140 lines (116 loc) · 5.11 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: Release
permissions:
contents: read
on:
release:
types:
- published
jobs:
goreleaser:
permissions:
contents: write
issues: read
pull-requests: read
runs-on: ubuntu-latest
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
outputs:
tag: ${{ steps.tagName.outputs.tag }}
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Node.js
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c
with:
node-version: 16.x
- name: Set up Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
with:
go-version: 1.20.x
cache: false
- name: Set up Docker
run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- uses: azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: gcloud authenticate
uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033
with:
project_id: ${{ secrets.GCP_PRODUCTION_PROJECT_ID }}
credentials_json: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- name: gcloud sdk
uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b
- name: Gcloud login
run: gcloud auth configure-docker
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v4.3.0
with:
version: v0.184.0
args: release --config .github/goreleaser.yaml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPARITOR_GITHUB_TOKEN: ${{ secrets.APPARITOR_GITHUB_TOKEN }}
- name: Get tag name
id: tagName
run: |
TAG=$(git describe --tags --exact-match)
echo ::set-output name=tag::${TAG}
echo ::set-output name=version::${TAG#v}
- name: Install Cloudsmith CLI
run: |
pip3 install cloudsmith-cli
- name: Publish to Cloudsmith
env:
CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
working-directory: dist/
run: |
VERSION=${{ steps.tagName.outputs.version }}
RPMS="pomerium-${VERSION}-1.x86_64.rpm pomerium-${VERSION}-1.aarch64.rpm"
for pkg in $(echo $RPMS); do
cloudsmith push rpm pomerium/pomerium/el/any-version $pkg
done
DEBS="pomerium_${VERSION}-1_amd64.deb pomerium_${VERSION}-1_arm64.deb"
for pkg in $(echo $DEBS); do
cloudsmith push deb pomerium/pomerium/any-distro/any-version $pkg
done
- name: Find latest tag
id: latestTag
run: |
LATEST_TAG=$(git tag | grep -vi 'rc' | sort --version-sort | tail -1)
echo "::set-output name=tag::${LATEST_TAG}"
- name: Publish latest tag
if: "steps.latestTag.outputs.tag == steps.tagName.outputs.tag"
run: |
docker manifest create -a pomerium/pomerium:latest pomerium/pomerium:amd64-${{ steps.tagName.outputs.tag }} pomerium/pomerium:arm64v8-${{ steps.tagName.outputs.tag }}
docker manifest push pomerium/pomerium:latest
docker tag gcr.io/pomerium-io/pomerium:${{ steps.tagName.outputs.tag }}-cloudrun gcr.io/pomerium-io/pomerium:latest-cloudrun
docker push gcr.io/pomerium-io/pomerium:latest-cloudrun
docker manifest create -a pomerium/pomerium:nonroot pomerium/pomerium:nonroot-amd64-${{ steps.tagName.outputs.tag }} pomerium/pomerium:nonroot-arm64v8-${{ steps.tagName.outputs.tag }}
docker manifest push pomerium/pomerium:nonroot
docker manifest create -a pomerium/pomerium:debug pomerium/pomerium:debug-amd64-${{ steps.tagName.outputs.tag }} pomerium/pomerium:debug-arm64v8-${{ steps.tagName.outputs.tag }}
docker manifest push pomerium/pomerium:debug
docker manifest create -a pomerium/pomerium:debug-nonroot pomerium/pomerium:debug-nonroot-amd64-${{ steps.tagName.outputs.tag }} pomerium/pomerium:debug-nonroot-arm64v8-${{ steps.tagName.outputs.tag }}
docker manifest push pomerium/pomerium:debug-nonroot
deploy:
runs-on: ubuntu-latest
needs: goreleaser
steps:
- name: Checkout Gitops Repo
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
with:
repository: pomerium/gitops-argocd
token: ${{ secrets.APPARITOR_GITHUB_TOKEN }}
- name: Bump test environment
uses: mikefarah/yq@0b34c9a00de1c575a34eea05af1d956a525c4fc1
with:
cmd: yq eval '.pomerium.image.tag = "${{ needs.goreleaser.outputs.tag }}"' -i projects/pomerium-demo/pomerium-demo/values.yaml
- name: Commit changes
uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a
with:
commit_message: |
Bump test environment pomerium/pomerium
Image tag: ${{ needs.goreleaser.outputs.tag }}
Source Repo: ${{ github.repository }}@${{ github.sha }}