135 lines (112 loc) · 5.04 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Release
permissions:
contents: read
on:
release:
types:
- published
jobs:
goreleaser:
permissions:
contents: write
issues: read
pull-requests: read
runs-on: ubuntu-latest
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
outputs:
tag: ${{ steps.tagName.outputs.tag }}
steps:
- name: Checkout
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Node.js
uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # pin@v3
with:
node-version: 16.x
- name: Set up Go
uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # pin@v2
with:
go-version: 1.18.x
- name: Set up Docker
run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- uses: azure/docker-login@81744f9799e7eaa418697cb168452a2882ae844a # pin@v1
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: google-github-actions/setup-gcloud@877d4953d2c70a0ba7ef3290ae968eb24af233bb # pin@v0
with:
project_id: pomerium-io
service_account_key: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- name: Gcloud login
run: gcloud auth configure-docker
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a # pin@v2
with:
version: v0.184.0
args: release --config .github/goreleaser.yaml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPARITOR_GITHUB_TOKEN: ${{ secrets.APPARITOR_GITHUB_TOKEN }}
- name: Get tag name
id: tagName
run: |
TAG=$(git describe --tags --exact-match)
echo ::set-output name=tag::${TAG}
echo ::set-output name=version::${TAG#v}
- name: Install Cloudsmith CLI
run: |
pip3 install cloudsmith-cli
- name: Publish to Cloudsmith
env:
CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
working-directory: dist/
run: |
VERSION=${{ steps.tagName.outputs.version }}
RPMS="pomerium-${VERSION}-1.x86_64.rpm pomerium-${VERSION}-1.aarch64.rpm"
for pkg in $(echo $RPMS); do
cloudsmith push rpm pomerium/pomerium/el/any-version $pkg
done
DEBS="pomerium_${VERSION}-1_amd64.deb pomerium_${VERSION}-1_arm64.deb"
for pkg in $(echo $DEBS); do
cloudsmith push deb pomerium/pomerium/any-distro/any-version $pkg
done
- name: Find latest tag
id: latestTag
run: |
LATEST_TAG=$(git tag | grep -vi 'rc' | sort --version-sort | tail -1)
echo "::set-output name=tag::${LATEST_TAG}"
- name: Publish latest tag
if: "steps.latestTag.outputs.tag == steps.tagName.outputs.tag"
run: |
docker manifest create -a pomerium/pomerium:latest pomerium/pomerium:amd64-${{ steps.tagName.outputs.tag }} pomerium/pomerium:arm64v8-${{ steps.tagName.outputs.tag }}
docker manifest push pomerium/pomerium:latest
docker tag gcr.io/pomerium-io/pomerium:${{ steps.tagName.outputs.tag }}-cloudrun gcr.io/pomerium-io/pomerium:latest-cloudrun
docker push gcr.io/pomerium-io/pomerium:latest-cloudrun
docker manifest create -a pomerium/pomerium:nonroot pomerium/pomerium:nonroot-amd64-${{ steps.tagName.outputs.tag }} pomerium/pomerium:nonroot-arm64v8-${{ steps.tagName.outputs.tag }}
docker manifest push pomerium/pomerium:nonroot
docker manifest create -a pomerium/pomerium:debug pomerium/pomerium:debug-amd64-${{ steps.tagName.outputs.tag }} pomerium/pomerium:debug-arm64v8-${{ steps.tagName.outputs.tag }}
docker manifest push pomerium/pomerium:debug
docker manifest create -a pomerium/pomerium:debug-nonroot pomerium/pomerium:debug-nonroot-amd64-${{ steps.tagName.outputs.tag }} pomerium/pomerium:debug-nonroot-arm64v8-${{ steps.tagName.outputs.tag }}
docker manifest push pomerium/pomerium:debug-nonroot
deploy:
runs-on: ubuntu-latest
needs: goreleaser
steps:
- name: Checkout Gitops Repo
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3
with:
repository: pomerium/gitops-argocd
token: ${{ secrets.APPARITOR_GITHUB_TOKEN }}
- name: Bump test environment
uses: mikefarah/yq@9b6961875e10b058aeb482f263f26ca0f6b18eb8 # pin@v4.23.1
with:
cmd: yq eval '.pomerium.image.tag = "${{ needs.goreleaser.outputs.tag }}"' -i projects/pomerium-demo/pomerium-demo/values.yaml
- name: Commit changes
uses: stefanzweifel/git-auto-commit-action@6c32682a4040e023c054b2fc60a7cf65cc77f7ad # pin@v4
with:
commit_message: |
Bump test environment pomerium/pomerium
Image tag: ${{ needs.goreleaser.outputs.tag }}
Source Repo: ${{ github.repository }}@${{ github.sha }}