Skip to content
.github/workflows/release-v2.yaml

fix: legacy release workflow running on >=v0.25 #18

Sign in to view logs

fix: legacy release workflow running on >=v0.25

fix: legacy release workflow running on >=v0.25 #18

Workflow file for this run

.github/workflows/release-v2.yaml at 017bb7a
name: Turtles release

Check failure on line 1 in .github/workflows/release-v2.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/release-v2.yaml

Invalid workflow file 

(Line: 186, Col: 3): The workflow must contain at least one job with no dependencies.
on:
push:
tags:
- 'v*'
workflow_dispatch:
permissions:
contents: read # to checkout code
id-token: write # to read vault secrets
jobs:
#release:
# runs-on: ubuntu-latest
# strategy:
# matrix:
# include:
# - platform: linux/amd64
# tag-suffix: "linux-amd64"
# - platform: linux/arm64
# tag-suffix: "linux-arm64"
# env:
# TAG: ${{ github.ref_name }}
# steps:
# - name: Checkout code
# uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
# with:
# fetch-depth: 0
# - name: Setup QEMU
# uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
# with:
# image: tonistiigi/binfmt:qemu-v8.1.5
# cache-image: false
# - name: Read Vault secrets
# uses: rancher-eio/read-vault-secrets@main
# with:
# secrets: |
# secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
# secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ;
# secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials registry | STAGE_REGISTRY ;
# secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials username | STAGE_REGISTRY_USERNAME ;
# secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials password | STAGE_REGISTRY_PASSWORD ;
# - name: Log into Docker Hub registry
# uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3
# with:
# username: ${{ env.DOCKER_USERNAME }}
# password: ${{ env.DOCKER_PASSWORD }}
# - name: Log into Staging registry
# uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3
# with:
# username: ${{ env.STAGE_REGISTRY_USERNAME }}
# password: ${{ env.STAGE_REGISTRY_PASSWORD }}
# registry: ${{ env.STAGE_REGISTRY }}
# - name: Build and push community image
# shell: bash
# env:
# REGISTRY: docker.io
# ORG: rancher
# run: |
# IID_FILE=$(mktemp)
# make docker-build-and-push-community TAG=${{ env.TAG }}-${{ matrix.tag-suffix }} REGISTRY=${{ env.REGISTRY }} ORG=${{ env.ORG }} IID_FILE=${IID_FILE} TARGET_PLATFORMS=${{ matrix.platform }}
# - name: Build and push prime image
# shell: bash
# env:
# REGISTRY: ${{ env.STAGE_REGISTRY }}
# ORG: rancher
# run: |
# IID_FILE=$(mktemp)
# make docker-build-and-push-prime TAG=${{ env.TAG }}-${{ matrix.tag-suffix }} REGISTRY=${{ env.REGISTRY }} ORG=${{ env.ORG }} IID_FILE=${IID_FILE} TARGET_PLATFORMS=${{ matrix.platform }}
#merge:
# runs-on: ubuntu-latest
# strategy:
# matrix:
# include:
# - image-type: community
# - image-type: prime
# env:
# TAG: ${{ github.ref_name }}
# needs:
# - release
# steps:
# - name: Read Vault secrets
# uses: rancher-eio/read-vault-secrets@main
# with:
# secrets: |
# secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ;
# secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ;
# secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials registry | STAGE_REGISTRY ;
# secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials username | STAGE_REGISTRY_USERNAME ;
# secret/data/github/repo/${{ github.repository }}/rancher-prime-stg-registry/credentials password | STAGE_REGISTRY_PASSWORD ;
# secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
# - name: Log into Docker Hub registry
# if: ${{ matrix.image-type == 'community' }}
# uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3
# with:
# username: ${{ env.DOCKER_USERNAME }}
# password: ${{ env.DOCKER_PASSWORD }}
# - name: Log into Staging registry
# if: ${{ matrix.image-type == 'prime' }}
# uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3
# with:
# username: ${{ env.STAGE_REGISTRY_USERNAME }}
# password: ${{ env.STAGE_REGISTRY_PASSWORD }}
# registry: ${{ env.STAGE_REGISTRY }}
# - name: Install Cosign
# if: ${{ matrix.image-type == 'prime' }}
# uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
# - name: Install slsactl
# if: ${{ matrix.image-type == 'prime' }}
# uses: rancherlabs/slsactl/actions/install-slsactl@d2224ac767c6b9a966211e223c8d164e2a32e5d8 # v0.1.6
# - name: Create multi-platform image and push
# shell: bash
# run: |
# IMAGE="turtles"
# if [ "${{ matrix.image-type }}" = "community" ]; then
# URL="docker.io/rancher/${IMAGE}:${{ env.TAG }}"
# docker buildx imagetools create -t "${URL}" \
# "${URL}-linux-amd64" \
# "${URL}-linux-arm64"
# echo "Pushed multi-platform image: ${URL}"
# elif [ "${{ matrix.image-type }}" = "prime" ]; then
# URL="${{ env.STAGE_REGISTRY }}/rancher/${IMAGE}:${{ env.TAG }}"
# docker buildx imagetools create -t "${URL}" \
# "${URL}-linux-amd64" \
# "${URL}-linux-arm64"
# echo "Pushed multi-platform image: ${URL}"
#
# # Extract the multi-platform image digest for signing
# docker pull ${URL}
# IMAGE_DIGEST=$( docker inspect --format='{{index .RepoDigests 0}}' ${URL} | sed 's/.*@//' )
# # Set as environment variable for next steps
# MULTI_PLATFORM_IMAGE="${{ env.STAGE_REGISTRY }}/rancher/${IMAGE}@${IMAGE_DIGEST}"
# echo "MULTI_PLATFORM_IMAGE"=${MULTI_PLATFORM_IMAGE} >> "$GITHUB_ENV"
# # Also set a tag-specific variable for provenance attestation step
# MULTI_PLATFORM_IMAGE_TAG="${{ env.STAGE_REGISTRY }}/rancher/${IMAGE}:${{ env.TAG }}@${IMAGE_DIGEST}"
# echo "MULTI_PLATFORM_IMAGE_TAG"=${MULTI_PLATFORM_IMAGE_TAG} >> "$GITHUB_ENV"
# fi
# - name: Sign multi-platform image
# shell: bash
# if: ${{ matrix.image-type == 'prime' }}
# run: |
# cosign sign \
# --oidc-provider=github-actions \
# --yes \
# --sign-container-identity="${{ env.PRIME_REGISTRY }}/rancher/${IMAGE}" \
# "${MULTI_PLATFORM_IMAGE}"
# - name: Attest provenance
# shell: bash
# if: ${{ matrix.image-type == 'prime' }}
# run: |
# max_retries=3
# retry_delay=5
# i=0
# while [ "${i}" -lt "${max_retries}" ]; do
# if slsactl download provenance --format=slsav1 "${MULTI_PLATFORM_IMAGE_TAG}" > provenance-slsav1.json; then
# break
# fi
# if [ "${i}" -eq "$(( max_retries - 1 ))" ]; then
# echo "ERROR: Failed to generate slsav1 provenance. Check whether the image is present in the Prime registry."
# exit 1
# fi
# i=$(( i + 1 ))
# sleep "${retry_delay}"
# done
# cat provenance-slsav1.json
# cosign attest --yes --predicate provenance-slsav1.json --type slsaprovenance1 "${MULTI_PLATFORM_IMAGE}"
chart-release:
name: Helm chart release
uses: ./.github/workflows/chart-release.yml
needs:
- merge
with:
tag: ${{ github.ref_name }}
org: salasberryfin
#org: rancher
image: turtles
secrets: inherit