deps: update golang docker tag to v1.23.1 (#3732) #2156

Workflow file for this run

.github/workflows/release.yml at 8eb878f

	name: Release Please

	on:
	push:
	branches:
	- main
	- "[0-9]+.[0-9]+.x"
	workflow_dispatch:

	# Declare default permissions as read only.
	permissions: read-all

	defaults:
	run:
	shell: bash

	env:
	GO_VERSION: "~1.23"
	# renovate: datasource=github-releases depName=kubernetes-sigs/controller-tools
	CONTROLLER_TOOLS_VERSION: "v0.16.2"
	SCHEDULER_COMPATIBLE_K8S_VERSION: "v0.24.3"
	PUBLISHABLE_ITEMS: '[".","lifecycle-operator","metrics-operator","keptn-cert-manager","runtimes/deno-runtime","runtimes/python-runtime","scheduler"]'

	jobs:
	release-please:
	runs-on: ubuntu-22.04
	outputs:
	keptn-release-created: ${{ steps.release.outputs.release_created }}
	keptn-tag-name: ${{ steps.release.outputs.tag_name }}
	cert-manager-release-created: ${{ steps.release.outputs.keptn-cert-manager--release_created }}
	cert-manager-tag-name: ${{ steps.release.outputs.keptn-cert-manager--tag_name }}
	metrics-operator-release-created: ${{ steps.release.outputs.metrics-operator--release_created }}
	metrics-operator-tag-name: ${{ steps.release.outputs.metrics-operator--tag_name }}
	releases-created: ${{ steps.release.outputs.releases_created }}
	build-matrix: ${{ steps.build-matrix.outputs.result }}
	GIT_SHA: ${{ steps.extract_branch.outputs.GIT_SHA }}
	DATETIME: ${{ steps.get_datetime.outputs.DATETIME }}
	BUILD_TIME: ${{ steps.get_datetime.outputs.BUILD_TIME }}
	steps:
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

	- name: Extract branch name
	id: extract_branch
	uses: keptn/gh-action-extract-branch-name@6ca4fe061da10c66b2d7341fd1fb12962ad911b2

	- name: Get current date and time
	id: get_datetime
	run: \|
	DATETIME=$(date +'%Y%m%d%H%M')
	BUILD_TIME=$(date -u "+%F_%T")
	echo "DATETIME=$DATETIME" >> "$GITHUB_OUTPUT"
	echo "BUILD_TIME=$BUILD_TIME" >> "$GITHUB_OUTPUT"

	- name: Run release please
	uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3
	id: release
	with:
	token: ${{ secrets.KEPTN_BOT_TOKEN }}
	default-branch: main
	signoff: "keptn-bot <86361500+keptn-bot@users.noreply.github.com>"

	- name: Debug info
	env:
	CHANGED_ITEMS: ${{ steps.release.outputs.paths_released }}
	KEPTN_TAG: ${{ steps.release.outputs.tag_name }}
	PATHS_RELEASED: ${{ steps.release.outputs.paths_released }}
	ARTIFACT_TAG_NAME: ${{ steps.release.outputs[format('{0}--tag_name', fromJson(steps.release.outputs.paths_released)[0])] }}
	FULL_RELEASE_OUTPUT: ${{ toJSON(steps.release.outputs) }}
	run: \|
	echo "PATHS_RELEASE_JSON: ${PATHS_RELEASE_JSON}"
	echo "FULL RELEASE OUTPUT: ${FULL_RELEASE_OUTPUT}"
	echo "CHANGED_ITEMS: ${CHANGED_ITEMS}"
	echo "KEPTN_TAG: ${KEPTN_TAG}"
	echo "ARTIFACT_TAG_NAME: ${ARTIFACT_TAG_NAME}"
	echo "PATHS_RELEASED: ${PATHS_RELEASED}"
	echo "CERT_MANAGER_TAG_NAME: ${{ steps.release.outputs.keptn-cert-manager--tag_name }}"
	echo "KEPTN_TAG_NAME: ${{ steps.release.outputs.tag_name }}"
	echo "METRICS_OPERATOR_TAG_NAME: ${{ steps.release.outputs.metrics-operator--tag_name }}"

	- name: Create release matrix
	id: build-matrix
	uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
	env:
	CHANGED_ITEMS: ${{ steps.release.outputs.paths_released }}
	KEPTN_TAG: ${{ steps.release.outputs.tag_name }}
	ARTIFACT_TAG_NAME: ${{ steps.release.outputs[format('{0}--tag_name', fromJson(steps.release.outputs.paths_released)[0])] }}
	with:
	script: \|
	const changedItems = JSON.parse(process.env.CHANGED_ITEMS \|\| '[]');
	console.log("changed items", changedItems);
	const eligibleItems = JSON.parse(process.env.PUBLISHABLE_ITEMS \|\| '[]');
	console.log("eligible items", eligibleItems);
	const itemsToPublish = changedItems.filter(i => eligibleItems.includes(i));
	console.log("items to publish", itemsToPublish);

	console.log("setting up build matrix...");
	const releaseMatrix = [];
	itemsToPublish.forEach(item => {
	switch (item) {
	case "lifecycle-operator":
	case "scheduler":
	case "metrics-operator":
	releaseMatrix.push({
	name: item,
	folder: item,
	tagName: process.env.ARTIFACT_TAG_NAME
	});
	break;
	case "keptn-cert-manager":
	releaseMatrix.push({
	name: "certificate-operator",
	folder: item,
	tagName: process.env.ARTIFACT_TAG_NAME
	});
	break;
	case "runtimes/deno-runtime":
	case "runtimes/python-runtime":
	releaseMatrix.push({
	name: item.replace("runtimes/", ""),
	folder: item,
	tagName: process.env.ARTIFACT_TAG_NAME
	});
	break;
	case ".":
	default:
	break;
	}
	});
	console.log("release matrix: " + JSON.stringify({ config: releaseMatrix }));
	return releaseMatrix.length > 0 ? { config: releaseMatrix } : {};

	build-release:
	if: needs.release-please.outputs.releases-created == 'true' && needs.release-please.outputs.build-matrix != '{}'
	needs:
	- release-please
	strategy:
	matrix: ${{ fromJson(needs.release-please.outputs.build-matrix) }}
	runs-on: ubuntu-22.04
	permissions:
	contents: write
	packages: write
	id-token: write
	env:
	IMAGE_NAME: ghcr.io/keptn/${{ matrix.config.name }}
	DATETIME: ${{ needs.release-please.outputs.DATETIME }}
	BUILD_TIME: ${{ needs.release-please.outputs.BUILD_TIME }}
	GIT_SHA: ${{ needs.release-please.outputs.GIT_SHA }}
	DOCKER_BUILD_SUMMARY: "false"
	DOCKER_BUILD_RECORD_UPLOAD: "false"
	steps:
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	with:
	submodules: recursive

	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3

	- name: Login to GitHub Container Registry
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
	with:
	registry: "ghcr.io"
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Set up Cosign
	uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0

	- name: Clean up image tag
	id: clean-image-tag
	env:
	IMAGE_TAG: ${{ matrix.config.tagName }}
	run: \|
	# Remove artifact prefix from tag so that we get clean image tags
	temp="${IMAGE_TAG##keptn-}"
	temp="${temp##cert-manager-}"
	temp="${temp##python-runtime-}"
	temp="${temp##deno-runtime-}"
	temp="${temp##scheduler-}"
	temp="${temp##lifecycle-operator-}"
	echo "IMAGE_TAG=${temp##metrics-operator-}" >> "$GITHUB_OUTPUT"

	- name: Build Docker Image
	id: docker_build_image
	uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
	with:
	context: ${{ matrix.config.folder }}
	platforms: linux/amd64,linux/arm64
	target: production
	tags: \|
	${{ env.IMAGE_NAME }}:${{ steps.clean-image-tag.outputs.IMAGE_TAG }}
	build-args: \|
	GIT_HASH=${{ env.GIT_SHA }}
	RELEASE_VERSION=dev-${{ env.DATETIME }}
	BUILD_TIME=${{ env.BUILD_TIME }}
	CONTROLLER_TOOLS_VERSION=${{ env.CONTROLLER_TOOLS_VERSION }}
	SCHEDULER_COMPATIBLE_K8S_VERSION=${{ env.SCHEDULER_COMPATIBLE_K8S_VERSION }}
	builder: ${{ steps.buildx.outputs.name }}
	push: true
	provenance: mode=max
	cache-from: type=gha,scope=${{ github.ref_name }}-${{ matrix.config.name }}
	cache-to: type=gha,scope=${{ github.ref_name }}-${{ matrix.config.name }}

	- name: Sign container image
	env:
	IMAGE_DIGEST: ${{ steps.docker_build_image.outputs.digest }}
	run: \|
	cosign sign --yes ${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }}
	cosign verify \
	--certificate-identity-regexp="https://github.com/keptn/lifecycle-toolkit/.*" \
	--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
	${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }}

	- name: Generate SBOM
	uses: anchore/sbom-action@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2
	with:
	image: ${{ env.IMAGE_NAME }}:${{ steps.clean-image-tag.outputs.IMAGE_TAG }}
	artifact-name: sbom-${{ matrix.config.name }}
	output-file: ./sbom-${{ matrix.config.name }}.spdx.json

	- name: Attach SBOM to release
	uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
	with:
	tag_name: ${{ matrix.config.tagName }}
	files: ./sbom-${{ matrix.config.name }}.spdx.json

	- name: Attest the Image with SBOM
	env:
	IMAGE_DIGEST: ${{ steps.docker_build_image.outputs.digest }}
	run: \|
	echo "Attesting SBOM for this release and image..."
	cosign attest --yes --type spdxjson --predicate ./sbom-${{ matrix.config.name }}.spdx.json ${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }}
	echo "Verifying that the attestation worked..."
	cosign verify-attestation --type spdxjson \
	--certificate-identity-regexp="https://github.com/keptn/lifecycle-toolkit/.*" \
	--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
	--output-file ./cosign-attest-output.json \
	${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }}

	- name: Upload verification log as artifact
	uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
	with:
	name: cosign-attest-verification-log
	path: ./cosign-attest-output.json

	update-examples:
	name: Update examples
	needs:
	- release-please
	if: needs.release-please.outputs.keptn-release-created == 'true'
	with:
	tag_name: ${{ needs.release-please.outputs.keptn-tag-name }}
	uses: ./.github/workflows/release-examples.yml
	secrets: inherit

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps: update golang docker tag to v1.23.1 (#3732) #2156

Workflow file

deps: update golang docker tag to v1.23.1 (#3732) #2156

Jobs

Run details

Workflow file for this run