Merge pull request #820 from rancher/dependabot/github_actions/action… #84
Workflow file for this run
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | name: Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| # GitHub settings / example values: | |
| # | |
| # org level vars: | |
| # - PUBLIC_REGISTRY: docker.io | |
| # repo level vars: | |
| # - PUBLIC_REGISTRY_REPO: rancher | |
| # repo level secrets: | |
| # - PUBLIC_REGISTRY_USERNAME | |
| # - PUBLIC_REGISTRY_PASSWORD | |
| jobs: | |
| release: | |
| permissions: | |
| contents: write # required for creating GH release | |
| id-token: write # required for reading vault secrets | |
| strategy: | |
| matrix: | |
| include: | |
| # Three images are created: | |
| # - Multi-arch manifest for both amd64 and arm64 | |
| - tag-suffix: "" | |
| platforms: linux/amd64,linux/arm64 | |
| # - arm64 manifest | |
| - tag-suffix: "-arm64" | |
| platforms: linux/arm64 | |
| # - amd64 manifest | |
| - tag-suffix: "-amd64" | |
| platforms: linux/amd64 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.ref_name}} | |
| - name: Read secrets | |
| uses: rancher-eio/read-vault-secrets@main | |
| with: | |
| secrets: | | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | PUBLIC_REGISTRY_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | PUBLIC_REGISTRY_PASSWORD ; | |
| secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ; | |
| secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ; | |
| secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD ; | |
| - name: Publish images | |
| uses: rancher/ecm-distro-tools/actions/publish-image@master | |
| with: | |
| image: aks-operator | |
| tag: ${{ github.ref_name }}${{ matrix.tag-suffix }} | |
| platforms: ${{ matrix.platforms }} | |
| public-registry: docker.io | |
| public-repo: rancher | |
| public-username: ${{ env.PUBLIC_REGISTRY_USERNAME }} | |
| public-password: ${{ env.PUBLIC_REGISTRY_PASSWORD }} | |
| prime-registry: ${{ env.PRIME_REGISTRY }} | |
| prime-repo: rancher | |
| prime-username: ${{ env.PRIME_REGISTRY_USERNAME }} | |
| prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }} | |
| make-target: image-push | |
| - name: Create release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for creating GH release | |
| GORELEASER_CURRENT_TAG: ${{ github.ref_name }} # specify the tag to be released | |
| id: goreleaser | |
| uses: goreleaser/goreleaser-action@v6 | |
| with: | |
| distribution: goreleaser | |
| version: "~> v2" | |
| args: release --clean --verbose | |
| - name: Upload charts to release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for updating GH release | |
| REPO: rancher/aks-operator # Docker repository to reference in `values.yaml` of the Helm chart release | |
| TAG: ${{ github.ref_name }} # image tag to be referenced in `values.yaml` of the Helm chart release | |
| run: | | |
| version=$(echo '${{ steps.goreleaser.outputs.metadata }}' | jq -r '.version') | |
| echo "Publishing helm charts (version: $version)" | |
| # Both version and appVersion are set to the same value in the Chart.yaml (excluding the 'v' prefix) | |
| CHART_VERSION=$version GIT_TAG=$version make charts | |
| for f in $(find bin/ -name '*.tgz'); do | |
| echo "Uploading $f to GitHub release $TAG" | |
| gh release upload $TAG $f | |
| done | |
| echo "Charts successfully uploaded to GitHub release $TAG" |