Release CLI and Packages on Tag #22
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release CLI and Packages on Tag | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| jobs: | |
| build-release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| packages: write | |
| steps: | |
| # Checkout the repo and setup the tooling for this job | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup golang | |
| uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Install tools | |
| uses: ./.github/actions/install-tools | |
| - name: Build CLI | |
| run: | | |
| CLI_VERSION=$GITHUB_REF_NAME make build-cli-linux-amd | |
| CLI_VERSION=$GITHUB_REF_NAME make build-cli-linux-arm | |
| - name: "Zarf Agent: Login to GHCR" | |
| uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 | |
| with: | |
| registry: ghcr.io | |
| username: dummy | |
| password: ${{ github.token }} | |
| # - name: "Zarf Agent: Build and Publish the Image" | |
| # run: | | |
| # cp build/zarf build/zarf-linux-amd64 | |
| # cp build/zarf-arm build/zarf-linux-arm64 | |
| # docker buildx build --push --platform linux/arm64/v8,linux/amd64 --tag ghcr.io/austinabro321/zarf/agent:$GITHUB_REF_NAME . | |
| # rm build/zarf-linux-amd64 | |
| # rm build/zarf-linux-arm64 | |
| # echo ZARF_AGENT_IMAGE_DIGEST=$(docker buildx imagetools inspect ghcr.io/austinabro321/zarf/agent:$GITHUB_REF_NAME --format '{{ json . }}' | jq -r .manifest.digest) >> $GITHUB_ENV | |
| # - name: Auth with AWS | |
| # uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 | |
| # with: | |
| # role-to-assume: ${{ secrets.AWS_KMS_ROLE_ARN }} | |
| # role-session-name: ${{ github.job || github.event.client_payload.pull_request.head.sha || github.sha }} | |
| # aws-region: us-east-1 | |
| # role-duration-seconds: 3600 | |
| # - name: "Zarf Agent: Sign the Image" | |
| # run: cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY_ARN }} -a release-engineer=https://github.com/${{ github.actor }} -a version=$GITHUB_REF_NAME ghcr.io/zarf-dev/zarf/agent@$ZARF_AGENT_IMAGE_DIGEST -y | |
| # env: | |
| # COSIGN_EXPERIMENTAL: 1 | |
| # Builds init packages since GoReleaser won't handle this for us | |
| # - name: Build init-packages For Release | |
| # run: | | |
| # make release-init-package ARCH=amd64 AGENT_IMAGE_TAG=v0.55.6 | |
| # make release-init-package ARCH=arm64 AGENT_IMAGE_TAG=v0.55.6 | |
| # - name: Publish Init Package as OCI and Skeleton | |
| # run: | | |
| # make publish-init-package ARCH=amd64 REPOSITORY_URL=ghcr.io/austinabro321/packages | |
| # make publish-init-package ARCH=arm64 REPOSITORY_URL=ghcr.io/austinabro321/packages | |
| # Upload the contents of the build directory for later stages to use | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: build-artifacts | |
| path: build/ | |
| retention-days: 1 | |
| validate-release: | |
| runs-on: ubuntu-latest | |
| needs: build-release | |
| steps: | |
| # Checkout the repo and setup the tooling for this job | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 | |
| with: | |
| name: build-artifacts | |
| path: build/ | |
| - name: Setup golang | |
| uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Make Zarf executable | |
| run: | | |
| chmod +x build/zarf | |
| # Build the example packages and run the tests | |
| - name: Build examples and run tests | |
| run: | | |
| sudo env "PATH=$PATH" CI=true APPLIANCE_MODE=true CLI_VERSION=$GITHUB_REF_NAME make test-e2e ARCH=amd64 | |
| - name: Save logs | |
| if: always() | |
| uses: ./.github/actions/save-logs | |
| create-release: | |
| runs-on: ubuntu-latest | |
| needs: validate-release | |
| environment: release | |
| permissions: | |
| contents: write | |
| steps: | |
| # Checkout the repo and setup the tooling for this job | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup golang | |
| uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Install tools | |
| uses: ./.github/actions/install-tools | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 | |
| with: | |
| name: build-artifacts | |
| path: build/ | |
| - name: Make zarf executable and skip brew latest for pre-release tags | |
| run: | | |
| chmod +x build/zarf | |
| if [[ $GITHUB_REF_NAME == *"rc"* ]]; then | |
| echo "BREW_NAME=zarf@latest-rc" >> $GITHUB_ENV | |
| else | |
| echo "BREW_NAME=zarf" >> $GITHUB_ENV | |
| fi | |
| - name: Setup release ENV vars | |
| run: | | |
| echo TAG=$GITHUB_REF_NAME >> $GITHUB_ENV | |
| K8S_MODULES_VER=$(go list -f '{{.Version}}' -m k8s.io/client-go | sed 's/v//; s/\./ /g') | |
| echo K8S_MODULES_MAJOR_VER=$(expr $(echo "$K8S_MODULES_VER" | cut -d " " -f 1) + 1) >> $GITHUB_ENV | |
| echo K8S_MODULES_MINOR_VER=$(echo "$K8S_MODULES_VER" | cut -d " " -f 2) >> $GITHUB_ENV | |
| echo K8S_MODULES_PATCH_VER=$(echo "$K8S_MODULES_VER" | cut -d " " -f 3) >> $GITHUB_ENV | |
| echo K9S_VERSION=$(go list -f '{{.Version}}' -m github.com/derailed/k9s) >> $GITHUB_ENV | |
| echo CRANE_VERSION=$(go list -f '{{.Version}}' -m github.com/google/go-containerregistry) >> $GITHUB_ENV | |
| echo SYFT_VERSION=$(go list -f '{{.Version}}' -m github.com/anchore/syft) >> $GITHUB_ENV | |
| echo ARCHIVES_VERSION=$(go list -f '{{.Version}}' -m github.com/mholt/archives) >> $GITHUB_ENV | |
| echo HELM_VERSION=$(go list -f '{{.Version}}' -m helm.sh/helm/v3) >> $GITHUB_ENV | |
| # - name: Get Brew tap repo token | |
| # id: brew-tap-token | |
| # uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 | |
| # with: | |
| # app-id: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_ID }} | |
| # private-key: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_SECRET }} | |
| # owner: defenseunicorns | |
| # repositories: homebrew-tap | |
| - name: Cleanup files | |
| uses: ./.github/actions/cleanup-files | |
| # Create the GitHub release notes, upload artifact backups to S3, publish homebrew recipe | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0 | |
| with: | |
| distribution: goreleaser | |
| version: "~> v2" | |
| args: release --clean --verbose | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} | |
| HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.brew-tap-token.outputs.token }} | |
| GORELEASER_CURRENT_TAG: ${{ github.ref_name }} | |
| - name: Report disk space on failure | |
| if: failure() | |
| run: | | |
| echo "create-release failed, printing out available diskspace" | |
| lsblk -f |