Skip to content

Update manifests to v1.9.1 #678

Update manifests to v1.9.1

Update manifests to v1.9.1 #678

Workflow file for this run

name: release
on:
push:
tags:
- 'v*'
branches:
- master
- dev-*
defaults:
run:
shell: bash
permissions:
contents: read
jobs:
build-binaries:
runs-on: ubuntu-20.04
if: github.repository == 'argoproj/argo-events'
name: Build binaries
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v4.1.0
with:
go-version: "1.20"
- name: Build binaries
run: |
make build
chmod -R +x dist
- name: Make checksums
run: make checksums
- name: store artifacts
uses: actions/upload-artifact@v3
with:
name: binaries
path: dist
build-push-linux-multi:
name: Build & push linux/amd64 and linux/arm64
needs: [ build-binaries ]
runs-on: ubuntu-20.04
if: github.repository == 'argoproj/argo-events'
strategy:
matrix:
target: [ argo-events ]
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Download binaries
uses: actions/download-artifact@v3
with:
name: binaries
path: dist/
- name: Registry Login
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_PASSWORD }}
- name: set Version
id: version
run: |
tag=$(basename $GITHUB_REF)
if [ $tag = "master" ]; then
tag="latest"
fi
echo "VERSION=$tag" >> $GITHUB_OUTPUT
- name: Container build and push with arm64/amd64
run: |
IMAGE_NAMESPACE=${{ secrets.QUAYIO_ORG }} VERSION=${{ steps.version.outputs.VERSION }} DOCKER_PUSH=true make image-multi
bom:
runs-on: ubuntu-latest
if: github.repository == 'argoproj/argo-events'
needs: [ build-push-linux-multi ]
steps:
# https://stackoverflow.com/questions/58033366/how-to-get-current-branch-within-github-actions
- run: |
if [ ${GITHUB_REF##*/} = master ]; then
echo "VERSION=latest" >> $GITHUB_ENV
else
echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
fi
- uses: actions/setup-go@v4.1.0
with:
go-version: "1.20"
- uses: actions/checkout@v4
- run: go install sigs.k8s.io/bom/cmd/bom@v0.2.0
- run: go install github.com/spdx/spdx-sbom-generator/cmd/generator@v0.0.13
- run: mkdir -p dist
- run: generator -o /tmp -p .
- run: bom generate --image quay.io/argoproj/argo-events:$VERSION -o /tmp/argo-events.spdx
# pack the boms into one file to make it easy to download
- run: cd /tmp && tar -zcf sbom.tar.gz *.spdx
- uses: actions/upload-artifact@v3
with:
name: sbom.tar.gz
path: /tmp/sbom.tar.gz
release:
permissions:
contents: write # for softprops/action-gh-release to create GitHub release
runs-on: ubuntu-latest
if: github.repository == 'argoproj/argo-events'
needs: [ build-push-linux-multi, bom ]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set Version
run: |
if [ ${GITHUB_REF##*/} = master ]; then
echo "VERSION=latest" >> $GITHUB_ENV
else
echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
fi
- name: Download binaries
uses: actions/download-artifact@v3
with:
name: binaries
path: dist/
- uses: actions/download-artifact@v3
with:
name: sbom.tar.gz
path: /tmp
- name: Registry Login
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAYIO_USERNAME }}
password: ${{ secrets.QUAYIO_PASSWORD }}
- name: Install cosign
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
with:
cosign-release: 'v1.13.1'
- name: Install crane to get digest of image
uses: imjasonh/setup-crane@e82f1b9a8007d399333baba4d75915558e9fb6a4 # v0.2
- name: Get digests of container images
run: |
echo "IMAGE_DIGEST=$(crane digest quay.io/argoproj/argo-events:$VERSION)" >> $GITHUB_ENV
- name: Sign Argo Events container images and assets
run: |
cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/argo-events@${{ env.IMAGE_DIGEST }}
cosign sign-blob --key env://COSIGN_PRIVATE_KEY ./dist/argo-events-checksums.txt > ./dist/argo-events-checksums.sig
cosign sign-blob --key env://COSIGN_PRIVATE_KEY /tmp/sbom.tar.gz > /tmp/sbom.tar.gz.sig
# Retrieves the public key to release as an asset
cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argo-events-cosign.pub
env:
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
- name: Release binaries
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
files: |
dist/*.gz
dist/argo-events-checksums.txt
dist/argo-events-checksums.sig
dist/argo-events-cosign.pub
manifests/*.yaml
/tmp/sbom.tar.gz
/tmp/sbom.tar.gz.sig
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}