true | |
settings: {} | |
external-dns: | |
enabled: true | |
settings: | |
infraProvider: custom | |
deployment: | |
args: | |
- --provider=custom | |
- --source=custom | |
certs: | |
enabled: true | |
settings: | |
certProvider: local | |
domains: | |
- "example.com" | |
local: | |
caCertificate: | |
ca.crt: "AA" | |
ca.key: "BB" | |
kyverno: | |
enabled: true | |
settings: {} | |
educates: | |
enabled: true | |
settings: | |
clusterIngress: | |
domain: "educates.example.com" | |
imageRegistry: | |
host: "ghcr.io" | |
namespace: ${{env.REPOSITORY_OWNER}} | |
version: ${{env.REPOSITORY_TAG}} | |
lookupService: | |
enabled: true | |
EOF | |
- name: Publish educates-installer bundle | |
shell: bash | |
run: | | |
# Create the kbld-images.yaml file with references to educates images | |
ytt -f carvel-packages/installer/config/images.yaml \ | |
-f carvel-packages/installer/config/schema.yaml \ | |
-v imageRegistry.host=ghcr.io \ | |
-v imageRegistry.namespace=${{env.REPOSITORY_OWNER}} \ | |
-v version=${{env.REPOSITORY_TAG}} > carvel-packages/installer/bundle/kbld/kbld-images.yaml | |
# Cat the generated file for debugging purposes | |
cat carvel-packages/installer/bundle/kbld/kbld-images.yaml | |
# Create images lock file. We use a sample values file to pass validations | |
# We properly rewrite references to images via kbld | |
ytt --data-values-file publish-values.yaml \ | |
-f carvel-packages/installer/bundle/config | kbld -f - \ | |
-f carvel-packages/installer/bundle/kbld/kbld-images.yaml \ | |
--imgpkg-lock-output carvel-packages/installer/bundle/.imgpkg/images.yml | |
# Push the bundle to the registry | |
imgpkg push \ | |
-b ghcr.io/${{env.REPOSITORY_OWNER}}/educates-installer:${{env.REPOSITORY_TAG}} \ | |
-f carvel-packages/installer/bundle \ | |
--registry-username=${{github.actor}} \ | |
--registry-password=${{secrets.GITHUB_TOKEN}} | |
ytt -f carvel-packages/installer/config/app.yaml \ | |
-f carvel-packages/installer/config/schema.yaml \ | |
-v version=${{env.REPOSITORY_TAG}} \ | |
-v imageRegistry.host=ghcr.io \ | |
-v imageRegistry.namespace=${{env.REPOSITORY_OWNER}} > educates-installer-app.yaml | |
# Copy and rename rbac.yaml file | |
cp carvel-packages/installer/config/rbac.yaml educates-installer-app-rbac.yaml | |
- name: Save educates-installer-app.yaml | |
uses: actions/upload-artifact@v4 | |
with: | |
name: educates-installer-app.yaml | |
path: educates-installer-app.yaml | |
- name: Save educates-installer-app-rbac.yaml | |
uses: actions/upload-artifact@v4 | |
with: | |
name: educates-installer-app-rbac.yaml | |
path: educates-installer-app-rbac.yaml | |
build-client-programs-linux-amd64: | |
name: Build (clients) / amd64@linux | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v4 | |
- name: Calculate variables | |
shell: bash | |
run: | | |
REPOSITORY_OWNER=${{github.repository_owner}} | |
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV} | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{env.GO_VERSION}} | |
cache-dependency-path: | | |
client-programs/go.sum | |
- name: Build educates client program | |
shell: bash | |
run: | | |
rm -rf client-programs/pkg/renderer/files | |
mkdir client-programs/pkg/renderer/files | |
cp -rp workshop-images/base-environment/opt/eduk8s/etc/themes client-programs/pkg/renderer/files/ | |
cd client-programs | |
REPOSITORY_TAG=${GITHUB_REF##*/} | |
IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}} | |
go build -o educates-linux-amd64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG' -X 'main.imageRepository=$IMAGE_REPOSITORY'" cmd/educates/main.go | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: educates-linux-amd64 | |
path: client-programs/educates-linux-amd64 | |
build-client-programs-linux-arm64: | |
name: Build (clients) / arm64@linux | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v4 | |
- name: Calculate variables | |
shell: bash | |
run: | | |
REPOSITORY_OWNER=${{github.repository_owner}} | |
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV} | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{env.GO_VERSION}} | |
cache-dependency-path: | | |
client-programs/go.sum | |
- name: Build educates client program | |
shell: bash | |
run: | | |
rm -rf client-programs/pkg/renderer/files | |
mkdir client-programs/pkg/renderer/files | |
cp -rp workshop-images/base-environment/opt/eduk8s/etc/themes client-programs/pkg/renderer/files/ | |
cd client-programs | |
REPOSITORY_TAG=${GITHUB_REF##*/} | |
IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}} | |
GOOS=linux GOARCH=arm64 go build -o educates-linux-arm64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG' -X 'main.imageRepository=$IMAGE_REPOSITORY'" cmd/educates/main.go | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: educates-linux-arm64 | |
path: client-programs/educates-linux-arm64 | |
build-client-programs-darwin-amd64: | |
name: Build (clients) / amd64@darwin | |
runs-on: macos-12 | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v4 | |
- name: Calculate variables | |
shell: bash | |
run: | | |
REPOSITORY_OWNER=${{github.repository_owner}} | |
echo "REPOSITORY_OWNER=$(echo "$REPOSITORY_OWNER" | tr '[:upper:]' '[:lower:]')" >>${GITHUB_ENV} | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{env.GO_VERSION}} | |
cache-dependency-path: | | |
client-programs/go.sum | |
- name: Build educates client program | |
shell: bash | |
run: | | |
rm -rf client-programs/pkg/renderer/files | |
mkdir client-programs/pkg/renderer/files | |
cp -rp workshop-images/base-environment/opt/eduk8s/etc/themes client-programs/pkg/renderer/files/ | |
cd client-programs | |
REPOSITORY_TAG=${GITHUB_REF##*/} | |
IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}} | |
# DO NOT USE GOOS/GOARCH for native build as it appears to produce a | |
# binary which is different and cannot create a Kind cluster which can | |
# run both AMD and ARM images. Version with GOOS/GOARCH only retained | |
# here for documentation purposes. | |
# GOOS=darwin GOARCH=amd64 go build -o educates-darwin-amd64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG' -X 'main.imageRepository=$IMAGE_REPOSITORY'" cmd/educates/main.go | |
go build -o educates-darwin-amd64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG' -X 'main.imageRepository=$IMAGE_REPOSITORY'" cmd/educates/main.go | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: educates-darwin-amd64 | |
path: client-programs/educates-darwin-amd64 | |
build-client-programs-darwin-arm64: | |
name: Build (clients) / arm64@darwin | |
runs-on: macos-12 | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v4 | |
- name: Calculate variables | |
shell: bash | |
run: | | |
REPOSITORY_OWNER=${{github.repository_owner}} | |
echo "REPOSITORY_OWNER=$(echo "$REPOSITORY_OWNER" | tr '[:upper:]' '[:lower:]')" >>${GITHUB_ENV} | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{env.GO_VERSION}} | |
cache-dependency-path: | | |
client-programs/go.sum | |
- name: Build educates client program | |
shell: bash | |
run: | | |
rm -rf client-programs/pkg/renderer/files | |
mkdir client-programs/pkg/renderer/files | |
cp -rp workshop-images/base-environment/opt/eduk8s/etc/themes client-programs/pkg/renderer/files/ | |
cd client-programs | |
REPOSITORY_TAG=${GITHUB_REF##*/} | |
IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}} | |
GOOS=darwin GOARCH=arm64 go build -o educates-darwin-arm64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG' -X 'main.imageRepository=$IMAGE_REPOSITORY'" cmd/educates/main.go | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: educates-darwin-arm64 | |
path: client-programs/educates-darwin-arm64 | |
publish-client-programs: | |
name: Programs | |
runs-on: ubuntu-latest | |
needs: | |
- build-client-programs-linux-amd64 | |
- build-client-programs-linux-arm64 | |
- build-client-programs-darwin-amd64 | |
- build-client-programs-darwin-arm64 | |
steps: | |
- name: Restore educates-linux-amd64 | |
uses: actions/download-artifact@v4 | |
with: | |
name: educates-linux-amd64 | |
path: client-programs | |
- name: Restore educates-linux-arm64 | |
uses: actions/download-artifact@v4 | |
with: | |
name: educates-linux-arm64 | |
path: client-programs | |
- name: Restore educates-darwin-amd64 | |
uses: actions/download-artifact@v4 | |
with: | |
name: educates-darwin-amd64 | |
path: client-programs | |
- name: Restore educates-darwin-arm64 | |
uses: actions/download-artifact@v4 | |
with: | |
name: educates-darwin-arm64 | |
path: client-programs | |
- name: Install Carvel tools | |
shell: bash | |
run: curl -L https://carvel.dev/install.sh | bash | |
- name: Calculate variables | |
shell: bash | |
run: | | |
REPOSITORY_OWNER=${{github.repository_owner}} | |
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV} | |
echo "REPOSITORY_TAG=${GITHUB_REF##*/}" >>${GITHUB_ENV} | |
- name: Publish client programs | |
shell: bash | |
run: | | |
chmod +x client-programs/* | |
imgpkg push \ | |
-i ghcr.io/${{env.REPOSITORY_OWNER}}/educates-client-programs:${{env.REPOSITORY_TAG}} \ | |
-f client-programs \ | |
--registry-username=${{github.actor}} \ | |
--registry-password=${{secrets.GITHUB_TOKEN}} | |
publish-docker-extension: | |
name: Extension | |
runs-on: ubuntu-latest | |
needs: | |
- publish-client-programs | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v4 | |
- name: Calculate variables | |
shell: bash | |
run: | | |
REPOSITORY_OWNER=${{github.repository_owner}} | |
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver-opts: | | |
image=moby/buildkit:${{env.BUILDKIT_VERSION}} | |
- name: Generate container image metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
ghcr.io/${{env.REPOSITORY_OWNER}}/educates-docker-extension | |
tags: | | |
type=ref,event=branch | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
- name: Login to GitHub container registry | |
uses: docker/login-action@v3 | |
with: | |
username: ${{github.actor}} | |
password: ${{secrets.GITHUB_TOKEN}} | |
registry: ghcr.io | |
- name: Calculate variables | |
shell: bash | |
run: | | |
echo "REPOSITORY_TAG=${GITHUB_REF##*/}" >>${GITHUB_ENV} | |
- name: Build and push docker-extension image | |
uses: docker/build-push-action@v6 | |
with: | |
context: docker-extension | |
platforms: ${{env.TARGET_PLATFORMS}} | |
build-args: | | |
REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}} | |
TAG=${{env.REPOSITORY_TAG}} | |
tags: ${{steps.meta.outputs.tags}} | |
push: true | |
release-artifacts: | |
name: Release | |
runs-on: ubuntu-latest | |
if: startsWith(github.ref, 'refs/tags/') | |
needs: | |
- publish-carvel-bundles | |
- build-client-programs-linux-amd64 | |
- build-client-programs-linux-arm64 | |
- build-client-programs-darwin-amd64 | |
- build-client-programs-darwin-arm64 | |
- publish-docker-extension | |
steps: | |
- name: Calculate variables | |
shell: bash | |
run: | | |
REPOSITORY_TAG=${GITHUB_REF##*/} | |
if [[ "$REPOSITORY_TAG" == *-* ]]; then | |
PRERELEASE=true | |
else | |
PRERELEASE=false | |
fi | |
echo "REPOSITORY_TAG=${REPOSITORY_TAG}" >>${GITHUB_ENV} | |
echo "PRERELEASE=${PRERELEASE}" >>${GITHUB_ENV} | |
- name: Restore educates-installer-app.yaml | |
uses: actions/download-artifact@v4 | |
with: | |
name: educates-installer-app.yaml | |
- name: Restore educates-installer-app-rbac.yaml | |
uses: actions/download-artifact@v4 | |
with: | |
name: educates-installer-app-rbac.yaml | |
- name: Restore educates-linux-amd64 | |
uses: actions/download-artifact@v4 | |
with: | |
name: educates-linux-amd64 | |
- name: Restore educates-linux-arm64 | |
uses: actions/download-artifact@v4 | |
with: | |
name: educates-linux-arm64 | |
- name: Restore educates-darwin-amd64 | |
uses: actions/download-artifact@v4 | |
with: | |
name: educates-darwin-amd64 | |
- name: Restore educates-darwin-arm64 | |
uses: actions/download-artifact@v4 | |
with: | |
name: educates-darwin-arm64 | |
- name: Generate file checksums for CLI binaries | |
shell: bash | |
run: | | |
sha256sum educates-darwin-amd64 >> checksums.txt | |
sha256sum educates-darwin-arm64 >> checksums.txt | |
sha256sum educates-linux-amd64 >> checksums.txt | |
sha256sum educates-linux-arm64 >> checksums.txt | |
sha256sum educates-installer-app.yaml >> checksums.txt | |
sha256sum educates-installer-app-rbac.yaml >> checksums.txt | |
echo 'File Checksums' >> release-notes.md | |
echo '--------------' >> release-notes.md | |
echo '```' >> release-notes.md | |
cat checksums.txt >> release-notes.md | |
echo '```' >> release-notes.md | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: checksums.txt | |
path: checksums.txt | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: release-notes.md | |
path: release-notes.md | |
- name: Create release | |
id: create_release | |
uses: softprops/action-gh-release@v2 | |
env: | |
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
with: | |
tag_name: ${{env.REPOSITORY_TAG}} | |
name: "educates:${{env.REPOSITORY_TAG}}" | |
draft: false | |
prerelease: ${{env.PRERELEASE}} | |
body_path: release-notes.md | |
files: | | |
checksums.txt | |
educates-installer-app.yaml | |
educates-installer-app-rbac.yaml | |
educates-linux-amd64 | |
educates-linux-arm64 | |
educates-darwin-amd64 | |
educates-darwin-arm64 |