Release notes for v0.24.0 (#1322) #208

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/release.yaml at 3344ac6

	name: Release

	# Only release when a new GH release branch is pushed
	on:
	push:
	branches:
	- 'release/v[0-9]+.[0-9]+.[0-9]+'

	jobs:
	build:
	runs-on: ubuntu-latest
	env:
	controller_dockerhub_image_name: docker.io/bitnami/sealed-secrets-controller
	controller_ghcr_image_name: ghcr.io/bitnami-labs/sealed-secrets-controller
	kubeseal_dockerhub_image_name: docker.io/bitnami/sealed-secrets-kubeseal
	kubeseal_ghcr_image_name: ghcr.io/bitnami-labs/sealed-secrets-kubeseal
	steps:
	# Checkout and set env
	- name: Checkout
	uses: actions/[email protected]
	- id: load-version
	run: \|
	source $GITHUB_WORKSPACE/versions.env
	echo "GO_VERSION=$GO_VERSION" >> $GITHUB_ENV
	- name: Set up Go
	uses: actions/[email protected]
	with:
	go-version: ${{ env.GO_VERSION }}
	- name: Setup kubecfg
	run: \|
	mkdir -p ~/bin
	curl -sLf https://github.com/kubecfg/kubecfg/releases/download/v0.26.0/kubecfg_Linux_X64 >~/bin/kubecfg
	chmod +x ~/bin/kubecfg

	- name: Install dependencies
	run: \|
	go install gotest.tools/[email protected]

	# Run tests
	- name: Tests
	run: make test

	# Generate K8s manifests
	- name: K8s manifests
	run: \|
	export PATH=~/bin:$PATH
	RELEASE_BRANCH="${{ github.ref }}"
	VERSION_TAG=$(echo "${RELEASE_BRANCH}" \| awk -F'/' '{print $NF}')
	echo "VERSION_TAG=$VERSION_TAG" >> $GITHUB_ENV
	make CONTROLLER_IMAGE=${{ env.controller_dockerhub_image_name }}:${VERSION_TAG} controller.yaml controller-norbac.yaml

	# Setup env for multi-arch builds
	- name: Set up QEMU
	uses: docker/[email protected]
	with:
	image: tonistiigi/binfmt:latest
	platforms: arm64,arm
	- name: Set up Docker Buildx
	uses: docker/[email protected]

	# Setup Cosign
	- name: Install Cosign
	uses: sigstore/[email protected]
	- name: Write Cosign key
	run: echo "$COSIGN_KEY" > /tmp/cosign.key
	env:
	COSIGN_KEY: ${{ secrets.COSIGN_KEY }}

	# Tag for GoReleaser from release branch name
	- name: Tag Release
	run: \|
	git tag "${VERSION_TAG}"

	# Build & Release binaries
	- name: Run GoReleaser
	uses: goreleaser/[email protected]
	if: success() && startsWith(github.ref, 'refs/heads/')
	with:
	version: v1.10.3
	args: release --rm-dist
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}

	# Build & Publish multi-arch image
	- name: Login to Docker Hub
	uses: docker/[email protected]
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_PASSWORD }}
	- name: Login to GHRC
	uses: docker/[email protected]
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Extract metadata (tags, labels) for Docker controller image
	id: meta_controller
	uses: docker/[email protected]
	with:
	images: \|
	${{ env.controller_dockerhub_image_name }}
	${{ env.controller_ghcr_image_name }}
	tags: \|
	type=raw,value=${{ env.VERSION_TAG }}
	type=raw,value=latest
	- name: Build and push controller image
	id: docker_build_controller
	uses: docker/[email protected]
	with:
	context: .
	file: ./docker/controller.Dockerfile
	platforms: linux/amd64,linux/arm64,linux/arm
	push: true
	tags: ${{ steps.meta_controller.outputs.tags }}
	- name: Extract metadata (tags, labels) for Docker kubeseal image
	id: meta_kubeseal
	uses: docker/[email protected]
	with:
	images: \|
	${{ env.kubeseal_dockerhub_image_name }}
	${{ env.kubeseal_ghcr_image_name }}
	tags: \|
	type=raw,value=${{ env.VERSION_TAG }}
	type=raw,value=latest
	- name: Build and push kubeseal image
	id: docker_build_kubeseal
	uses: docker/[email protected]
	with:
	context: .
	file: ./docker/kubeseal.Dockerfile
	platforms: linux/amd64,linux/arm64,linux/arm
	push: true
	tags: ${{ steps.meta_kubeseal.outputs.tags }}
	- name: Sign controller image with a key in GHCR
	run: \|
	echo -n "$COSIGN_PASSWORD" \| cosign sign --key /tmp/cosign.key --yes $TAG_CURRENT
	env:
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	TAG_CURRENT: ${{ steps.meta_controller.outputs.tags }}
	COSIGN_REPOSITORY: ${{ env.controller_ghcr_image_name }}/signs
	- name: Sign kubeseal image with a key in GHCR
	run: \|
	echo -n "$COSIGN_PASSWORD" \| cosign sign --key /tmp/cosign.key --yes $TAG_CURRENT
	env:
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	TAG_CURRENT: ${{ steps.meta_kubeseal.outputs.tags }}
	COSIGN_REPOSITORY: ${{ env.kubeseal_ghcr_image_name }}/signs

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release notes for v0.24.0 (#1322) #208

Workflow file

Release notes for v0.24.0 (#1322) #208

Jobs

Run details

Workflow file for this run