Skip to content
This repository has been archived by the owner on Nov 13, 2024. It is now read-only.

feature: avoid updating when it's not needed (reduce resource consump… #45

feature: avoid updating when it's not needed (reduce resource consump…

feature: avoid updating when it's not needed (reduce resource consump… #45

Workflow file for this run

name: Release Operator
on:
push:
branches:
- main
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Get app version from chart
uses: mikefarah/yq@v4.34.2
id: app_version
with:
cmd: yq '.appVersion' charts/bitwarden-secret-operator/Chart.yaml
- id: repository
run: echo IMAGE_NAME=$(echo ${{ env.IMAGE_NAME }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@v2.1.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Check if app version was already built (and if so, skip further steps).
- name: Check for existing image
if: github.event_name != 'pull_request'
id: image_exists
continue-on-error: true
run: docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.app_version.outputs.result }}
- name: Setup Docker buildx
if: ${{ steps.image_exists.outcome != 'success' }}
uses: docker/setup-buildx-action@v2.9.1
- name: Extract Docker metadata
id: meta
if: ${{ steps.image_exists.outcome != 'success' }}
uses: docker/metadata-action@v4.3.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push Docker image
if: ${{ steps.image_exists.outcome != 'success' }}
id: build-and-push
uses: docker/build-push-action@v4.1.1
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.app_version.outputs.result }},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Install cosign
if: ${{ steps.image_exists.outcome != 'success' && github.event_name != 'pull_request' }}
uses: sigstore/cosign-installer@v3.0.1
- name: Sign the published Docker image
if: ${{ steps.image_exists.outcome != 'success' && github.event_name != 'pull_request' }}
env:
COSIGN_EXPERIMENTAL: "true"
run: echo "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.app_version.outputs.result }}" | xargs -I {} cosign sign -y {}@${{ steps.build-and-push.outputs.digest }}
release:
needs: build
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- id: repository
run: echo IMAGE_NAME=$(echo ${{ env.IMAGE_NAME }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
- name: Install Helm
uses: azure/setup-helm@v3
with:
version: v3.10.0
- name: Run chart-releaser
uses: helm/chart-releaser-action@v1.5.0
with:
charts_dir: charts
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: Get app version from chart
uses: mikefarah/yq@v4.34.2
id: app_version
with:
cmd: yq '.appVersion' charts/bitwarden-secret-operator/Chart.yaml
- name: Create SBOM
uses: anchore/sbom-action@v0
with:
image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.app_version.outputs.result }}
- name: Publish SBOM
uses: anchore/sbom-action/publish-sbom@v0
with:
sbom-artifact-match: ".*\\.spdx\\.json"
- name: Get Latest Tag
id: previoustag
uses: WyriHaximus/github-action-get-previous-tag@v1
- name: Download SBOM from github action
uses: actions/download-artifact@v3
with:
name: ${{ env.ANCHORE_SBOM_ACTION_PRIOR_ARTIFACT }}
- name: Add SBOM to release
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file_glob: true
file: olympusgg-bitwarden-secret-operator_*.spdx.json
tag: ${{ steps.previoustag.outputs.tag }}
overwrite: true