Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 69 additions & 0 deletions .github/workflows/build_and_publish.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
name: build and publish
on:
workflow_dispatch: {}
push:
tags: ["v*"]

jobs:
build-and-publish:
runs-on: ubuntu-latest
steps:
- name: checkout the source code
uses: actions/checkout@v4

- uses: actions/setup-go@v5
with:
go-version: ^1.23

- name: cache go modules
uses: actions/cache@v4
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-

- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- uses: ko-build/setup-ko@v0.8

- name: build and push container images
run: ./hack/build.sh
env:
KO_PUSH: "true"
KO_DOCKER_REPO: "ghcr.io/${{ github.repository }}"

- name: generate a build timestamp and sha256sum files
run: |
cd builds
echo `date -u +'%Y%m%d%H%M%S'` > ./build_timestamp.txt
echo `date -u +'%Y-%m-%dT%H:%M:%S%:z'` >> ./build_timestamp.txt
sha256sum *.yaml > ./SHA256SUMS.txt

- name: update release notes and executables
if: startsWith(github.ref, 'refs/tags/') # executes only for new release
uses: softprops/action-gh-release@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
files: |
builds/*.yaml
builds/build_timestamp.txt
builds/SHA256SUMS.txt

- name: Update executables for main branch changes
if: startsWith(github.ref, 'refs/heads/main') # executes only for changes in main
uses: "marvinpinto/action-automatic-releases@latest"
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
automatic_release_tag: main-devel
prerelease: true
title: "Development Build - main branch"
files: |
builds/*.yaml
builds/build_timestamp.txt
builds/SHA256SUMS.txt
Comment on lines +9 to +69

Check warning

Code scanning / CodeQL

Workflow does not contain permissions

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{contents: read}}
24 changes: 0 additions & 24 deletions .github/workflows/release.yaml

This file was deleted.

3 changes: 1 addition & 2 deletions hack/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,10 @@ rm -rf ${BUILDS_DIR}/*
export PLATFORMS="linux/amd64,linux/s390x,linux/ppc64le,linux/arm64"

# build and resolve the image details on manifests
kustomize build config > ${BUILDS_DIR}/release.txt
ko resolve \
--push=${KO_PUSH} \
--platform=${PLATFORMS} \
--filename=${BUILDS_DIR}/release.txt \
--filename=config \
--tags="v${VERSION}" \
--base-import-paths \
--sbom=none \
Expand Down