Skip to content

Merge pull request #596 from GrahamDumpleton/cookie-cve-fix #371

Merge pull request #596 from GrahamDumpleton/cookie-cve-fix

Merge pull request #596 from GrahamDumpleton/cookie-cve-fix #371

name: Build and Publish Images
on:
workflow_dispatch:
inputs:
target_platforms:
type: choice
description: Platforms
options:
- linux/amd64
- linux/arm64
- linux/amd64,linux/arm64
push:
tags:
- "[0-9]+.[0-9]+.[0-9]+"
- "[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+"
- "[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+"
- "[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+"
env:
GO_VERSION: "1.22.5"
BUILDKIT_VERSION: "v0.15.1"
jobs:
publish-generic-images:
name: Publish
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- image: docker-registry
- image: pause-container
- image: session-manager
- image: training-portal
- image: secrets-manager
- image: tunnel-manager
- image: image-cache
- image: assets-server
- image: lookup-service
steps:
- name: Check out the repository
uses: actions/checkout@v4
- name: Calculate platforms
shell: bash
run: |
TARGET_PLATFORMS="${{github.event.inputs.target_platforms}}"
if [ -z "$TARGET_PLATFORMS" ]; then
TARGET_PLATFORMS="${{secrets.TARGET_PLATFORMS}}"
fi
if [ -z "$TARGET_PLATFORMS" ]; then
IS_FORK=$(if [[ $GITHUB_EVENT_NAME == 'push' && $GITHUB_EVENT_PATH ]]; then jq -r .repository.fork <<< $(cat $GITHUB_EVENT_PATH); else echo false; fi)
if [ $IS_FORK == "true" ]; then
TARGET_PLATFORMS="linux/amd64"
else
TARGET_PLATFORMS="linux/amd64,linux/arm64"
fi
fi
echo "TARGET_PLATFORMS=${TARGET_PLATFORMS}" >>${GITHUB_ENV}
- name: Calculate variables
shell: bash
run: |
REPOSITORY_OWNER=${{github.repository_owner}}
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: |
image=moby/buildkit:${{env.BUILDKIT_VERSION}}
- name: Restore Docker cache (amd64)
if: ${{ (matrix.image == 'secrets-manager') || (matrix.image == 'session-manager') || (matrix.image == 'training-portal') || (matrix.image == 'tunnel-manager') || (matrix.image == 'lookup-service') }}
uses: actions/cache/restore@v4
with:
path: /tmp/.buildx-cache-amd64-new
key: ${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-${{github.sha}}
restore-keys: |
${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-
- name: Restore Docker cache (arm64)
if: ${{ (matrix.image == 'secrets-manager') || (matrix.image == 'session-manager') || (matrix.image == 'training-portal') || (matrix.image == 'tunnel-manager') || (matrix.image == 'lookup-service') }}
uses: actions/cache/restore@v4
with:
path: /tmp/.buildx-cache-arm64-new
key: ${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-${{github.sha}}
restore-keys: |
${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-
- name: Rename cache directories
run: |
test -d /tmp/.buildx-cache-amd64-new && mv /tmp/.buildx-cache-amd64-new /tmp/.buildx-cache-amd64-old || true
test -d /tmp/.buildx-cache-arm64-new && mv /tmp/.buildx-cache-arm64-new /tmp/.buildx-cache-arm64-old || true
du -ks /tmp/.buildx-cache-* || true
- name: Generate container image metadata
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{env.REPOSITORY_OWNER}}/educates-${{matrix.image}}
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Login to GitHub container registry
uses: docker/login-action@v3
with:
username: ${{github.actor}}
password: ${{secrets.GITHUB_TOKEN}}
registry: ghcr.io
- name: Build and push ${{matrix.image}} image
uses: docker/build-push-action@v6
with:
context: ${{matrix.image}}
platforms: ${{env.TARGET_PLATFORMS}}
tags: ${{steps.meta.outputs.tags}}
cache-from: |
type=local,src=/tmp/.buildx-cache-arm64-old
type=local,src=/tmp/.buildx-cache-amd64-old
push: true
- name: Cache build ${{matrix.image}} (amd64)
if: contains(env.TARGET_PLATFORMS, 'linux/amd64')
uses: docker/build-push-action@v6
with:
context: ${{matrix.image}}
platforms: linux/amd64
cache-from: type=local,src=/tmp/.buildx-cache-amd64-old
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-amd64-new
push: false
- name: Cache build ${{matrix.image}} (arm64)
if: contains(env.TARGET_PLATFORMS, 'linux/arm64')
uses: docker/build-push-action@v6
with:
context: ${{matrix.image}}
platforms: linux/arm64
cache-from: type=local,src=/tmp/.buildx-cache-arm64-old
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-arm64-new
push: false
- name: Dump cache directory sizes
if: ${{ (matrix.image == 'secrets-manager') || (matrix.image == 'session-manager') || (matrix.image == 'training-portal') || (matrix.image == 'tunnel-manager') || (matrix.image == 'lookup-service') }}
run: |
du -ks /tmp/.buildx-cache-* || true
- name: Save Docker cache (amd64)
if: ${{ (matrix.image == 'secrets-manager') || (matrix.image == 'session-manager') || (matrix.image == 'training-portal') || (matrix.image == 'tunnel-manager') || (matrix.image == 'lookup-service') }}
uses: actions/cache/save@v4
with:
path: /tmp/.buildx-cache-amd64-new
key: ${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-${{github.sha}}
- name: Save Docker cache (arm64)
if: ${{ (matrix.image == 'secrets-manager') || (matrix.image == 'session-manager') || (matrix.image == 'training-portal') || (matrix.image == 'tunnel-manager') || (matrix.image == 'lookup-service') }}
uses: actions/cache/save@v4
with:
path: /tmp/.buildx-cache-arm64-new
key: ${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-${{github.sha}}
publish-workshop-base-image:
name: Publish (base-environment)
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@v4
- name: Calculate platforms
shell: bash
run: |
TARGET_PLATFORMS="${{github.event.inputs.target_platforms}}"
if [ -z "$TARGET_PLATFORMS" ]; then
TARGET_PLATFORMS="${{secrets.TARGET_PLATFORMS}}"
fi
if [ -z "$TARGET_PLATFORMS" ]; then
IS_FORK=$(if [[ $GITHUB_EVENT_NAME == 'push' && $GITHUB_EVENT_PATH ]]; then jq -r .repository.fork <<< $(cat $GITHUB_EVENT_PATH); else echo false; fi)
if [ $IS_FORK == "true" ]; then
TARGET_PLATFORMS="linux/amd64"
else
TARGET_PLATFORMS="linux/amd64,linux/arm64"
fi
fi
echo "TARGET_PLATFORMS=${TARGET_PLATFORMS}" >>${GITHUB_ENV}
- name: Calculate variables
shell: bash
run: |
REPOSITORY_OWNER=${{github.repository_owner}}
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: |
image=moby/buildkit:${{env.BUILDKIT_VERSION}}
- name: Verify docker daemon image contents
run: |
docker images
- name: Remove unwanted images to free storage space
run: |
docker rmi node:14 || true
docker rmi node:16 || true
docker rmi node:18 || true
docker rmi node:20 || true
docker images prune
- name: Restore Docker cache (amd64)
uses: actions/cache/restore@v4
with:
path: /tmp/.buildx-cache-amd64-new
key: ${{runner.os}}-buildx-cache-amd64-base-environment-${{github.sha}}
restore-keys: |
${{runner.os}}-buildx-cache-amd64-base-environment-
- name: Restore Docker cache (arm64)
uses: actions/cache/restore@v4
with:
path: /tmp/.buildx-cache-arm64-new
key: ${{runner.os}}-buildx-cache-arm64-base-environment-${{github.sha}}
restore-keys: |
${{runner.os}}-buildx-cache-arm64-base-environment-
- name: Rename cache directories
run: |
test -d /tmp/.buildx-cache-amd64-new && mv /tmp/.buildx-cache-amd64-new /tmp/.buildx-cache-amd64-old || true
test -d /tmp/.buildx-cache-arm64-new && mv /tmp/.buildx-cache-arm64-new /tmp/.buildx-cache-arm64-old || true
du -ks /tmp/.buildx-cache-* || true
- name: Generate container image metadata
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{env.REPOSITORY_OWNER}}/educates-base-environment
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: Login to GitHub container registry
uses: docker/login-action@v3
with:
username: ${{github.actor}}
password: ${{secrets.GITHUB_TOKEN}}
registry: ghcr.io
- name: Build and push base-environment image
uses: docker/build-push-action@v6
with:
context: workshop-images/base-environment
platforms: ${{env.TARGET_PLATFORMS}}
tags: ${{steps.meta.outputs.tags}}
cache-from: |
type=local,src=/tmp/.buildx-cache-arm64-old
type=local,src=/tmp/.buildx-cache-amd64-old
push: true
- name: Cache build ${{matrix.image}} (amd64)
if: contains(env.TARGET_PLATFORMS, 'linux/amd64')
uses: docker/build-push-action@v6
with:
context: workshop-images/base-environment
platforms: linux/amd64
cache-from: type=local,src=/tmp/.buildx-cache-amd64-old
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-amd64-new
push: false
- name: Remove old cache directories
run: |
rm -rf /tmp/.buildx-cache-amd64-old
- name: Cache build ${{matrix.image}} (arm64)
if: contains(env.TARGET_PLATFORMS, 'linux/arm64')
uses: docker/build-push-action@v6
with:
context: workshop-images/base-environment
platforms: linux/arm64
cache-from: type=local,src=/tmp/.buildx-cache-arm64-old
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-arm64-new
push: false
- name: Dump cache directory sizes
run: |
du -ks /tmp/.buildx-cache-* || true
- name: Save Docker cache (amd64)
uses: actions/cache/save@v4
with:
path: /tmp/.buildx-cache-amd64-new
key: ${{runner.os}}-buildx-cache-amd64-base-environment-${{github.sha}}
- name: Save Docker cache (arm64)
uses: actions/cache/save@v4
with:
path: /tmp/.buildx-cache-arm64-new
key: ${{runner.os}}-buildx-cache-arm64-base-environment-${{github.sha}}
publish-workshop-images:
name: Publish
runs-on: ubuntu-latest
needs:
- publish-workshop-base-image
strategy:
fail-fast: false
matrix:
include:
- image: jdk8-environment
- image: jdk11-environment
- image: jdk17-environment
- image: jdk21-environment
- image: conda-environment
steps:
- name: Check out the repository
uses: actions/checkout@v4
- name: Calculate platforms
shell: bash
run: |
TARGET_PLATFORMS="${{github.event.inputs.target_platforms}}"
if [ -z "$TARGET_PLATFORMS" ]; then
TARGET_PLATFORMS="${{secrets.TARGET_PLATFORMS}}"
fi
if [ -z "$TARGET_PLATFORMS" ]; then
IS_FORK=$(if [[ $GITHUB_EVENT_NAME == 'push' && $GITHUB_EVENT_PATH ]]; then jq -r .repository.fork <<< $(cat $GITHUB_EVENT_PATH); else echo false; fi)
if [ $IS_FORK == "true" ]; then
TARGET_PLATFORMS="linux/amd64"
else
TARGET_PLATFORMS="linux/amd64,linux/arm64"
fi
fi
echo "TARGET_PLATFORMS=${TARGET_PLATFORMS}" >>${GITHUB_ENV}
- name: Calculate variables
shell: bash
run: |
REPOSITORY_OWNER=${{github.repository_owner}}
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}
echo "REPOSITORY_SHA_TAG=sha-${GITHUB_SHA::7}" >>${GITHUB_ENV}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: |
image=moby/buildkit:${{env.BUILDKIT_VERSION}}
- name: Verify docker daemon image contents
run: |
docker images
- name: Remove unwanted images to free storage space
run: |
docker rmi node:14 || true
docker rmi node:16 || true
docker rmi node:18 || true
docker rmi node:20 || true
docker images prune
- name: Restore Docker cache (amd64)
if: ${{ (matrix.image == 'conda-environment') }}
uses: actions/cache/restore@v4
with:
path: /tmp/.buildx-cache-amd64-new
key: ${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-${{github.sha}}
restore-keys: |
${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-
- name: Restore Docker cache (arm64)
if: ${{ (matrix.image == 'conda-environment') }}
uses: actions/cache/restore@v4
with:
path: /tmp/.buildx-cache-arm64-new
key: ${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-${{github.sha}}
restore-keys: |
${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-
- name: Rename cache directories
run: |
test -d /tmp/.buildx-cache-amd64-new && mv /tmp/.buildx-cache-amd64-new /tmp/.buildx-cache-amd64-old || true
test -d /tmp/.buildx-cache-arm64-new && mv /tmp/.buildx-cache-arm64-new /tmp/.buildx-cache-arm64-old || true
du -ks /tmp/.buildx-cache-* || true
- name: Generate container image metadata
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{env.REPOSITORY_OWNER}}/educates-${{matrix.image}}
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Login to GitHub container registry
uses: docker/login-action@v3
with:
username: ${{github.actor}}
password: ${{secrets.GITHUB_TOKEN}}
registry: ghcr.io
- name: Build and push ${{matrix.image}} image
uses: docker/build-push-action@v6
with:
context: workshop-images/${{matrix.image}}
platforms: ${{env.TARGET_PLATFORMS}}
tags: ${{steps.meta.outputs.tags}}
build-args: |
IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
BASE_IMAGE_NAME=educates-base-environment
PACKAGE_VERSION=${{env.REPOSITORY_SHA_TAG}}
cache-from: |
type=local,src=/tmp/.buildx-cache-arm64-old
type=local,src=/tmp/.buildx-cache-amd64-old
push: true
- name: Cache build ${{matrix.image}} (amd64)
if: contains(env.TARGET_PLATFORMS, 'linux/amd64')
uses: docker/build-push-action@v6
with:
context: workshop-images/${{matrix.image}}
platforms: linux/amd64
build-args: |
IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
BASE_IMAGE_NAME=educates-base-environment
PACKAGE_VERSION=${{env.REPOSITORY_SHA_TAG}}
cache-from: type=local,src=/tmp/.buildx-cache-amd64-old
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-amd64-new
push: false
- name: Remove old cache directories
run: |
rm -rf /tmp/.buildx-cache-amd64-old
- name: Cache build ${{matrix.image}} (arm64)
if: contains(env.TARGET_PLATFORMS, 'linux/arm64')
uses: docker/build-push-action@v6
with:
context: workshop-images/${{matrix.image}}
platforms: linux/arm64
build-args: |
IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
BASE_IMAGE_NAME=educates-base-environment
PACKAGE_VERSION=${{env.REPOSITORY_SHA_TAG}}
cache-from: type=local,src=/tmp/.buildx-cache-arm64-old
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-arm64-new
push: false
- name: Dump cache directory sizes
if: ${{ (matrix.image == 'conda-environment') }}
run: |
du -ks /tmp/.buildx-cache-* || true
- name: Save Docker cache (amd64)
if: ${{ (matrix.image == 'conda-environment') }}
uses: actions/cache/save@v4
with:
path: /tmp/.buildx-cache-amd64-new
key: ${{runner.os}}-buildx-cache-amd64-${{matrix.image}}-${{github.sha}}
- name: Save Docker cache (arm64)
if: ${{ (matrix.image == 'conda-environment') }}
uses: actions/cache/save@v4
with:
path: /tmp/.buildx-cache-arm64-new
key: ${{runner.os}}-buildx-cache-arm64-${{matrix.image}}-${{github.sha}}
publish-carvel-bundles:
name: Bundle
runs-on: ubuntu-latest
needs:
- publish-generic-images
- publish-workshop-images
steps:
- name: Check out the repository
uses: actions/checkout@v4
- name: Install Carvel tools
shell: bash
run: curl -L https://carvel.dev/install.sh | bash
- name: Calculate variables
shell: bash
run: |
REPOSITORY_OWNER=${{github.repository_owner}}
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}
echo "REPOSITORY_TAG=${GITHUB_REF##*/}" >>${GITHUB_ENV}
echo "REPOSITORY_SHA_TAG=sha-${GITHUB_SHA::7}" >>${GITHUB_ENV}
- name: Create publish values file
shell: bash
run: |
cat <<EOF > publish-values.yaml
clusterInfrastructure:
provider: "custom"
clusterPackages:
contour:
enabled: true
settings:
infraProvider: custom
cert-manager:
enabled: true
settings: {}
external-dns:
enabled: true
settings:
infraProvider: custom
deployment:
args:
- --provider=custom
- --source=custom
certs:
enabled: true
settings:
certProvider: local
domains:
- "example.com"
local:
caCertificate:
ca.crt: "AA"
ca.key: "BB"
kyverno:
enabled: true
settings: {}
educates:
enabled: true
settings:
clusterIngress:
domain: "educates.example.com"
imageRegistry:
host: "ghcr.io"
namespace: ${{env.REPOSITORY_OWNER}}
version: ${{env.REPOSITORY_TAG}}
lookupService:
enabled: true
EOF
- name: Publish educates-installer bundle
shell: bash
run: |
# Create the kbld-images.yaml file with references to educates images
ytt -f carvel-packages/installer/config/images.yaml \
-f carvel-packages/installer/config/schema.yaml \
-v imageRegistry.host=ghcr.io \
-v imageRegistry.namespace=${{env.REPOSITORY_OWNER}} \
-v version=${{env.REPOSITORY_TAG}} > carvel-packages/installer/bundle/kbld/kbld-images.yaml
# Cat the generated file for debugging purposes
cat carvel-packages/installer/bundle/kbld/kbld-images.yaml
# Create images lock file. We use a sample values file to pass validations
# We properly rewrite references to images via kbld
ytt --data-values-file publish-values.yaml \
-f carvel-packages/installer/bundle/config | kbld -f - \
-f carvel-packages/installer/bundle/kbld/kbld-images.yaml \
--imgpkg-lock-output carvel-packages/installer/bundle/.imgpkg/images.yml
# Push the bundle to the registry
imgpkg push \
-b ghcr.io/${{env.REPOSITORY_OWNER}}/educates-installer:${{env.REPOSITORY_TAG}} \
-f carvel-packages/installer/bundle \
--registry-username=${{github.actor}} \
--registry-password=${{secrets.GITHUB_TOKEN}}
ytt -f carvel-packages/installer/config/app.yaml \
-f carvel-packages/installer/config/schema.yaml \
-v version=${{env.REPOSITORY_TAG}} \
-v imageRegistry.host=ghcr.io \
-v imageRegistry.namespace=${{env.REPOSITORY_OWNER}} > educates-installer-app.yaml
# Copy and rename rbac.yaml file
cp carvel-packages/installer/config/rbac.yaml educates-installer-app-rbac.yaml
- name: Save educates-installer-app.yaml
uses: actions/upload-artifact@v4
with:
name: educates-installer-app.yaml
path: educates-installer-app.yaml
- name: Save educates-installer-app-rbac.yaml
uses: actions/upload-artifact@v4
with:
name: educates-installer-app-rbac.yaml
path: educates-installer-app-rbac.yaml
build-client-programs-linux-amd64:
name: Build (clients) / amd64@linux
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@v4
- name: Calculate variables
shell: bash
run: |
REPOSITORY_OWNER=${{github.repository_owner}}
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{env.GO_VERSION}}
cache-dependency-path: |
client-programs/go.sum
- name: Build educates client program
shell: bash
run: |
rm -rf client-programs/pkg/renderer/files
mkdir client-programs/pkg/renderer/files
cp -rp workshop-images/base-environment/opt/eduk8s/etc/themes client-programs/pkg/renderer/files/
cd client-programs
REPOSITORY_TAG=${GITHUB_REF##*/}
IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
go build -o educates-linux-amd64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG' -X 'main.imageRepository=$IMAGE_REPOSITORY'" cmd/educates/main.go
- uses: actions/upload-artifact@v4
with:
name: educates-linux-amd64
path: client-programs/educates-linux-amd64
build-client-programs-linux-arm64:
name: Build (clients) / arm64@linux
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@v4
- name: Calculate variables
shell: bash
run: |
REPOSITORY_OWNER=${{github.repository_owner}}
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{env.GO_VERSION}}
cache-dependency-path: |
client-programs/go.sum
- name: Build educates client program
shell: bash
run: |
rm -rf client-programs/pkg/renderer/files
mkdir client-programs/pkg/renderer/files
cp -rp workshop-images/base-environment/opt/eduk8s/etc/themes client-programs/pkg/renderer/files/
cd client-programs
REPOSITORY_TAG=${GITHUB_REF##*/}
IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
GOOS=linux GOARCH=arm64 go build -o educates-linux-arm64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG' -X 'main.imageRepository=$IMAGE_REPOSITORY'" cmd/educates/main.go
- uses: actions/upload-artifact@v4
with:
name: educates-linux-arm64
path: client-programs/educates-linux-arm64
build-client-programs-darwin-amd64:
name: Build (clients) / amd64@darwin
runs-on: macos-12
steps:
- name: Check out the repository
uses: actions/checkout@v4
- name: Calculate variables
shell: bash
run: |
REPOSITORY_OWNER=${{github.repository_owner}}
echo "REPOSITORY_OWNER=$(echo "$REPOSITORY_OWNER" | tr '[:upper:]' '[:lower:]')" >>${GITHUB_ENV}
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{env.GO_VERSION}}
cache-dependency-path: |
client-programs/go.sum
- name: Build educates client program
shell: bash
run: |
rm -rf client-programs/pkg/renderer/files
mkdir client-programs/pkg/renderer/files
cp -rp workshop-images/base-environment/opt/eduk8s/etc/themes client-programs/pkg/renderer/files/
cd client-programs
REPOSITORY_TAG=${GITHUB_REF##*/}
IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
# DO NOT USE GOOS/GOARCH for native build as it appears to produce a
# binary which is different and cannot create a Kind cluster which can
# run both AMD and ARM images. Version with GOOS/GOARCH only retained
# here for documentation purposes.
# GOOS=darwin GOARCH=amd64 go build -o educates-darwin-amd64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG' -X 'main.imageRepository=$IMAGE_REPOSITORY'" cmd/educates/main.go
go build -o educates-darwin-amd64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG' -X 'main.imageRepository=$IMAGE_REPOSITORY'" cmd/educates/main.go
- uses: actions/upload-artifact@v4
with:
name: educates-darwin-amd64
path: client-programs/educates-darwin-amd64
build-client-programs-darwin-arm64:
name: Build (clients) / arm64@darwin
runs-on: macos-12
steps:
- name: Check out the repository
uses: actions/checkout@v4
- name: Calculate variables
shell: bash
run: |
REPOSITORY_OWNER=${{github.repository_owner}}
echo "REPOSITORY_OWNER=$(echo "$REPOSITORY_OWNER" | tr '[:upper:]' '[:lower:]')" >>${GITHUB_ENV}
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{env.GO_VERSION}}
cache-dependency-path: |
client-programs/go.sum
- name: Build educates client program
shell: bash
run: |
rm -rf client-programs/pkg/renderer/files
mkdir client-programs/pkg/renderer/files
cp -rp workshop-images/base-environment/opt/eduk8s/etc/themes client-programs/pkg/renderer/files/
cd client-programs
REPOSITORY_TAG=${GITHUB_REF##*/}
IMAGE_REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
GOOS=darwin GOARCH=arm64 go build -o educates-darwin-arm64 -ldflags "-X 'main.projectVersion=$REPOSITORY_TAG' -X 'main.imageRepository=$IMAGE_REPOSITORY'" cmd/educates/main.go
- uses: actions/upload-artifact@v4
with:
name: educates-darwin-arm64
path: client-programs/educates-darwin-arm64
publish-client-programs:
name: Programs
runs-on: ubuntu-latest
needs:
- build-client-programs-linux-amd64
- build-client-programs-linux-arm64
- build-client-programs-darwin-amd64
- build-client-programs-darwin-arm64
steps:
- name: Restore educates-linux-amd64
uses: actions/download-artifact@v4
with:
name: educates-linux-amd64
path: client-programs
- name: Restore educates-linux-arm64
uses: actions/download-artifact@v4
with:
name: educates-linux-arm64
path: client-programs
- name: Restore educates-darwin-amd64
uses: actions/download-artifact@v4
with:
name: educates-darwin-amd64
path: client-programs
- name: Restore educates-darwin-arm64
uses: actions/download-artifact@v4
with:
name: educates-darwin-arm64
path: client-programs
- name: Install Carvel tools
shell: bash
run: curl -L https://carvel.dev/install.sh | bash
- name: Calculate variables
shell: bash
run: |
REPOSITORY_OWNER=${{github.repository_owner}}
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}
echo "REPOSITORY_TAG=${GITHUB_REF##*/}" >>${GITHUB_ENV}
- name: Publish client programs
shell: bash
run: |
chmod +x client-programs/*
imgpkg push \
-i ghcr.io/${{env.REPOSITORY_OWNER}}/educates-client-programs:${{env.REPOSITORY_TAG}} \
-f client-programs \
--registry-username=${{github.actor}} \
--registry-password=${{secrets.GITHUB_TOKEN}}
publish-docker-extension:
name: Extension
runs-on: ubuntu-latest
needs:
- publish-client-programs
steps:
- name: Check out the repository
uses: actions/checkout@v4
- name: Calculate variables
shell: bash
run: |
REPOSITORY_OWNER=${{github.repository_owner}}
echo "REPOSITORY_OWNER=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: |
image=moby/buildkit:${{env.BUILDKIT_VERSION}}
- name: Generate container image metadata
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{env.REPOSITORY_OWNER}}/educates-docker-extension
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Login to GitHub container registry
uses: docker/login-action@v3
with:
username: ${{github.actor}}
password: ${{secrets.GITHUB_TOKEN}}
registry: ghcr.io
- name: Calculate variables
shell: bash
run: |
echo "REPOSITORY_TAG=${GITHUB_REF##*/}" >>${GITHUB_ENV}
- name: Build and push docker-extension image
uses: docker/build-push-action@v6
with:
context: docker-extension
platforms: ${{env.TARGET_PLATFORMS}}
build-args: |
REPOSITORY=ghcr.io/${{env.REPOSITORY_OWNER}}
TAG=${{env.REPOSITORY_TAG}}
tags: ${{steps.meta.outputs.tags}}
push: true
release-artifacts:
name: Release
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
needs:
- publish-carvel-bundles
- build-client-programs-linux-amd64
- build-client-programs-linux-arm64
- build-client-programs-darwin-amd64
- build-client-programs-darwin-arm64
- publish-docker-extension
steps:
- name: Calculate variables
shell: bash
run: |
REPOSITORY_TAG=${GITHUB_REF##*/}
if [[ "$REPOSITORY_TAG" == *-* ]]; then
PRERELEASE=true
else
PRERELEASE=false
fi
echo "REPOSITORY_TAG=${REPOSITORY_TAG}" >>${GITHUB_ENV}
echo "PRERELEASE=${PRERELEASE}" >>${GITHUB_ENV}
- name: Restore educates-installer-app.yaml
uses: actions/download-artifact@v4
with:
name: educates-installer-app.yaml
- name: Restore educates-installer-app-rbac.yaml
uses: actions/download-artifact@v4
with:
name: educates-installer-app-rbac.yaml
- name: Restore educates-linux-amd64
uses: actions/download-artifact@v4
with:
name: educates-linux-amd64
- name: Restore educates-linux-arm64
uses: actions/download-artifact@v4
with:
name: educates-linux-arm64
- name: Restore educates-darwin-amd64
uses: actions/download-artifact@v4
with:
name: educates-darwin-amd64
- name: Restore educates-darwin-arm64
uses: actions/download-artifact@v4
with:
name: educates-darwin-arm64
- name: Generate file checksums for CLI binaries
shell: bash
run: |
sha256sum educates-darwin-amd64 >> checksums.txt
sha256sum educates-darwin-arm64 >> checksums.txt
sha256sum educates-linux-amd64 >> checksums.txt
sha256sum educates-linux-arm64 >> checksums.txt
sha256sum educates-installer-app.yaml >> checksums.txt
sha256sum educates-installer-app-rbac.yaml >> checksums.txt
echo 'File Checksums' >> release-notes.md
echo '--------------' >> release-notes.md
echo '```' >> release-notes.md
cat checksums.txt >> release-notes.md
echo '```' >> release-notes.md
- uses: actions/upload-artifact@v4
with:
name: checksums.txt
path: checksums.txt
- uses: actions/upload-artifact@v4
with:
name: release-notes.md
path: release-notes.md
- name: Create release
id: create_release
uses: softprops/action-gh-release@v2
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
with:
tag_name: ${{env.REPOSITORY_TAG}}
name: "educates:${{env.REPOSITORY_TAG}}"
draft: false
prerelease: ${{env.PRERELEASE}}
body_path: release-notes.md
files: |
checksums.txt
educates-installer-app.yaml
educates-installer-app-rbac.yaml
educates-linux-amd64
educates-linux-arm64
educates-darwin-amd64
educates-darwin-arm64