Bump version to 0.16.0 #21
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create KRCI release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| env: | |
| GOLANG_VERSION: '1.20' | |
| jobs: | |
| prepare-release: | |
| name: Perform automatic release on trigger ${{ github.ref }} | |
| runs-on: ubuntu-latest | |
| env: | |
| # The name of the tag as supplied by the GitHub event | |
| SOURCE_TAG: ${{ github.ref }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: '0' | |
| - name: Set up Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GOLANG_VERSION }} | |
| - name: Check if the published tag is well formed and setup vars | |
| run: | | |
| set -xue | |
| # refs/tags/v2.10.7 -> v2.10.7 | |
| RELEASE_TAG="${SOURCE_TAG##*/}" | |
| # install git-chglog | |
| go install github.com/git-chglog/git-chglog/cmd/git-chglog@latest | |
| # install crane | |
| go install github.com/google/go-containerregistry/cmd/crane@v0.16.1 | |
| # install rekor-cli | |
| go install github.com/sigstore/rekor/cmd/rekor-cli@v1.3.3 | |
| git-chglog --template .chglog/release.tpl.md -o release.md ${RELEASE_TAG} | |
| # Extract image name and tag from RELEASE_TAG | |
| IMAGE_NAME="epamedp/edp-headlamp" | |
| IMAGE_TAG=${RELEASE_TAG#v} | |
| # Get the digest of the image | |
| DIGEST=$(crane digest ${IMAGE_NAME}:${IMAGE_TAG} | tr ':' '-') | |
| # Get the digest of the attestation layer | |
| ATTESTATION_DIGEST=$(crane manifest ${IMAGE_NAME}:${DIGEST}.att | jq -r '.layers[].digest') | |
| # Get the digest of the signature layer | |
| SIGNATURE_DIGEST=$(crane manifest ${IMAGE_NAME}:${DIGEST}.sig | jq -r '.layers[].digest') | |
| # Search for the UUID of the attestation in JSON format | |
| ATTESTATION_UUID_JSON=$(rekor-cli search --sha ${ATTESTATION_DIGEST} --format json) | |
| # Search for the UUID of the signature in JSON format | |
| SIGNATURE_UUID_JSON=$(rekor-cli search --sha ${SIGNATURE_DIGEST} --format json) | |
| # Parse the JSON output to get the UUIDs | |
| ATTESTATION_UUID=$(echo ${ATTESTATION_UUID_JSON} | jq -r '.UUIDs[0]') | |
| SIGNATURE_UUID=$(echo ${SIGNATURE_UUID_JSON} | jq -r '.UUIDs[0]') | |
| # Create a new file with the desired text and the UUIDs | |
| echo "### Deployment Certifications and Source Traceability" > new_release.md | |
| echo "KubeRocketCI container images bear [cosign](https://github.com/sigstore/cosign) signatures. Refer to the [documentation](https://docs.kuberocketci.io/docs/developer-guide/artifacts-verification) for instructions on verification." >> new_release.md | |
| echo "The Rekor UUID's for this release is \`${ATTESTATION_UUID}\` - attestation and" >> new_release.md | |
| echo "\`${SIGNATURE_UUID}\` - signature" >> new_release.md | |
| # Append the contents of release.md to new_release.md | |
| cat release.md >> new_release.md | |
| # Move new_release.md to release.md | |
| mv new_release.md release.md | |
| echo "RELEASE_TAG=${RELEASE_TAG}" >> $GITHUB_ENV | |
| - name: Create GitHub release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| id: create_release | |
| with: | |
| tag_name: ${{ env.RELEASE_TAG }} | |
| release_name: ${{ env.RELEASE_TAG }} | |
| body_path: release.md |