-
Notifications
You must be signed in to change notification settings - Fork 80
112 lines (99 loc) · 4.28 KB
/
release.yaml
File metadata and controls
112 lines (99 loc) · 4.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name : Publish Images & artifacts (via goreleaser)
on:
push:
tags:
- "*"
env:
PUBLIC_REGISTRY: docker.io
PUBLIC_REPO: rancher
permissions:
contents: write
jobs:
ci :
uses: ./.github/workflows/ci.yaml
permissions:
contents: read
goreleaser:
needs: [
ci
]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- run: git fetch --force --tags
- name: Install go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: 1.25
- name : Package release helm charts
run : make package-helm
- run : mkdir -p ./build/artifacts/ && mv -v ./dist/artifacts/ ./build/
- uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
with:
distribution: goreleaser
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GORELEASER_CURRENT_TAG: ${{ github.ref_name }}
push:
needs : [
ci
]
permissions:
contents : read
id-token: write
name : Build and push BRO images
runs-on : runs-on,image=ubuntu22-full-x64,runner=4cpu-linux-x64,run-id=${{ github.run_id }}
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name : "Read vault secrets"
uses : rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials registry | PRIME_STG_REGISTRY ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials username | PRIME_STG_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials password | PRIME_STG_REGISTRY_PASSWORD ;
# This encapsulates: login, qemu, build/push
- name: Build and push BRO image (dockerhub and prime stg)
uses: rancher/ecm-distro-tools/actions/publish-image@master
with:
image: "backup-restore-operator"
tag: ${{ github.ref_name }}
public-registry: ${{ env.PUBLIC_REGISTRY }}
public-repo: ${{ env.PUBLIC_REPO }}
public-username: ${{ env.DOCKER_USERNAME || vars.DOCKER_USERNAME || github.repository_owner }}
public-password: ${{ env.DOCKER_PASSWORD || secrets.DOCKER_PASSWORD }}
push-to-prime: true
prime-registry: ${{ env.PRIME_STG_REGISTRY }}
prime-repo: rancher
prime-username: ${{ env.PRIME_STG_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_STG_REGISTRY_PASSWORD }}
- name: Check SemVer Characteristics
id: semver_check
run: bash ./.github/scripts/check-semver "${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
- name : "Read vault secrets"
if: ${{ steps.semver_check.outputs.HAS_PRERELEASE == 'false' }}
uses : rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD ;
- name: Build and push BRO image (prime prod)
if: ${{ steps.semver_check.outputs.HAS_PRERELEASE == 'false' }}
uses: rancher/ecm-distro-tools/actions/publish-image@master
with:
image: "backup-restore-operator"
tag: ${{ github.ref_name }}
push-to-public: false
push-to-prime: true
prime-registry: ${{ env.PRIME_REGISTRY }}
prime-repo: rancher
prime-username: ${{ env.PRIME_REGISTRY_USERNAME }}
prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }}