kubeowler/.github/workflows/release.yml at 027971ce2753367d3f2be360fd6077aec7896ed9 · Ghostwritten/kubeowler · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# Build Linux binaries (amd64, arm64) and publish to GitHub Releases on tag push (e.g. v0.1.1).
# Artifacts: Linux x86_64, Linux aarch64 only.

name: Release

on:
  push:
    tags:
      - 'v*'

permissions:
  contents: write

jobs:
  build:
    strategy:
      fail-fast: false
      matrix:
        include:
          # Linux: musl static binaries (no glibc dependency; run on RHEL 7/8/9, older distros)
          - target: x86_64-unknown-linux-musl
            os: ubuntu-latest
            asset: x86_64-linux
          - target: aarch64-unknown-linux-musl
            os: ubuntu-latest
            asset: aarch64-linux
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v4

      - name: Install Rust
        uses: dtolnay/rust-toolchain@stable
        with:
          toolchain: stable
          targets: ${{ matrix.target }}

      - name: Install cross (Linux musl static build)
        if: matrix.os == 'ubuntu-latest'
        run: cargo install cross

      - name: Cache cargo
        uses: Swatinem/rust-cache@v2
        with:
          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
          targets: ${{ matrix.target }}

      - name: Build release binary
        run: cross build --release --target ${{ matrix.target }}

      - name: Strip binary
        run: strip target/${{ matrix.target }}/release/kubeowler 2>/dev/null || true

      - name: Prepare archive
        run: |
          VERSION=${GITHUB_REF#refs/tags/}
          BIN=target/${{ matrix.target }}/release/kubeowler
          mkdir -p release
          cp "$BIN" "release/kubeowler"
          cd release
          tar czvf "../kubeowler-${VERSION}-${{ matrix.asset }}.tar.gz" kubeowler
          cd ..
          echo "ASSET_PATH=kubeowler-${VERSION}-${{ matrix.asset }}.tar.gz" >> $GITHUB_ENV

      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: kubeowler-${{ matrix.asset }}
          path: ${{ env.ASSET_PATH }}

  release:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout (for CHANGELOG)
        uses: actions/checkout@v4
        with:
          ref: ${{ github.ref }}

      - name: Download all artifacts
        uses: actions/download-artifact@v4
        with:
          path: artifacts

      - name: Flatten assets for release
        run: |
          mkdir -p release
          find artifacts -type f \( -name '*.tar.gz' -o -name '*.zip' \) -exec cp {} release/ \;
          ls -la release/

      - name: Extract release notes from CHANGELOG
        run: |
          VER="${GITHUB_REF#refs/tags/}"
          VER_NUM="${VER#v}"
          awk -v ver="$VER_NUM" '
            $0 ~ "^## \\[" ver "\\]" { found=1; print; next }
            found && $0 ~ /^## \[/ { exit }
            found { print }
          ' CHANGELOG.md > release_notes.md || true
          if [ ! -s release_notes.md ]; then
            echo "See [CHANGELOG](https://github.com/${{ github.repository }}/blob/${GITHUB_REF}/CHANGELOG.md) for details." > release_notes.md
          fi

      - name: Create GitHub Release and upload assets
        uses: softprops/action-gh-release@v2
        with:
          files: release/*
          body_path: release_notes.md
          generate_release_notes: false
          draft: false
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  docker:
    needs: release
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: ${{ github.ref }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Build and push ghostwritten/kubeowler (multi-arch)
        run: |
          VERSION="${{ github.ref_name }}"
          REPO="https://github.com/${{ github.repository }}/releases/download"
          # Build per-arch (different TAR_URL per platform)
          docker buildx build --platform linux/amd64 \
            --build-arg TAR_URL="${REPO}/${VERSION}/kubeowler-${VERSION}-x86_64-linux.tar.gz" \
            --build-arg VERSION="${VERSION}" \
            -t ghostwritten/kubeowler:${VERSION}-amd64 \
            --push -f Dockerfile .
          docker buildx build --platform linux/arm64 \
            --build-arg TAR_URL="${REPO}/${VERSION}/kubeowler-${VERSION}-aarch64-linux.tar.gz" \
            --build-arg VERSION="${VERSION}" \
            -t ghostwritten/kubeowler:${VERSION}-arm64 \
            --push -f Dockerfile .
          docker buildx imagetools create -t ghostwritten/kubeowler:${VERSION} \
            --append ghostwritten/kubeowler:${VERSION}-amd64 \
            ghostwritten/kubeowler:${VERSION}-arm64

      - name: Build and push ghostwritten/kubeowler-node-inspector (multi-arch)
        run: |
          VERSION="${{ github.ref_name }}"
          docker buildx build --platform linux/amd64,linux/arm64 \
            --build-arg VERSION="${VERSION}" \
            -f deploy/node-inspector/Dockerfile \
            -t ghostwritten/kubeowler-node-inspector:${VERSION} \
            --push .