Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(action): Create new action to consume GitHub releases #822

Merged
merged 3 commits into from
May 28, 2024
Merged

feat(action): Create new action to consume GitHub releases #822

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
48b1504
feat(action): Create new action to consume GitHub releases
javirln May 24, 2024
13b429b
Remove container images from attestation
javirln May 28, 2024
f6c864b
Rename file and change workflow name
javirln May 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 74 additions & 0 deletions .github/workflows/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
name: Release

on:
release:

permissions:
contents: read

jobs:
# This reusable workflow inspects if the given workflow_name exists on Chainloop. If the Workflow does not exist
# it will create one with an empty contract ready for operators to be filled. Otherwise, if found, it will just
# be ignored and the process will continue. For this to work it's using a pre-created API Token
onboard_workflow:
name: Onboard Chainloop Workflow
uses: chainloop-dev/labs/.github/workflows/chainloop_onboard.yml@4173e015dbd5dc2a8802555c268da63d57bbe576
with:
project: "chainloop"
workflow_name: "chainloop-vault-release"
secrets:
api_token: ${{ secrets.CHAINLOOP_API_TOKEN }}

release:
name: Record release from GitHub
runs-on: ubuntu-latest
needs: onboard_workflow
permissions:
packages: write
env:
CHAINLOOP_VERSION: 0.89.0
CHAINLOOP_TOKEN: ${{ secrets.CHAINLOOP_API_TOKEN }}
CHAINLOOP_WORKFLOW_NAME: ${{ needs.onboard_workflow.outputs.workflow_name }}
GH_TOKEN: ${{ github.token }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Install Chainloop
run: |
curl -sfL https://raw.githubusercontent.com/chainloop-dev/chainloop/01ad13af08950b7bfbc83569bea207aeb4e1a285/docs/static/install.sh | bash -s -- --version v${{ env.CHAINLOOP_VERSION }}

- name: Initialize Attestation
run: |
chainloop attestation init --workflow-name ${CHAINLOOP_WORKFLOW_NAME}

- name: Attest all assets
run: |
tag=$(echo -n ${{github.ref}} | cut -d / -f3)
gh release download $tag -D /tmp/github-release
for entry in $(ls /tmp/github-release); do
chainloop attestation add --value "/tmp/github-release/$entry"
done

# Include source code
version=$(echo -n $tag | sed 's/v//g')
gh release download $tag -A tar.gz -D /tmp
chainloop attestation add --value "/tmp/chainloop-$version.tar.gz"

- name: Finish and Record Attestation
if: ${{ success() }}
run: |
chainloop attestation status --full
chainloop attestation push --key env://CHAINLOOP_SIGNING_KEY
env:
CHAINLOOP_SIGNING_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
CHAINLOOP_SIGNING_KEY: ${{ secrets.COSIGN_KEY }}

- name: Mark attestation as failed
if: ${{ failure() }}
run: |
chainloop attestation reset

- name: Mark attestation as cancelled
if: ${{ cancelled() }}
run: |
chainloop attestation reset --trigger cancellation
Loading