Skip to content

Commit

Permalink
Merge pull request #1 from weaveworks/fix-release-workflow
Browse files Browse the repository at this point in the history 
fix release workflow
  • Loading branch information
@souleb
souleb authored Sep 14, 2023
2 parents ec296d9 + 95801c8 commit 0a93bef
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 33 deletions.
36 changes: 7 additions & 29 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,20 +50,14 @@ jobs:
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
registry: ghcr.io
username: fluxcdbot
password: ${{ secrets.GHCR_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
username: fluxcdbot
password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Generate images meta
id: meta
uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0
with:
images: |
fluxcd/${{ env.CONTROLLER }}
ghcr.io/fluxcd/${{ env.CONTROLLER }}
ghcr.io/weaveworks/${{ env.CONTROLLER }}
tags: |
type=raw,value=${{ steps.prep.outputs.VERSION }}
- name: Publish images
Expand All @@ -84,8 +78,7 @@ jobs:
env:
COSIGN_EXPERIMENTAL: 1
run: |
cosign sign --yes fluxcd/${{ env.CONTROLLER }}@${{ steps.build-push.outputs.digest }}
cosign sign --yes ghcr.io/fluxcd/${{ env.CONTROLLER }}@${{ steps.build-push.outputs.digest }}
cosign sign --yes ghcr.io/weaveworks/${{ env.CONTROLLER }}@${{ steps.build-push.outputs.digest }}
- name: Generate release artifacts
if: startsWith(github.ref, 'refs/tags/v')
run: |
Expand All @@ -110,7 +103,7 @@ jobs:
hashes=$(echo $ARTIFACTS | jq --raw-output '.[] | {name, "digest": (.extra.Digest // .extra.Checksum)} | select(.digest) | {digest} + {name} | join(" ") | sub("^sha256:";"")' | base64 -w0)
echo "hashes=$hashes" >> $GITHUB_OUTPUT
image_url=fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.version }}
image_url=ghcr.io/weaveworks/${{ env.CONTROLLER }}:${{ steps.prep.outputs.version }}
echo "image_url=$image_url" >> $GITHUB_OUTPUT
image_digest=${{ steps.build-push.outputs.digest }}
Expand All @@ -129,21 +122,6 @@ jobs:
base64-subjects: "${{ needs.release.outputs.hashes }}"
upload-assets: true

dockerhub-provenance:
needs: [release]
permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestations.
if: startsWith(github.ref, 'refs/tags/v')
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: ${{ needs.release.outputs.image_url }}
digest: ${{ needs.release.outputs.image_digest }}
registry-username: fluxcdbot
secrets:
registry-password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}

ghcr-provenance:
needs: [release]
permissions:
Expand All @@ -155,6 +133,6 @@ jobs:
with:
image: ghcr.io/${{ needs.release.outputs.image_url }}
digest: ${{ needs.release.outputs.image_digest }}
registry-username: fluxcdbot
registry-username: ${{ github.actor }}
secrets:
registry-password: ${{ secrets.GHCR_TOKEN }}
registry-password: ${{ secrets.GITHUB_TOKEN }}
7 changes: 3 additions & 4 deletions .goreleaser.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
project_name: kustomize-controller
project_name: weave-assured-kustomize-controller

builds:
- skip: true
Expand All @@ -10,12 +10,11 @@ release:
header: |
## Changelog
[{{.Tag}} changelog](https:/fluxcd/{{.ProjectName}}/blob/{{.Tag}}/CHANGELOG.md)
[{{.Tag}} changelog](https:/weaveworks/{{.ProjectName}}/blob/{{.Tag}}/CHANGELOG.md)
footer: |
## Container images
- `docker.io/fluxcd/{{.ProjectName}}:{{.Tag}}`
- `ghcr.io/fluxcd/{{.ProjectName}}:{{.Tag}}`
- `ghcr.io/weaveworks/{{.ProjectName}}:{{.Tag}}`
Supported architectures: `linux/amd64`, `linux/arm64` and `linux/arm/v7`.
Expand Down

0 comments on commit 0a93bef

Please sign in to comment.