-
Notifications
You must be signed in to change notification settings - Fork 2
245 lines (242 loc) · 8.58 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
name: Release with upstream
on:
workflow_dispatch: # Allow manual triggers
push:
# Publish `v1.2.3` tags as releases.
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
env:
GO_VERSION: 1.21
GPG_OWNER_TRUST: "D35930F2533C516BD2863BD7F03CFCB8B3E73F87:6:"
jobs:
check-secret:
runs-on: ubuntu-latest
outputs:
OSCRC: ${{ steps.OSCRC.outputs.defined }}
SSH: ${{ steps.SSH.outputs.defined }}
steps:
- name: Check if OSCRC is defined in secrets
id: OSCRC
env:
KEY: ${{ secrets.OSCRC }}
run: echo "defined=${{ env.KEY != '' }}" >> $GITHUB_OUTPUT
- name: Check if SSH is defined in secrets
id: SSH
env:
KEY: ${{ secrets.SSH }}
run: echo "defined=${{ env.KEY != '' }}" >> $GITHUB_OUTPUT
update:
runs-on: ubuntu-latest
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the changed files back to the repository.
contents: write
steps:
- name: Set release token
run: |
if [ "${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}" != "" ]; then
echo "TOKEN=${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}" >> $GITHUB_ENV;
else
echo "TOKEN=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_ENV;
fi
- uses: actions/checkout@v3
with:
token: ${{ env.TOKEN }}
- name: Update repo
run: |
. ./update.sh
echo "version=v$LATEST" >> $GITHUB_ENV
if [ "$LATEST" == "$CURRENT" ]; then echo "release=release $((RELEASE+1))" >> $GITHUB_ENV; fi
- uses: stefanzweifel/git-auto-commit-action@v4
with:
commit_author: Kubescape Maintainers <[email protected]>
commit_message: Bump version into ${{ env.version }} ${{ env.release }}
aur:
runs-on: ubuntu-latest
needs: [update, check-secret]
if: needs.check-secret.outputs.SSH == 'true'
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.ref }}
submodules: 'recursive'
- name: Set version and release
run: |
VERSION=$(cat kubescape_full.spec | grep "Version:" | tr -s ' ' | cut -d' ' -f2)
RELEASE=$(cat kubescape_full.spec | grep "Release:" | tr -s ' ' | cut -d' ' -f2)
echo "version=v$VERSION" >> $GITHUB_ENV
echo "release=$RELEASE" >> $GITHUB_ENV
- name: Publish AUR package
uses: KSXGitHub/github-actions-deploy-aur@v2
with:
pkgname: kubescape
pkgbuild: ./PKGBUILD
commit_username: Kubescape Maintainers
commit_email: [email protected]
ssh_private_key: ${{ secrets.SSH }}
commit_message: Bump kubescape version into ${{ env.version }} ${{ env.release }}
ssh_keyscan_types: rsa,dsa,ecdsa,ed25519
osc:
runs-on: ubuntu-latest
needs: [update, check-secret]
if: needs.check-secret.outputs.OSCRC == 'true'
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.ref }}
submodules: 'recursive'
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
cache
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go
restore-keys: |
${{ runner.os }}-go
- uses: actions/setup-go@v3
name: Installing go
with:
go-version: ${{ env.GO_VERSION }}
- name: Install Dependencies
run: |
sudo apt update
sudo apt install -y osc debhelper golang-golang-x-tools cmake
- name: Setup GPG
env:
GPG: ${{ secrets.GPG }}
if: env.GPG != null
run: |
echo "${{ env.GPG }}" >> secret.gpg
gpg --import secret.gpg
rm secret.gpg
gpg --import-ownertrust <<< "${{ env.GPG_OWNER_TRUST }}"
gpg --list-keys
- name: Set osc secret
run: |
mkdir -p ~/.config/osc
echo "${{ secrets.OSCRC }}" >> ~/.config/osc/oscrc
shell: bash
- name: Build
run: make dsc
- name: OSC update
run: |
osc checkout home:kubescape/kubescape
cd home:kubescape/kubescape
rm kubescape*
mv ../../kubescape.spec .
mv ../../PKGBUILD_obs PKGBUILD
VERSION=$(cat kubescape.spec | grep "Version:" | tr -s ' ' | cut -d' ' -f2)
RELEASE=$(cat kubescape.spec | grep "Release:" | tr -s ' ' | cut -d' ' -f2)
mv ../../kubescape_${VERSION}.dsc .
mv ../../kubescape_${VERSION}.tar.xz .
osc addremove *
osc commit -m "Sync with source repo at version ${VERSION} with release ${RELEASE}"
ppa:
runs-on: ubuntu-latest
needs: [update, check-secret]
if: needs.check-secret.outputs.SSH == 'true'
strategy:
fail-fast: false
matrix:
platform: [lunar, kinetic, jammy, focal, bionic, xenial, mantic, nobel]
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.ref }}
submodules: 'recursive'
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
cache
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go
restore-keys: |
${{ runner.os }}-go
- uses: actions/setup-go@v3
name: Installing go
with:
go-version: ${{ env.GO_VERSION }}
- name: Install Dependencies
run: |
sudo apt update
sudo apt install -y debhelper dput golang-golang-x-tools cmake python3-paramiko
mv .dput.cf ~
- name: Setup GPG
env:
GPG: ${{ secrets.GPG }}
if: env.GPG != null
run: |
echo "${{ env.GPG }}" >> secret.gpg
gpg --import secret.gpg
rm secret.gpg
gpg --import-ownertrust <<< "${{ env.GPG_OWNER_TRUST }}"
gpg --list-keys
- name: Setup SSH key
run: |
mkdir ~/.ssh
echo "${{ secrets.SSH }}" >> ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
echo $(ssh-keygen -f ~/.ssh/id_ed25519 -y) >> cat ~/.ssh/id_ed25519.pub
echo "|1|uIWW5daPIPYqCEyw/JIK815RHV8=|/DC35195m6v32WIz4xXXncyJ4ZM= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0aKz5UTUndYgIGG7dQBV+HaeuEZJ2xPHo2DS2iSKvUL4xNMSAY4UguNW+pX56nAQmZKIZZ8MaEvSj6zMEDiq6HFfn5JcTlM80UwlnyKe8B8p7Nk06PPQLrnmQt5fh0HmEcZx+JU9TZsfCHPnX7MNz4ELfZE6cFsclClrKim3BHUIGq//t93DllB+h4O9LHjEUsQ1Sr63irDLSutkLJD6RXchjROXkNirlcNVHH/jwLWR5RcYilNX7S5bIkK8NlWPjsn/8Ua5O7I9/YoE97PpO6i73DTGLh5H9JN/SITwCKBkgSDWUt61uPK3Y11Gty7o2lWsBjhBUm2Y38CBsoGmBw==" >> ~/.ssh/known_hosts
cat >> ~/.ssh/config <<EOL
Host ppa.launchpad.net
Hostname ppa.launchpad.net
IdentityFile ~/.ssh/id_ed25519
EOL
chmod 600 ~/.ssh/*
- name: Upload to PPA
run: |
RELEASE=$(cat kubescape_full.spec | grep "Release:" | tr -s ' ' | cut -d' ' -f2)
if [ $RELEASE == 0 ]; then unset RELEASE; fi
sed -i "s/) jammy;/~${{ matrix.platform }}${RELEASE}) ${{ matrix.platform }};/" deb/debian/changelog
make ppa
# snapcraft:
# runs-on: ubuntu-latest
# needs: [update]
# env:
# SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }}
# SNAPCRAFT_BUILD_INFO: 1
# strategy:
# fail-fast: false
# matrix:
# platform: [amd64]
# steps:
# - uses: actions/checkout@v3
# with:
# ref: ${{ github.ref }}
# submodules: 'recursive'
# - name: Cache Go modules
# uses: actions/cache@v3
# with:
# path: |
# cache
# ~/.cache/go-build
# ~/go/pkg/mod
# key: ${{ runner.os }}-go
# restore-keys: |
# ${{ runner.os }}-go
# - uses: actions/setup-go@v3
# name: Installing go
# with:
# go-version: ${{ env.GO_VERSION }}
# - name: Install Dependencies
# run: |
# sudo apt update
# sudo apt install -y golang-golang-x-tools
# - name: Install Snapcraft
# uses: samuelmeuli/action-snapcraft@v2
# - name: Install LXD
# uses: canonical/setup-lxd@ea57509243d3cf39f8ab926e021bb353947b01b5
# - name: Build Snap
# run: make snap
# - name: Upload to Snapcraft Store
# if: env.SNAPCRAFT_STORE_CREDENTIALS != null
# run: snapcraft push cli-kubescape_*.snap
# - name: Upload Snap Package Files to Artifact
# uses: actions/upload-artifact@v3
# with:
# name: kubescape_snap_${{ matrix.platform }}
# path: "*.snap"