Merge pull request #8596 from jenkins-x/pr-b7faca81-1c70-4428-ba2c-90… #593

Summary
Jobs
- release
- release2
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/jenkins-x-release.yaml at 267f7e4

	name: Release
	permissions:
	contents: read # to fetch code (actions/checkout)
	jobs:
	release:
	if: github.repository_owner == 'jenkins-x'
	runs-on: ubuntu-latest
	# Only this job needs id-token: write for cosign to push signatures using keyless signing
	permissions:
	id-token: write
	packages: write
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	with:
	# Only fetch last 10 commits, before we were fetching everything including v2 commits!
	fetch-depth: "0"
	token: ${{ secrets.GIT_BOT_TOKEN }}
	- uses: fusion-engineering/setup-git-credentials@v2
	with:
	credentials: ${{ format('https://x-access-token:{0}@github.com/', secrets.GIT_BOT_TOKEN) }}
	- name: Run coverage
	run: make test-coverage
	- name: Upload coverage to Codecov
	uses: codecov/codecov-action@v3
	with:
	files: ./build/reports/cover.txt
	- id: prep
	name: next release version
	uses: jenkins-x-plugins/jx-release-version@v2.6.1
	- env:
	GITHUB_TOKEN: ${{ secrets.GIT_BOT_TOKEN }}
	REPO_NAME: ${{ github.event.repository.name }}
	VERSION: ${{ steps.prep.outputs.version }}
	name: changelog
	uses: docker://ghcr.io/jenkins-x/jx-boot:latest
	with:
	entrypoint: .github/workflows/jenkins-x/changelog.sh
	- env:
	VERSION: ${{ steps.prep.outputs.version }}
	GITHUB_TOKEN: ${{ secrets.GIT_BOT_TOKEN }}
	REPOSITORY: ${{ github.repository }}
	COSIGN_EXPERIMENTAL: "true"
	name: upload-binaries
	uses: docker://ghcr.io/jenkins-x/jx-goreleaser-image:0.1.0@sha256:4ac5aeb4ce850761aeffc585446ea47bbcfa680d096fdd8c5d00c5a8c5adbcc0
	with:
	entrypoint: .github/workflows/jenkins-x/upload-binaries.sh
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v2
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2
	- name: Login to GitHub Container Registry
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: jenkins-x
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: syft-installer
	uses: anchore/sbom-action/download-syft@v0.13.3
	- name: cosign-installer
	uses: sigstore/cosign-installer@v2.8.1
	- name: Build and push jx-boot
	uses: docker/build-push-action@v4
	id: push-jx-boot
	with:
	context: .
	file: ./Dockerfile-boot
	platforms: linux/amd64,linux/arm64
	push: true
	build-args: \|
	VERSION=${{ steps.prep.outputs.version }}
	tags: \|
	ghcr.io/jenkins-x/jx-boot:latest
	ghcr.io/jenkins-x/jx-boot:${{ steps.prep.outputs.version }}
	- name: Sign the published Docker image for jx boot
	# ToDo(ankitm123): Remove this when this step works, for now we want this to unblock other releases
	continue-on-error: true
	env:
	COSIGN_EXPERIMENTAL: "true"
	GITHUB_TOKEN: ${{ secrets.GIT_BOT_TOKEN }}
	# ToDo: We should change this to some other user, a test account pushing images and artifacts for jx org sounds wrong!
	GIT_USERNAME: jenkins-x-bot-test
	DOCKER_REGISTRY_ORG: jenkins-x
	run: \|
	cosign sign ghcr.io/"${DOCKER_REGISTRY_ORG}"/jx-boot@"${{ steps.push-jx-boot.outputs.digest }}"
	- name: Generate and Push signed SBOM for jx-boot
	# ToDo(ankitm123): Remove this when this step works, for now we want this to unblock other releases
	continue-on-error: true
	env:
	GITHUB_TOKEN: ${{ secrets.GIT_BOT_TOKEN }}
	GIT_USERNAME: jenkins-x-bot-test
	DOCKER_REGISTRY_ORG: jenkins-x
	VERSION: ${{ steps.prep.outputs.version }}
	COSIGN_EXPERIMENTAL: "true"
	run: \|
	syft ghcr.io/$DOCKER_REGISTRY_ORG/jx-boot:$VERSION --scope all-layers -o spdx-json > sbom.json
	# This uploads the sbom
	cosign attach sbom --sbom sbom.json ghcr.io/${DOCKER_REGISTRY_ORG}/jx-boot@${{ steps.push-jx-boot.outputs.digest }}
	# This signs the sbom
	cosign sign --attachment sbom ghcr.io/${DOCKER_REGISTRY_ORG}/jx-boot@${{ steps.push-jx-boot.outputs.digest }}
	rm -f sbom.json
	- name: Build and push jx
	uses: docker/build-push-action@v4
	id: push-jx
	with:
	context: .
	file: ./Dockerfile
	platforms: linux/amd64
	push: true
	build-args: \|
	VERSION=${{ steps.prep.outputs.version }}
	tags: \|
	ghcr.io/jenkins-x/jx:latest
	ghcr.io/jenkins-x/jx:${{ steps.prep.outputs.version }}
	- name: Sign the published Docker image for jx
	# ToDo(ankitm123): Remove this when this step works, for now we want this to unblock other releases
	continue-on-error: true
	env:
	COSIGN_EXPERIMENTAL: "true"
	GITHUB_TOKEN: ${{ secrets.GIT_BOT_TOKEN }}
	# ToDo: We should change this to some other user, a test account pushing images and artifacts for jx org sounds wrong!
	GIT_USERNAME: jenkins-x-bot-test
	DOCKER_REGISTRY_ORG: jenkins-x
	REPO_NAME: ${{ github.event.repository.name }}
	run: \|
	cosign sign ghcr.io/$DOCKER_REGISTRY_ORG/$REPO_NAME@${{ steps.push-jx.outputs.digest }}
	- name: Generate and Push signed SBOM for jx
	# ToDo(ankitm123): Remove this when this step works, for now we want this to unblock other releases
	continue-on-error: true
	env:
	GITHUB_TOKEN: ${{ secrets.GIT_BOT_TOKEN }}
	GIT_USERNAME: jenkins-x-bot-test
	DOCKER_REGISTRY_ORG: jenkins-x
	VERSION: ${{ steps.prep.outputs.version }}
	REPO_NAME: ${{ github.event.repository.name }}
	COSIGN_EXPERIMENTAL: "true"
	run: \|
	syft ghcr.io/$DOCKER_REGISTRY_ORG/$REPO_NAME:$VERSION --scope all-layers -o spdx-json > sbom.json
	# This uploads the sbom
	cosign attach sbom --sbom sbom.json ghcr.io/${DOCKER_REGISTRY_ORG}/${REPO_NAME}@${{ steps.push-jx.outputs.digest }}
	# This signs the sbom
	cosign sign --attachment sbom ghcr.io/${DOCKER_REGISTRY_ORG}/${REPO_NAME}@${{ steps.push-jx.outputs.digest }}
	release2:
	if: github.repository_owner == 'jenkins-x'
	permissions:
	id-token: write
	packages: write
	runs-on: ubuntu-latest
	needs: release
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	with:
	fetch-depth: "0"
	token: ${{ secrets.GIT_BOT_TOKEN }}
	- id: getrelease
	name: getrelease
	uses: pozetroninc/github-action-get-latest-release@master
	with:
	repository: jenkins-x/jx
	- id: prep
	name: prep
	env:
	VERSION: ${{ steps.getrelease.outputs.release }}
	run: \|
	echo "::set-output name=version::${VERSION#v}"
	- uses: fusion-engineering/setup-git-credentials@v2
	with:
	credentials: ${{ format('https://x-access-token:{0}@github.com/', secrets.GIT_BOT_TOKEN) }}
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v2
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2
	- name: Login to GitHub Container Registry
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: jenkins-x
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Build and push jx-go
	uses: docker/build-push-action@v4
	with:
	context: .
	file: ./Dockerfile-go
	platforms: linux/amd64
	push: true
	build-args: \|
	VERSION=${{ steps.prep.outputs.version }}
	tags: \|
	ghcr.io/jenkins-x/jx-go:latest
	ghcr.io/jenkins-x/jx-go:${{ steps.prep.outputs.version }}
	- name: Build and push jx-go-maven
	uses: docker/build-push-action@v4
	with:
	context: .
	file: ./Dockerfile-go-maven
	platforms: linux/amd64
	push: true
	build-args: \|
	VERSION=${{ steps.prep.outputs.version }}
	tags: \|
	ghcr.io/jenkins-x/jx-go-maven:latest
	ghcr.io/jenkins-x/jx-go-maven:${{ steps.prep.outputs.version }}
	- env:
	GIT_USERNAME: jenkins-x-bot-test
	GITHUB_TOKEN: ${{ secrets.GIT_BOT_TOKEN }}
	VERSION: ${{ steps.prep.outputs.version}}
	XDG_CONFIG_HOME: /github/home/.config
	name: promote-release
	uses: docker://ghcr.io/jenkins-x/jx-updatebot:0.1.3
	with:
	args: pr --git-credentials
	"on":
	push:
	branches:
	- main
	- master

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #8596 from jenkins-x/pr-b7faca81-1c70-4428-ba2c-90… #593

Workflow file

Merge pull request #8596 from jenkins-x/pr-b7faca81-1c70-4428-ba2c-90… #593

Jobs

Run details

Workflow file for this run