Skip to content

Merge pull request #1603 from grafana/chore/prep-5.10 #43

Merge pull request #1603 from grafana/chore/prep-5.10

Merge pull request #1603 from grafana/chore/prep-5.10 #43

Workflow file for this run

name: release
on:
push:
tags:
- v5.*
permissions:
contents: write
packages: write
jobs:
helm:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v4
- name: Prepare
run: |
# OCI standard enforces lower-case paths
GHCR_REPO=$(echo "ghcr.io/${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
HELM_REPO=$(echo "oci://ghcr.io/${{ github.repository_owner }}/helm-charts" | tr '[:upper:]' '[:lower:]')
echo "GHCR_REPO=$GHCR_REPO" >> $GITHUB_ENV
echo "HELM_REPO=$HELM_REPO" >> $GITHUB_ENV
- name: Publish Helm charts
run: |
cd deploy/helm
yq -i '.image.repository = "${{ env.GHCR_REPO }}"' grafana-operator/values.yaml
helm registry login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io
helm package --app-version ${{ github.ref_name }} --version ${{ github.ref_name }} grafana-operator
helm push grafana-operator-${{ github.ref_name }}.tgz ${{ env.HELM_REPO }}
kustomize:
runs-on: ubuntu-latest
steps:
- name: install flux
uses: fluxcd/flux2/[email protected]
- name: Clone repo
uses: actions/checkout@v4
- name: Prepare
run: |
# OCI standard enforces lower-case paths
KUSTOMIZE_REPO=$(echo "oci://ghcr.io/${{ github.repository_owner }}/kustomize/grafana-operator" | tr '[:upper:]' '[:lower:]')
GHCR_REPO=$(echo "ghcr.io/${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
echo "KUSTOMIZE_REPO=$KUSTOMIZE_REPO" >> $GITHUB_ENV
echo "GHCR_REPO=$GHCR_REPO" >> $GITHUB_ENV
- name: update-kustomize-image
run: |
# Install kustomize
make kustomize
# Update image to match the new image and tag
cd deploy/kustomize/base
kustomize edit set image ghcr.io/${{ github.repository }}=${{ env.GHCR_REPO }}:${{ github.ref_name }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Publish Kustomize OCI artifact to GHCR
run: |
flux push artifact ${{ env.KUSTOMIZE_REPO }}:${{ github.ref_name }} \
--path="./deploy/kustomize" \
--source="${{ github.event.repository.html_url }}" \
--revision="${GITHUB_REF_NAME}/${GITHUB_SHA}"
- name: update-kustomize-assert
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
for d in deploy/kustomize/overlays/*/ ; do
kustomize build "$d" --load-restrictor LoadRestrictionsNone > kustomize-$(basename "$d").yaml
done
kustomize build config/crd > crds.yaml
gh release upload "${{ github.ref_name }}" kustomize-*.yaml crds.yaml
image:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v4
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Quay.io
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
cache: true
- uses: ko-build/[email protected]
with:
version: v0.15.1
- name: Install cosign
uses: sigstore/[email protected]
with:
cosign-release: "v2.2.2"
- name: Prepare
run: |
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV
echo "REPOS"="quay.io/grafana-operator/grafana-operator" "ghcr.io/${{ github.repository }}" >> $GITHUB_ENV
- name: Build and push
run: |
for i in ${{ env.REPOS }}
do
export KO_DOCKER_REPO=${i}
ko build --sbom=spdx --image-refs ./image-digest-${i%.*} --bare --platform linux/arm64,linux/arm/v7,linux/amd64,linux/ppc64le -t ${{ github.ref_name }} \
--image-label org.opencontainers.image.title=grafana-operator \
--image-label org.opencontainers.image.description="An operator for Grafana that installs and manages Grafana instances & Dashboards & Datasources through Kubernetes/OpenShift CRs" \
--image-label org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }} \
--image-label org.opencontainers.image.revision=${{ github.sha }} \
--image-label org.opencontainers.image.version=${{ github.ref_name }} \
--image-label org.opencontainers.image.created=${{ env.BUILD_DATE }}
done
- name: Sign Image
run: |
for i in ${{ env.REPOS }}
do
cosign sign -d -y $(cat ./image-digest-${i%.*})
done