1010 default : ' rc'
1111 required : true
1212
13+ permissions :
14+ contents : write # needed to write releases
15+ id-token : write # needed for keyless signing
16+ packages : write # needed for ghcr access
17+
1318env :
1419 CONTROLLER : ${{ github.event.repository.name }}
1520
3136 echo ::set-output name=VERSION::${VERSION}
3237name : Setup QEMU
3338 uses : docker/setup-qemu-action@v1
34- with :
35- platforms : all
3639 - name : Setup Docker Buildx
3740 id : buildx
3841 uses : docker/setup-buildx-action@v1
39- with :
40- buildkitd-flags : " --debug"
4142 - name : Login to GitHub Container Registry
4243 uses : docker/login-action@v1
4344 with :
@@ -49,43 +50,51 @@ jobs:
4950 with :
5051 username : fluxcdbot
5152 password : ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
52- - name : Publish multi-arch container image
53+ - name : Generate images meta
54+ id : meta
55+ uses : docker/metadata-action@v3
56+ with :
57+ images : |
58+ fluxcd/${{ env.CONTROLLER }}
59+ ghcr.io/fluxcd/${{ env.CONTROLLER }}
60+ tags : |
61+ type=raw,value=${{ steps.prep.outputs.VERSION }}
62+ name : Publish images
5363 uses : docker/build-push-action@v2
5464 with :
5565 push : true
5666 builder : ${{ steps.buildx.outputs.name }}
5767 context : .
5868 file : ./Dockerfile
5969 platforms : linux/amd64,linux/arm/v7,linux/arm64
60- tags : |
61- ghcr.io/fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }}
62- docker.io/fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }}
63- labels : |
64- org.opencontainers.image.title=${{ github.event.repository.name }}
65- org.opencontainers.image.description=${{ github.event.repository.description }}
66- org.opencontainers.image.url=${{ github.event.repository.html_url }}
67- org.opencontainers.image.revision=${{ github.sha }}
68- org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
69- org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
70+ tags : ${{ steps.meta.outputs.tags }}
71+ labels : ${{ steps.meta.outputs.labels }}
7072 - name : Check images
7173 run : |
7274 docker buildx imagetools inspect docker.io/fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }}
7375 docker buildx imagetools inspect ghcr.io/fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }}
7476 docker pull docker.io/fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }}
7577 docker pull ghcr.io/fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }}
76- name : Generate release manifests
78+ uses : sigstore/cosign-installer@main
79+ - name : Sign images
80+ env :
81+ COSIGN_EXPERIMENTAL : 1
82+ run : |
83+ cosign sign fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }}
84+ cosign sign ghcr.io/fluxcd/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }}
85+ name : Generate release artifacts
7786 if : startsWith(github.ref, 'refs/tags/v')
7887 run : |
7988 mkdir -p config/release
8089 kustomize build ./config/crd > ./config/release/${{ env.CONTROLLER }}.crds.yaml
8190 kustomize build ./config/manager > ./config/release/${{ env.CONTROLLER }}.deployment.yaml
82- name : Create release
91+ echo '[CHANGELOG](https://github.com/fluxcd/${{ env.CONTROLLER }}/blob/main/CHANGELOG.md)' > ./config/release/notes.md
92+ uses : anchore/sbom-action/download-syft@v0
93+ - name : Create release and SBOM
8394 if : startsWith(github.ref, 'refs/tags/v')
84- uses : ncipollo/release -action@v1
95+ uses : goreleaser/goreleaser -action@v2
8596 with :
86- prerelease : true
87- artifacts : " config/release/*.yaml"
88- artifactContentType : " text/plain"
89- body : |
90- [CHANGELOG](https://github.com/fluxcd/${{ env.CONTROLLER }}/blob/main/CHANGELOG.md)
91- token : ${{ secrets.GITHUB_TOKEN }}
97+ version : latest
98+ args : release --release-notes=config/release/notes.md --rm-dist --skip-validate
99+ env :
100+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
0 commit comments