loft-sh · sydorovdmytro · May 16, 2025
@@ -0,0 +1,84 @@
+name: Build and push head images
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  helm-unit-tests:
+    name: Execute all helm tests
+    if: github.repository_owner == 'loft-sh' # do not run on forks
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install Helm Unit Test Plugin
+        run: |
+          helm plugin install https://github.com/helm-unittest/helm-unittest --version v0.4.4
+      - name: Run Helm Unit Tests
+        run: |
+          helm unittest chart
+
+  go-unit-test:
+    name: Execute all go tests
+    if: github.repository_owner == 'loft-sh' # do not run on forks
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          cache: false
+      - name: Execute unit tests
+        run: ./hack/test.sh
+
+  build-head-images:
+    runs-on: ubuntu-latest
+    needs: [helm-unit-tests, go-unit-test]
+    name: Publish head images
+    if: |
+      github.repository_owner == 'loft-sh' &&
+      github.ref_name == 'main'
+    permissions:
+      contents: read
+      id-token: write # This is the key for OIDC cosign!
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          cache: false
+          go-version-file: go.mod
+
+      - name: Install just
+        uses: extractions/setup-just@v1
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup GoReleaser and Build Images
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --config .goreleaser.head_images.yaml --clean --skip=announce,validate
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TELEMETRY_PRIVATE_KEY: ""
+          CI_BRANCH: ${{ github.ref_name }}
@@ -0,0 +1,158 @@
+version: 2
+
+project_name: vcluster
+
+before:
+  hooks:
+    - 'echo "Building head images for {{ .Env.CI_BRANCH }} branch"'
+
+builds:
+  - id: vcluster
+    env:
+      - CGO_ENABLED=0
+      - GO111MODULE=on
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+    binary: vcluster
+    main: ./cmd/vcluster
+    dir: .
+    flags:
+      - -trimpath
+      - -mod
+      - vendor
+    tags:
+      - embed_chart
+    ldflags:
+      - -s -w
+      - -X github.com/loft-sh/vcluster/pkg/telemetry.SyncerVersion={{.Version}}
+      - -X github.com/loft-sh/vcluster/pkg/telemetry.telemetryPrivateKey={{ with index .Env "TELEMETRY_PRIVATE_KEY" }}{{ . }}{{ end }}
+
+  - id: vcluster-cli
+    env:
+      - CGO_ENABLED=0
+      - GO111MODULE=on
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+    binary: vcluster
+    main: ./cmd/vclusterctl
+    dir: .
+    flags:
+      - -trimpath
+      - -mod
+      - vendor
+    tags:
+      - embed_chart
+    ldflags:
+      - -s -w
+      - -X main.version={{.Version}}
+      - -X github.com/loft-sh/vcluster/pkg/telemetry.SyncerVersion={{.Version}}
+      - -X github.com/loft-sh/vcluster/pkg/telemetry.telemetryPrivateKey={{ with index .Env "TELEMETRY_PRIVATE_KEY" }}{{ . }}{{ end }}
+
+dockers:
+  # --- Vcluster images ---
+  - image_templates:
+      - "ghcr.io/loft-sh/vcluster-oss:head-amd64"
+    use: buildx
+    dockerfile: Dockerfile.release
+    ids:
+      - vcluster
+    build_flag_templates:
+      - "--platform=linux/amd64"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version=head"
+    extra_files:
+      - dist/vcluster_linux_amd64_v1/vcluster
+    skip_push: '{{ ne .Env.CI_BRANCH "main" }}'
+
+  - image_templates:
+      - "ghcr.io/loft-sh/vcluster-oss:head-arm64v8"
+    use: buildx
+    goarch: arm64
+    dockerfile: Dockerfile.release
+    ids:
+      - vcluster
+    build_flag_templates:
+      - "--platform=linux/arm64/v8"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version=head"
+    extra_files:
+      - dist/vcluster_linux_arm64_v8.0/vcluster
+    skip_push: '{{ ne .Env.CI_BRANCH "main" }}'
+
+  # --- Vcluster-cli images ---
+  - image_templates:
+      - "ghcr.io/loft-sh/vcluster-cli:head-amd64"
+    use: buildx
+    dockerfile: Dockerfile.cli.release
+    ids:
+      - vcluster-cli
+    build_flag_templates:
+      - "--platform=linux/amd64"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version=head"
+    extra_files:
+      - dist/vcluster-cli_linux_amd64_v1/vcluster
+    skip_push: '{{ ne .Env.CI_BRANCH "main" }}'
+
+  - image_templates:
+      # Only build head-arm64v8 tag when on main branch
+      - "ghcr.io/loft-sh/vcluster-cli:head-arm64v8"
+    use: buildx
+    goarch: arm64
+    dockerfile: Dockerfile.cli.release
+    ids:
+      - vcluster-cli
+    build_flag_templates:
+      - "--platform=linux/arm64/v8"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version=head"
+    extra_files:
+      - dist/vcluster-cli_linux_arm64_v8.0/vcluster
+    skip_push: '{{ ne .Env.CI_BRANCH "main" }}'
+
+docker_manifests:
+  # --- Head multi arch ---
+  - name_template: ghcr.io/loft-sh/vcluster-oss:head
+    image_templates:
+      - ghcr.io/loft-sh/vcluster-oss:head-amd64
+      - ghcr.io/loft-sh/vcluster-oss:head-arm64v8
+    skip_push: '{{ ne .Env.CI_BRANCH "main" }}'
+
+  # --- Head multi arch for CLI ---
+  - name_template: ghcr.io/loft-sh/vcluster-cli:head
+    image_templates:
+      - ghcr.io/loft-sh/vcluster-cli:head-amd64
+      - ghcr.io/loft-sh/vcluster-cli:head-arm64v8
+    skip_push: '{{ ne .Env.CI_BRANCH "main" }}'
+
+# Keep release disabled to avoid creating GitHub releases
+release:
+  disable: true
+
+docker_signs:
+  - cmd: cosign
+    env:
+      - COSIGN_EXPERIMENTAL=1
+    artifacts: all
+    args:
+      - "sign"
+      - "${artifact}"
+      - "--yes" # needed on cosign 2.0.0+