Release with upstream #84
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release with upstream | |
| on: | |
| workflow_dispatch: # Allow manual triggers | |
| push: | |
| # Publish `v1.2.3` tags as releases. | |
| tags: | |
| - 'v[0-9]+.[0-9]+.[0-9]+' | |
| env: | |
| GO_VERSION: 1.21 | |
| GPG_OWNER_TRUST: "D35930F2533C516BD2863BD7F03CFCB8B3E73F87:6:" | |
| jobs: | |
| check-secret: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| OSCRC: ${{ steps.OSCRC.outputs.defined }} | |
| SSH: ${{ steps.SSH.outputs.defined }} | |
| steps: | |
| - name: Check if OSCRC is defined in secrets | |
| id: OSCRC | |
| env: | |
| KEY: ${{ secrets.OSCRC }} | |
| run: echo "defined=${{ env.KEY != '' }}" >> $GITHUB_OUTPUT | |
| - name: Check if SSH is defined in secrets | |
| id: SSH | |
| env: | |
| KEY: ${{ secrets.SSH }} | |
| run: echo "defined=${{ env.KEY != '' }}" >> $GITHUB_OUTPUT | |
| update: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # Give the default GITHUB_TOKEN write permission to commit and push the changed files back to the repository. | |
| contents: write | |
| steps: | |
| - name: Set release token | |
| run: | | |
| # if [ "${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}" != "" ]; then | |
| # echo "TOKEN=${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}" >> $GITHUB_ENV; | |
| # else | |
| echo "TOKEN=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_ENV; | |
| # fi | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ env.TOKEN }} | |
| - name: Update repo | |
| run: | | |
| . ./update.sh | |
| echo "version=v$LATEST" >> $GITHUB_ENV | |
| if [ "$LATEST" == "$CURRENT" ]; then echo "release=release $((RELEASE+1))" >> $GITHUB_ENV; fi | |
| - uses: stefanzweifel/git-auto-commit-action@v5 | |
| with: | |
| commit_author: Kubescape Maintainers <[email protected]> | |
| commit_message: Bump version into ${{ env.version }} ${{ env.release }} | |
| aur: | |
| runs-on: ubuntu-latest | |
| needs: [update, check-secret] | |
| if: needs.check-secret.outputs.SSH == 'true' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| submodules: 'recursive' | |
| - name: Set version and release | |
| run: | | |
| VERSION=$(cat kubescape_full.spec | grep "Version:" | tr -s ' ' | cut -d' ' -f2) | |
| RELEASE=$(cat kubescape_full.spec | grep "Release:" | tr -s ' ' | cut -d' ' -f2) | |
| echo "version=v$VERSION" >> $GITHUB_ENV | |
| echo "release=$RELEASE" >> $GITHUB_ENV | |
| - name: Publish AUR package | |
| uses: KSXGitHub/github-actions-deploy-aur@v2 | |
| with: | |
| pkgname: kubescape | |
| pkgbuild: ./PKGBUILD | |
| commit_username: Kubescape Maintainers | |
| commit_email: [email protected] | |
| ssh_private_key: ${{ secrets.SSH }} | |
| commit_message: Bump kubescape version into ${{ env.version }} ${{ env.release }} | |
| ssh_keyscan_types: rsa,dsa,ecdsa,ed25519 | |
| osc: | |
| runs-on: ubuntu-latest | |
| needs: [update, check-secret] | |
| if: needs.check-secret.outputs.OSCRC == 'true' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| submodules: 'recursive' | |
| - name: Cache Go modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| cache | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go | |
| restore-keys: | | |
| ${{ runner.os }}-go | |
| - uses: actions/setup-go@v5 | |
| name: Installing go | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt update | |
| sudo apt install -y osc debhelper golang-golang-x-tools make | |
| - name: Setup GPG | |
| env: | |
| GPG: ${{ secrets.GPG }} | |
| if: env.GPG != null | |
| run: | | |
| echo "${{ env.GPG }}" >> secret.gpg | |
| gpg --import secret.gpg | |
| rm secret.gpg | |
| gpg --import-ownertrust <<< "${{ env.GPG_OWNER_TRUST }}" | |
| gpg --list-keys | |
| - name: Set osc secret | |
| run: | | |
| mkdir -p ~/.config/osc | |
| echo "${{ secrets.OSCRC }}" >> ~/.config/osc/oscrc | |
| shell: bash | |
| - name: Build | |
| run: make dsc | |
| - name: OSC update | |
| run: | | |
| osc checkout home:kubescape/kubescape | |
| cd home:kubescape/kubescape | |
| rm kubescape* | |
| mv ../../kubescape.spec . | |
| mv ../../PKGBUILD_obs PKGBUILD | |
| VERSION=$(cat kubescape.spec | grep "Version:" | tr -s ' ' | cut -d' ' -f2) | |
| RELEASE=$(cat kubescape.spec | grep "Release:" | tr -s ' ' | cut -d' ' -f2) | |
| mv ../../kubescape_${VERSION}.dsc . | |
| mv ../../kubescape_${VERSION}.tar.xz . | |
| osc addremove * | |
| osc commit -m "Sync with source repo at version ${VERSION} with release ${RELEASE}" | |
| ppa: | |
| runs-on: ubuntu-latest | |
| needs: [update, check-secret] | |
| if: needs.check-secret.outputs.SSH == 'true' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: [jammy, focal, bionic, xenial, mantic, noble] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| submodules: 'recursive' | |
| - name: Cache Go modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| cache | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go | |
| restore-keys: | | |
| ${{ runner.os }}-go | |
| - uses: actions/setup-go@v5 | |
| name: Installing go | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt update | |
| sudo apt install -y debhelper dput golang-golang-x-tools make python3-paramiko | |
| mv .dput.cf ~ | |
| - name: Setup GPG | |
| env: | |
| GPG: ${{ secrets.GPG }} | |
| if: env.GPG != null | |
| run: | | |
| echo "${{ env.GPG }}" >> secret.gpg | |
| gpg --import secret.gpg | |
| rm secret.gpg | |
| gpg --import-ownertrust <<< "${{ env.GPG_OWNER_TRUST }}" | |
| gpg --list-keys | |
| - name: Setup SSH key | |
| run: | | |
| mkdir ~/.ssh | |
| echo "${{ secrets.SSH }}" >> ~/.ssh/id_ed25519 | |
| chmod 600 ~/.ssh/id_ed25519 | |
| echo $(ssh-keygen -f ~/.ssh/id_ed25519 -y) >> cat ~/.ssh/id_ed25519.pub | |
| echo "|1|uIWW5daPIPYqCEyw/JIK815RHV8=|/DC35195m6v32WIz4xXXncyJ4ZM= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0aKz5UTUndYgIGG7dQBV+HaeuEZJ2xPHo2DS2iSKvUL4xNMSAY4UguNW+pX56nAQmZKIZZ8MaEvSj6zMEDiq6HFfn5JcTlM80UwlnyKe8B8p7Nk06PPQLrnmQt5fh0HmEcZx+JU9TZsfCHPnX7MNz4ELfZE6cFsclClrKim3BHUIGq//t93DllB+h4O9LHjEUsQ1Sr63irDLSutkLJD6RXchjROXkNirlcNVHH/jwLWR5RcYilNX7S5bIkK8NlWPjsn/8Ua5O7I9/YoE97PpO6i73DTGLh5H9JN/SITwCKBkgSDWUt61uPK3Y11Gty7o2lWsBjhBUm2Y38CBsoGmBw==" >> ~/.ssh/known_hosts | |
| cat >> ~/.ssh/config <<EOL | |
| Host ppa.launchpad.net | |
| Hostname ppa.launchpad.net | |
| IdentityFile ~/.ssh/id_ed25519 | |
| EOL | |
| chmod 600 ~/.ssh/* | |
| - name: Upload to PPA | |
| run: | | |
| RELEASE=$(cat kubescape_full.spec | grep "Release:" | tr -s ' ' | cut -d' ' -f2) | |
| if [ $RELEASE == 0 ]; then unset RELEASE; fi | |
| sed -i "s/) jammy;/~${{ matrix.platform }}${RELEASE}) ${{ matrix.platform }};/" deb/debian/changelog | |
| make ppa | |
| # snapcraft: | |
| # runs-on: ubuntu-latest | |
| # needs: [update] | |
| # env: | |
| # SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }} | |
| # SNAPCRAFT_BUILD_INFO: 1 | |
| # strategy: | |
| # fail-fast: false | |
| # matrix: | |
| # platform: [amd64] | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # with: | |
| # ref: ${{ github.ref }} | |
| # submodules: 'recursive' | |
| # - name: Cache Go modules | |
| # uses: actions/cache@v4 | |
| # with: | |
| # path: | | |
| # cache | |
| # ~/.cache/go-build | |
| # ~/go/pkg/mod | |
| # key: ${{ runner.os }}-go | |
| # restore-keys: | | |
| # ${{ runner.os }}-go | |
| # - uses: actions/setup-go@v5 | |
| # name: Installing go | |
| # with: | |
| # go-version: ${{ env.GO_VERSION }} | |
| # - name: Install Dependencies | |
| # run: | | |
| # sudo apt update | |
| # sudo apt install -y golang-golang-x-tools | |
| # - name: Install Snapcraft | |
| # uses: samuelmeuli/action-snapcraft@v2 | |
| # - name: Install LXD | |
| # uses: canonical/setup-lxd@ea57509243d3cf39f8ab926e021bb353947b01b5 | |
| # - name: Build Snap | |
| # run: make snap | |
| # - name: Upload to Snapcraft Store | |
| # if: env.SNAPCRAFT_STORE_CREDENTIALS != null | |
| # run: snapcraft push cli-kubescape_*.snap | |
| # - name: Upload Snap Package Files to Artifact | |
| # uses: actions/upload-artifact@v3 | |
| # with: | |
| # name: kubescape_snap_${{ matrix.platform }} | |
| # path: "*.snap" |