From 0e56f6630572a9b76bea2d321062fe556ef8489a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 30 Apr 2025 14:22:00 +0100 Subject: [PATCH 1/5] Release v0.9.1-rc1 (#370) Co-authored-by: David Collom Co-authored-by: github-actions[bot] --- .github/workflows/release.yaml | 78 ++++++++++++++---------- Makefile | 2 +- deploy/charts/version-checker/Chart.yaml | 4 +- deploy/charts/version-checker/README.md | 2 +- deploy/yaml/deploy.yaml | 2 +- 5 files changed, 50 insertions(+), 38 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d00d4848..f0be5021 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -12,9 +12,24 @@ concurrency: cancel-in-progress: true jobs: + release-name: + name: Generate a clean release name from the branch/tag + runs-on: ubuntu-latest + outputs: + name: "${{ steps.release_number.outputs.substring != '' && steps.release_number.outputs.substring || github.ref_name }}" + steps: + - uses: bhowell2/github-substring-action@1.0.2 + id: release_number + continue-on-error: true + with: + value: ${{github.ref_name}} + index_of_str: "release-" + prepare-release: # Don't push back to a tag! if: ${{ !startsWith(github.ref, 'refs/tags/') }} + needs: + - release-name name: Prepare release runs-on: ubuntu-latest permissions: @@ -23,23 +38,19 @@ jobs: steps: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + fetch-depth: 0 - name: Setup Golang uses: actions/setup-go@v5 with: go-version-file: go.mod - - uses: bhowell2/github-substring-action@1.0.2 - id: release_number - with: - value: ${{github.ref_name}} - index_of_str: "release-" - - name: Find and Replace Helm Chart Version uses: jacobtomlinson/gha-find-replace@v3 with: find: 'v(\d+)\.(\d+)\.(\d+)(-rc(\d)+)?' - replace: "${{steps.release_number.outputs.substring}}" + replace: "${{needs.release-name.outputs.name}}" include: "deploy/charts/version-checker/Chart.yaml" regex: true @@ -47,7 +58,7 @@ jobs: uses: jacobtomlinson/gha-find-replace@v3 with: find: 'v(\d+)\.(\d+)\.(\d+)(-rc(\d)+)?' - replace: "${{steps.release_number.outputs.substring}}" + replace: "${{needs.release-name.outputs.name}}" include: "deploy/yaml/deploy.yaml" regex: true @@ -55,7 +66,7 @@ jobs: uses: jacobtomlinson/gha-find-replace@v3 with: find: 'v(\d+)\.(\d+)\.(\d+)(-rc(\d)+)?' - replace: "${{steps.release_number.outputs.substring}}" + replace: "${{needs.release-name.outputs.name}}" include: "Makefile" regex: true @@ -87,7 +98,7 @@ jobs: git config --local user.email "github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" git status - git commit -a -m "Bump versions to ${{steps.release_number.outputs.substring}} " + git commit -a -m "Bump versions to ${{needs.release-name.outputs.name}}" - name: Push changes if: steps.filter.outputs.versions == 'true' @@ -105,9 +116,9 @@ jobs: with: github_token: ${{ secrets.GITHUB_TOKEN }} target_branch: main - title: "Release ${{steps.release_number.outputs.substring}}" + title: "Release ${{needs.release-name.outputs.name}}" body: |- - "**Automated Release Pull Request** + **Automated Release Pull Request** ## Change log: ${{steps.github_release.outputs.changelog}} @@ -119,9 +130,13 @@ jobs: runs-on: ubuntu-latest permissions: id-token: write + needs: + - release-name steps: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + path: version-checker - name: Setup Cosign uses: sigstore/cosign-installer@main @@ -136,10 +151,9 @@ jobs: - name: Setup Helm uses: azure/setup-helm@v4 - with: - token: ${{ github.token }} - name: Login to Quay.io + if: startsWith(github.ref, 'refs/tags/') run: echo "${{ secrets.QUAY_ROBOT_TOKEN }}" | helm registry login quay.io -u ${{ secrets.QUAY_USERNAME }} --password-stdin - name: package helm chart @@ -148,17 +162,17 @@ jobs: - name: Sign Helm Chart run: | - cosign sign-blob -y jetstack-charts/charts/version-checker-${{steps.release_number.outputs.substring}}.tgz \ - --bundle jetstack-charts/charts/version-checker-${{steps.release_number.outputs.substring}}.tgz.cosign.bundle + cosign sign-blob -y jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz \ + --bundle jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz.cosign.bundle - - name: Creating PR - if: startsWith(github.ref, 'refs/tags/') + - name: Creating Publishing Chart's PR uses: peter-evans/create-pull-request@v7 + if: ${{ startsWith(github.ref, 'refs/tags/') }} with: token: ${{ secrets.JETSTACK_CHARTS_PAT }} - title: "Release version-checker ${{github.ref_name }}" - commit-message: "Release version-checker ${{github.ref_name }}" - branch: version-checker/${{github.ref_name}} + title: "Release version-checker ${{ needs.release-name.outputs.name }}" + commit-message: "Release version-checker ${{ needs.release-name.outputs.name }}" + branch: version-checker/${{ github.ref_name }} path: jetstack-charts add-paths: | charts/*.tgz @@ -166,16 +180,18 @@ jobs: delete-branch: true signoff: true base: main - draft: ${{ !startsWith(github.ref, 'refs/tags/') }} - name: Push to Quay + if: startsWith(github.ref, 'refs/tags/') run: |- - helm push jetstack-charts/charts/version-checker-${{ github.ref_name }}.tgz oci://quay.io/quay.io/jetstack/version-checker/chart + helm push jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz oci://quay.io/quay.io/jetstack/version-checker/chart:${{needs.release-name.outputs.name}} docker-release: runs-on: ubuntu-latest permissions: id-token: write + needs: + - release-name steps: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -217,26 +233,22 @@ jobs: type=sbom type=provenance,mode=max - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image + - name: Sign the published Docker image (if tag) if: ${{ startsWith(github.ref, 'refs/tags/') }} env: # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable - TAGS: ${{ steps.meta.outputs.tags }} + TAGS: quay.io/jetstack/version-checker:${{github.ref_name}} DIGEST: ${{ steps.build-and-push.outputs.digest }} - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} + run: |- + cosign sign --yes "quay.io/jetstack/version-checker:${{github.ref_name}}@${DIGEST}" github-release: name: Create/Update GitHub Release permissions: contents: write runs-on: ubuntu-latest + needs: + - release-name steps: - name: Create Release / Change Logs uses: softprops/action-gh-release@v2 diff --git a/Makefile b/Makefile index 4aa48283..06e5ba8f 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,7 @@ verify: test build ## tests and builds version-checker image: ## build docker image GOARCH=$(ARCH) GOOS=linux CGO_ENABLED=0 go build -o ./bin/version-checker-linux ./cmd/. - docker build -t quay.io/jetstack/version-checker:v0.9.0 . + docker build -t quay.io/jetstack/version-checker:v0.9.1-rc1 . clean: ## clean up created files rm -rf \ diff --git a/deploy/charts/version-checker/Chart.yaml b/deploy/charts/version-checker/Chart.yaml index b8ed9488..1f27d193 100644 --- a/deploy/charts/version-checker/Chart.yaml +++ b/deploy/charts/version-checker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: "v0.9.0" -version: "v0.9.0" +appVersion: "v0.9.1-rc1" +version: "v0.9.1-rc1" description: A Helm chart for version-checker home: https://github.com/jetstack/version-checker name: version-checker diff --git a/deploy/charts/version-checker/README.md b/deploy/charts/version-checker/README.md index b09bf7cf..9f9ffb92 100644 --- a/deploy/charts/version-checker/README.md +++ b/deploy/charts/version-checker/README.md @@ -1,6 +1,6 @@ # version-checker -![Version: v0.9.0](https://img.shields.io/badge/Version-v0.9.0-informational?style=flat-square) ![AppVersion: v0.9.0](https://img.shields.io/badge/AppVersion-v0.9.0-informational?style=flat-square) +![Version: v0.9.1-rc1](https://img.shields.io/badge/Version-v0.9.1--rc1-informational?style=flat-square) ![AppVersion: v0.9.1-rc1](https://img.shields.io/badge/AppVersion-v0.9.1--rc1-informational?style=flat-square) A Helm chart for version-checker diff --git a/deploy/yaml/deploy.yaml b/deploy/yaml/deploy.yaml index 3a777990..e6f11561 100644 --- a/deploy/yaml/deploy.yaml +++ b/deploy/yaml/deploy.yaml @@ -50,7 +50,7 @@ spec: spec: serviceAccountName: version-checker containers: - - image: quay.io/jetstack/version-checker:v0.9.0 + - image: quay.io/jetstack/version-checker:v0.9.1-rc1 imagePullPolicy: Always ports: - containerPort: 8080 From e23104264ae0e41c82427dbbfce04aa4e38da067 Mon Sep 17 00:00:00 2001 From: David Collom Date: Wed, 30 Apr 2025 14:47:51 +0100 Subject: [PATCH 2/5] Fixing Release pipeline --- .github/workflows/release.yaml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f0be5021..d1c925c8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -152,7 +152,7 @@ jobs: - name: Setup Helm uses: azure/setup-helm@v4 - - name: Login to Quay.io + - name: Login to Quay.io for OCI Push if: startsWith(github.ref, 'refs/tags/') run: echo "${{ secrets.QUAY_ROBOT_TOKEN }}" | helm registry login quay.io -u ${{ secrets.QUAY_USERNAME }} --password-stdin @@ -162,8 +162,15 @@ jobs: - name: Sign Helm Chart run: | - cosign sign-blob -y jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz \ + cosign sign-blob -y \ + jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz \ --bundle jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz.cosign.bundle + - name: Push to Quay + if: startsWith(github.ref, 'refs/tags/') + run: |- + helm push \ + jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz \ + oci://quay.io/jetstack/version-checker/chart - name: Creating Publishing Chart's PR uses: peter-evans/create-pull-request@v7 @@ -181,11 +188,6 @@ jobs: signoff: true base: main - - name: Push to Quay - if: startsWith(github.ref, 'refs/tags/') - run: |- - helm push jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz oci://quay.io/quay.io/jetstack/version-checker/chart:${{needs.release-name.outputs.name}} - docker-release: runs-on: ubuntu-latest permissions: From 53cd10b08c31ae30372de1cc51c4345f9e7468bc Mon Sep 17 00:00:00 2001 From: David Collom Date: Wed, 30 Apr 2025 14:50:07 +0100 Subject: [PATCH 3/5] Bumping Helm Chart to v0.9.1-rc2 --- Makefile | 2 +- deploy/charts/version-checker/Chart.yaml | 4 ++-- deploy/charts/version-checker/README.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 06e5ba8f..114fec66 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,7 @@ verify: test build ## tests and builds version-checker image: ## build docker image GOARCH=$(ARCH) GOOS=linux CGO_ENABLED=0 go build -o ./bin/version-checker-linux ./cmd/. - docker build -t quay.io/jetstack/version-checker:v0.9.1-rc1 . + docker build -t quay.io/jetstack/version-checker:v0.9.1-rc2 . clean: ## clean up created files rm -rf \ diff --git a/deploy/charts/version-checker/Chart.yaml b/deploy/charts/version-checker/Chart.yaml index 1f27d193..c733b206 100644 --- a/deploy/charts/version-checker/Chart.yaml +++ b/deploy/charts/version-checker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: "v0.9.1-rc1" -version: "v0.9.1-rc1" +appVersion: "v0.9.1-rc2" +version: "v0.9.1-rc2" description: A Helm chart for version-checker home: https://github.com/jetstack/version-checker name: version-checker diff --git a/deploy/charts/version-checker/README.md b/deploy/charts/version-checker/README.md index 9f9ffb92..89940653 100644 --- a/deploy/charts/version-checker/README.md +++ b/deploy/charts/version-checker/README.md @@ -1,6 +1,6 @@ # version-checker -![Version: v0.9.1-rc1](https://img.shields.io/badge/Version-v0.9.1--rc1-informational?style=flat-square) ![AppVersion: v0.9.1-rc1](https://img.shields.io/badge/AppVersion-v0.9.1--rc1-informational?style=flat-square) +![Version: v0.9.1-rc2](https://img.shields.io/badge/Version-v0.9.1--rc2-informational?style=flat-square) ![AppVersion: v0.9.1-rc2](https://img.shields.io/badge/AppVersion-v0.9.1--rc2-informational?style=flat-square) A Helm chart for version-checker From 8cfa4f2581f24148721ef17e89bfa33b1fe7b755 Mon Sep 17 00:00:00 2001 From: David Collom Date: Wed, 30 Apr 2025 15:00:50 +0100 Subject: [PATCH 4/5] Disable OCI push of helm chart due to missing quay repo --- .github/workflows/release.yaml | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d1c925c8..3ba8afeb 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -152,9 +152,10 @@ jobs: - name: Setup Helm uses: azure/setup-helm@v4 - - name: Login to Quay.io for OCI Push - if: startsWith(github.ref, 'refs/tags/') - run: echo "${{ secrets.QUAY_ROBOT_TOKEN }}" | helm registry login quay.io -u ${{ secrets.QUAY_USERNAME }} --password-stdin + # FIXME: We need a Repo Created in Quay ahead of time for this to work + # - name: Login to Quay.io for OCI Push + # if: startsWith(github.ref, 'refs/tags/') + # run: echo "${{ secrets.QUAY_ROBOT_TOKEN }}" | helm registry login quay.io -u ${{ secrets.QUAY_USERNAME }} --password-stdin - name: package helm chart run: | @@ -165,12 +166,14 @@ jobs: cosign sign-blob -y \ jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz \ --bundle jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz.cosign.bundle - - name: Push to Quay - if: startsWith(github.ref, 'refs/tags/') - run: |- - helm push \ - jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz \ - oci://quay.io/jetstack/version-checker/chart + + # FIXME: We need a Repo Created in Quay ahead of time for this to work + # - name: Push to Quay + # if: startsWith(github.ref, 'refs/tags/') + # run: |- + # helm push \ + # jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz \ + # oci://quay.io/jetstack/version-checker/chart - name: Creating Publishing Chart's PR uses: peter-evans/create-pull-request@v7 From d291643805e5c396459fce1f0d70cf3e4a8883da Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 30 Apr 2025 14:04:07 +0000 Subject: [PATCH 5/5] Bump versions to v0.9.1 --- Makefile | 2 +- deploy/charts/version-checker/Chart.yaml | 4 ++-- deploy/charts/version-checker/README.md | 2 +- deploy/yaml/deploy.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 114fec66..004f8599 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,7 @@ verify: test build ## tests and builds version-checker image: ## build docker image GOARCH=$(ARCH) GOOS=linux CGO_ENABLED=0 go build -o ./bin/version-checker-linux ./cmd/. - docker build -t quay.io/jetstack/version-checker:v0.9.1-rc2 . + docker build -t quay.io/jetstack/version-checker:v0.9.1 . clean: ## clean up created files rm -rf \ diff --git a/deploy/charts/version-checker/Chart.yaml b/deploy/charts/version-checker/Chart.yaml index c733b206..165a0cce 100644 --- a/deploy/charts/version-checker/Chart.yaml +++ b/deploy/charts/version-checker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: "v0.9.1-rc2" -version: "v0.9.1-rc2" +appVersion: "v0.9.1" +version: "v0.9.1" description: A Helm chart for version-checker home: https://github.com/jetstack/version-checker name: version-checker diff --git a/deploy/charts/version-checker/README.md b/deploy/charts/version-checker/README.md index 89940653..07f03044 100644 --- a/deploy/charts/version-checker/README.md +++ b/deploy/charts/version-checker/README.md @@ -1,6 +1,6 @@ # version-checker -![Version: v0.9.1-rc2](https://img.shields.io/badge/Version-v0.9.1--rc2-informational?style=flat-square) ![AppVersion: v0.9.1-rc2](https://img.shields.io/badge/AppVersion-v0.9.1--rc2-informational?style=flat-square) +![Version: v0.9.1](https://img.shields.io/badge/Version-v0.9.1-informational?style=flat-square) ![AppVersion: v0.9.1](https://img.shields.io/badge/AppVersion-v0.9.1-informational?style=flat-square) A Helm chart for version-checker diff --git a/deploy/yaml/deploy.yaml b/deploy/yaml/deploy.yaml index e6f11561..750ba4df 100644 --- a/deploy/yaml/deploy.yaml +++ b/deploy/yaml/deploy.yaml @@ -50,7 +50,7 @@ spec: spec: serviceAccountName: version-checker containers: - - image: quay.io/jetstack/version-checker:v0.9.1-rc1 + - image: quay.io/jetstack/version-checker:v0.9.1 imagePullPolicy: Always ports: - containerPort: 8080