feat: [TKC-2684] docker image meta (#5936) #926
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release kubectl-testkube | |
| on: | |
| push: | |
| tags: | |
| - "v[0-9]+.[0-9]+.[0-9]+" | |
| permissions: | |
| id-token: write # needed for keyless signing | |
| contents: write | |
| env: | |
| TESTKUBE_CHOCO_REPO: https://chocolatey.kubeshop.io/ | |
| ALPINE_IMAGE: alpine:3.20.0 | |
| BUSYBOX_IMAGE: busybox:1.36.1-musl | |
| jobs: | |
| pre_build: | |
| name: Pre-build | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - name: "linux" | |
| path: .builds-linux.goreleaser.yml | |
| - name: "windows" | |
| path: .builds-windows.goreleaser.yml | |
| - name: "darwin" | |
| path: .builds-darwin.goreleaser.yml | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| if: matrix.name == 'linux' | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| if: matrix.name == 'linux' | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: stable | |
| - name: Go Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Login to DockerHub | |
| if: matrix.name == 'linux' | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Get tag | |
| id: tag | |
| uses: dawidd6/action-get-tag@v1 | |
| with: | |
| strip_v: true | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v6 | |
| with: | |
| distribution: goreleaser-pro | |
| version: latest | |
| args: release -f ${{ matrix.path }} --skip=publish | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }} | |
| ANALYTICS_TRACKING_ID: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_ID}}" | |
| ANALYTICS_API_KEY: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_SECRET}}" | |
| # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution | |
| GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} | |
| DOCKER_BUILDX_BUILDER: "${{ steps.buildx.outputs.name }}" | |
| DOCKER_BUILDX_CACHE_FROM: "type=gha" | |
| DOCKER_BUILDX_CACHE_TO: "type=gha,mode=max" | |
| ALPINE_IMAGE: ${{ env.ALPINE_IMAGE }} | |
| BUSYBOX_IMAGE: ${{ env.BUSYBOX_IMAGE }} | |
| DOCKER_IMAGE_TAG: ${{steps.tag.outputs.tag}} | |
| - name: Push Docker images | |
| if: matrix.name == 'linux' | |
| run: | | |
| docker push kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-arm64v8 | |
| docker push kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-amd64 | |
| # adding the docker manifest for the latest image tag | |
| docker manifest create kubeshop/testkube-cli:latest --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-amd64 --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-arm64v8 | |
| docker manifest push -p kubeshop/testkube-cli:latest | |
| docker manifest create kubeshop/testkube-cli:${{steps.tag.outputs.tag}} --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-amd64 --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-arm64v8 | |
| docker manifest push -p kubeshop/testkube-cli:${{steps.tag.outputs.tag}} | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@master | |
| with: | |
| name: testkube_${{ matrix.name }} | |
| path: | | |
| ${{ matrix.name }}/testkube_${{ matrix.name }}_* | |
| retention-days: 1 | |
| build_agent_image: | |
| name: Build a Docker image for Testkube Agent | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Get tag | |
| id: tag | |
| uses: dawidd6/action-get-tag@v1 | |
| with: | |
| strip_v: true | |
| - name: Preload kind images | |
| run: | | |
| mkdir -p build/kind/images/arm | |
| mkdir -p build/kind/images/amd | |
| docker pull --platform linux/arm64 kindest/node:v1.31.0 | |
| docker save kindest/node:v1.31.0 > build/kind/images/arm/node.tar | |
| docker pull --platform linux/amd64 kindest/node:v1.31.0 | |
| docker save kindest/node:v1.31.0 > build/kind/images/amd/node.tar | |
| - name: Build and push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| build-args: | | |
| segmentio_key=${{secrets.TESTKUBE_SEGMENTIO_KEY}} | |
| ga_id=${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_ID}} | |
| ga_secret=${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_SECRET}} | |
| docker_image_version=${{steps.tag.outputs.tag}} | |
| context: build/kind | |
| file: build/kind/kind.Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| provenance: mode=max | |
| push: true | |
| sbom: true | |
| tags: kubeshop/testkube-agent:${{steps.tag.outputs.tag}},kubeshop/testkube-agent:latest | |
| release: | |
| name: Create and upload release-artifacts | |
| needs: pre_build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: sigstore/[email protected] | |
| - uses: anchore/sbom-action/[email protected] | |
| - name: Download Artifacts for Linux | |
| uses: actions/download-artifact@master | |
| with: | |
| name: testkube_linux | |
| path: linux | |
| - name: Download Artifacts for Windows | |
| uses: actions/download-artifact@master | |
| with: | |
| name: testkube_windows | |
| path: windows | |
| - name: Download Artifacts for Darwin | |
| uses: actions/download-artifact@master | |
| with: | |
| name: testkube_darwin | |
| path: darwin | |
| # Added as a workaround since files lose their permissions when being moved from one stage to another in GH. A bug was reported | |
| # and will be fixed in the next release of GoReleaser, thus we will be able to remove this code. | |
| - name: Add executable mode | |
| run: chmod -R +x linux/ darwin/ | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: stable | |
| - name: Go Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v6 | |
| with: | |
| distribution: goreleaser-pro | |
| version: latest | |
| args: release -f .goreleaser.yml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }} | |
| ANALYTICS_TRACKING_ID: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_ID}}" | |
| ANALYTICS_API_KEY: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_SECRET}}" | |
| SLACK_BOT_CLIENT_ID: "${{secrets.TESTKUBE_SLACK_BOT_CLIENT_ID}}" | |
| SLACK_BOT_CLIENT_SECRET: "${{secrets.TESTKUBE_SLACK_BOT_CLIENT_SECRET}}" | |
| # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution | |
| GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} | |
| - name: Store Intermediate Artifacts | |
| uses: actions/upload-artifact@master | |
| with: | |
| name: bin-artifacts | |
| path: dist | |
| retention-days: 1 | |
| build-and-publish-windows-installer: | |
| needs: release | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get Intermediate Artifacts | |
| uses: actions/download-artifact@master | |
| with: | |
| name: testkube_windows | |
| path: windows | |
| - name: Get MSFT Cert | |
| id: write_file | |
| uses: timheuer/[email protected] | |
| with: | |
| fileName: "kubeshop_msft.p12" | |
| fileDir: "./temp/" | |
| encodedString: ${{ secrets.CERT_MSFT_KUBESHOP_P12_B64 }} | |
| - name: Create and Sign MSI | |
| run: | | |
| Copy-Item 'windows\testkube_windows_386\kubectl-testkube.exe' '.\kubectl-testkube.exe' | |
| Copy-Item 'build\installer\windows\testkube.wxs' '.\testkube.wxs' | |
| Copy-Item 'build\installer\windows\tk.bat' '.\tk.bat' | |
| Copy-Item 'build\installer\windows\testkube.bat' '.\testkube.bat' | |
| & "$env:WIX\bin\candle.exe" *.wxs | |
| & "$env:WIX\bin\light.exe" *.wixobj | |
| & "C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe" sign /f "$env:P12_CERT" /p "$env:P12_PASSWORD" /d "Kubetest by Kubeshop" /tr http://timestamp.digicert.com testkube.msi | |
| env: | |
| P12_CERT: ${{ steps.write_file.outputs.filePath }} | |
| P12_PASSWORD: ${{ secrets.CERT_MSFT_KUBESHOP_P12_PASSWORD }} | |
| - name: Get tag | |
| id: tag | |
| uses: dawidd6/action-get-tag@v1 | |
| with: | |
| # Optionally strip `v` prefix | |
| strip_v: true | |
| - name: Get release | |
| id: get_release | |
| uses: bruceadams/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| - name: Calculate Checksum | |
| id: checksum | |
| run: | | |
| $installer_name = $env:MSI_NAME | |
| $hash=Get-FileHash testkube.msi | |
| $hash.Hash + " " + $installer_name + ".msi" >> msi_checksum.txt | |
| echo "::set-output name=INSTALLER_NAME::${installer_name}" | |
| #export MSI hash to environment | |
| $hashsum = $hash.Hash | |
| echo "::set-output name=CHECKSUM::${hashsum}" | |
| #copy MSI to choco directory to build a nuget package | |
| Copy-Item -Path "testkube.msi" -Destination ".\choco\tools\$env:MSI_NAME.msi" | |
| env: | |
| MSI_NAME: testkube_${{steps.tag.outputs.tag}}_Windows_i386 | |
| - name: Upload release binary | |
| uses: actions/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| with: | |
| upload_url: ${{ steps.get_release.outputs.upload_url }} | |
| asset_path: testkube.msi | |
| asset_name: ${{steps.checksum.outputs.INSTALLER_NAME}}.msi | |
| asset_content_type: application/octet-stream | |
| - name: Upload Checksum | |
| uses: actions/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| with: | |
| upload_url: ${{ steps.get_release.outputs.upload_url }} | |
| asset_path: msi_checksum.txt | |
| asset_name: ${{steps.checksum.outputs.INSTALLER_NAME}}_checksum.txt | |
| asset_content_type: text/plain | |
| - name: Update checksum in chocolateyInstall.ps1 file | |
| working-directory: ./choco | |
| run: | | |
| $file_content = Get-Content .\tools\chocolateyInstall.ps1 -Raw | |
| $update_version = $file_content -replace "(?i)(\schecksum\s*=\s*)('.*')", "`$1'${{steps.checksum.outputs.CHECKSUM}}'" | |
| Set-Content -Path .\tools\chocolateyInstall.ps1 -Value $update_version -NoNewline | |
| - name: Bump versions and push package to chocolatey repo | |
| working-directory: ./choco | |
| run: | | |
| ./update.ps1 ${{steps.tag.outputs.tag}} ${{ secrets.COMMOM_CHOCO_API_KEY }} ${{ env.TESTKUBE_CHOCO_REPO }} | |
| build-and-publish-linux-installer: | |
| needs: release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Get Intermediate Artifacts | |
| uses: actions/download-artifact@master | |
| with: | |
| name: bin-artifacts | |
| path: dist | |
| - name: Get tag | |
| id: tag | |
| uses: dawidd6/action-get-tag@v1 | |
| with: | |
| strip_v: true | |
| - name: Publish package | |
| env: | |
| USERNAME: "aptly" | |
| PASSWORD: ${{ secrets.APTLY_PASSWORD }} | |
| APTLY_URL: "repo.testkube.io:8080" | |
| VERSION: ${{steps.tag.outputs.tag}} | |
| run: | | |
| ### Upload files | |
| curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -F file=@dist/testkube_${VERSION}_linux_386.deb http://${APTLY_URL}/api/files/testkube | |
| curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -F file=@dist/testkube_${VERSION}_linux_arm64.deb http://${APTLY_URL}/api/files/testkube | |
| curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -F file=@dist/testkube_${VERSION}_linux_amd64.deb http://${APTLY_URL}/api/files/testkube | |
| ### Add file to repo | |
| curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST http://${APTLY_URL}/api/repos/testkube/file/testkube?forceReplace=1 | |
| ### Create snapshot | |
| curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -H 'Content-Type: application/json' --data '{"Name":"testkube-'${VERSION}'"}' http://${APTLY_URL}/api/repos/testkube/snapshots | |
| ### Publish repo | |
| curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X PUT -H 'Content-Type: application/json' --data '{"Snapshots": [{"Component": "main", "Name": "testkube-'${VERSION}'"}]}'}], http://repo.testkube.io:8080/api/publish/:linux/linux | |
| trigger-argocd-image-build: | |
| needs: release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Release tag | |
| id: release_tag | |
| run: | | |
| echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/} | |
| - name: Set env | |
| env: | |
| SOURCE_TAG: ${{ steps.release_tag.outputs.SOURCE_TAG }} | |
| run: | | |
| echo RELEASE_TAG=${SOURCE_TAG:1} >> $GITHUB_ENV | |
| - name: Repository Dispatch | |
| uses: peter-evans/repository-dispatch@v3 | |
| with: | |
| token: ${{ secrets.CI_BOT_TOKEN }} | |
| repository: kubeshop/testkube-argocd | |
| event-type: trigger-argocd-image-build | |
| client-payload: '{"release_version": "${{ env.RELEASE_TAG }}"}' |