-
Notifications
You must be signed in to change notification settings - Fork 110
141 lines (125 loc) · 5.02 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: kapp-release
on:
push:
tags:
- "v*"
jobs:
kappreleaser:
name: kapp release
runs-on: ubuntu-latest
# Set permissions of github token. See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions
permissions:
contents: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.22'
- name: Set up Cosign
uses: sigstore/cosign-installer@v3
- name: Retrieve version
run: |
echo "TAG_NAME=$(echo ${{ github.ref }} | grep -Eo 'v[0-9].*')" >> $GITHUB_OUTPUT
id: version
- name: Run GoReleaser
# GoReleaser v4.2.0
uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b
if: startsWith(github.ref, 'refs/tags/')
with:
version: 1.16.2
args: release --rm-dist --debug ${{ env.SKIP_PUBLISH }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GORELEASER_CURRENT_TAG: ${{ steps.version.outputs.TAG_NAME }}
- uses: actions/github-script@v4
id: get-checksums-from-draft-release
if: startsWith(github.ref, 'refs/tags/')
with:
github-token: ${{secrets.GITHUB_TOKEN}}
result-encoding: string
script: |
var crypto = require('crypto');
const { owner, repo } = context.repo;
// https://docs.github.com/en/rest/reference/repos#list-releases
// https://octokit.github.io/rest.js/v18#repos-list-releases
var releases = await github.repos.listReleases({
owner: owner,
repo: repo
});
var crypto = require('crypto')
var fs = require('fs')
const url = require('url');
const https = require('https');
checksums = {}
for (const r of releases["data"]) {
if (r.draft && `refs/tags/${r.tag_name}` == "${{ github.ref }}") {
for (const asset of r.assets) {
var release_asset = await github.repos.getReleaseAsset({ headers: {accept: `application/octet-stream`}, accept: `application/octet-stream`, owner: owner, repo: repo, asset_id: asset.id });
const hash = crypto.createHash('sha256');
let http_promise = new Promise((resolve, reject) => {
https.get(release_asset.url, (stream) => {
stream.on('data', function (data) {
hash.update(data);
});
stream.on('end', function () {
checksums[asset.name]= hash.digest('hex');
resolve(`${asset.name}`);
});
});
});
await http_promise;
}
}
}
console.log(checksums)
return `${checksums['kapp-darwin-amd64']} ./kapp-darwin-amd64
${checksums['kapp-darwin-arm64']} ./kapp-darwin-arm64
${checksums['kapp-linux-amd64']} ./kapp-linux-amd64
${checksums['kapp-linux-arm64']} ./kapp-linux-arm64
${checksums['kapp-windows-amd64.exe']} ./kapp-windows-amd64.exe`
- name: Verify checksums signature
run: |
cosign verify-blob \
--cert dist/checksums.txt.pem \
--signature dist/checksums.txt.sig \
--certificate-identity-regexp=https://github.com/${{ github.repository_owner }} \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com ./dist/checksums.txt
- name: verify uploaded artifacts
if: startsWith(github.ref, 'refs/tags/')
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
CURRENT_TAG: ${{ steps.version.outputs.TAG_NAME }}
run: |
set -e -x
VERSION=`echo "$CURRENT_TAG" | grep -Eo '[0-9].*'`
./hack/build-binaries.sh "$VERSION" > ./go-checksums
cat ./go-checksums
diff ./go-checksums <(cat <<EOF
${{steps.get-checksums-from-draft-release.outputs.result}}
EOF
)
- name: Run Test cases
run: |
# Setup minikube
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
install minikube-linux-amd64 /usr/local/bin/minikube
minikube start --driver=docker --memory 4096
eval $(minikube docker-env --shell=bash)
# Ensure that there is no existing kapp installed
rm -f /tmp/bin/kapp
# Build kapp binary
set -e -x
VERSION=`echo ${{ github.ref }} | grep -Eo '[0-9].*'`
./hack/build.sh
# Add binary to the path
mkdir bin
mv kapp bin
PATH=$PATH:$PWD/bin
echo $PATH
# Run test cases
./hack/test-external.sh