Build deb or rpm packages #162

Workflow file for this run

	name: Build deb or rpm packages

	on:
	workflow_dispatch: # Allow manual triggers
	push:
	branches: [ main ]
	# Publish `v1.2.3` tags as releases.
	tags:
	- v*
	pull_request:
	branches: [ main ]

	env:
	GO_VERSION: 1.21
	GPG_OWNER_TRUST: "D35930F2533C516BD2863BD7F03CFCB8B3E73F87:6:"

	jobs:
	debian:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	platform: [amd64, arm64]
	steps:
	- uses: actions/checkout@v4
	with:
	submodules: 'recursive'
	- name: Cache Go modules
	uses: actions/cache@v4
	with:
	path: \|
	cache
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go
	restore-keys: \|
	${{ runner.os }}-go
	- uses: actions/setup-go@v3
	name: Installing go
	with:
	go-version: ${{ env.GO_VERSION }}
	- name: start ${{ matrix.platform }} environment in container
	if: matrix.platform != 'amd64'
	run: \|
	sudo apt update
	sudo apt-get install -y binfmt-support qemu-user-static
	sudo docker run --platform linux/${{ matrix.platform }} -v ${PWD}:/work -w /work -d --name debbuild golang:${{ env.GO_VERSION }}-bullseye sleep 21600
	DOCKER_CMD="sudo docker exec debbuild"
	${DOCKER_CMD} apt update
	${DOCKER_CMD} apt install -y sudo gpg
	echo "DOCKER_CMD=${DOCKER_CMD}" >> $GITHUB_ENV;
	- name: Install Dependencies
	run: \|
	${{ env.DOCKER_CMD }} sudo apt update
	${{ env.DOCKER_CMD }} sudo apt install -y debhelper golang-golang-x-tools make
	- name: Setup GPG
	env:
	GPG: ${{ secrets.GPG }}
	if: env.GPG != null
	run: \|
	echo "${{ env.GPG }}" >> secret.gpg
	${{ env.DOCKER_CMD }} gpg --import secret.gpg
	rm secret.gpg
	${{ env.DOCKER_CMD }} gpg --import-ownertrust <<< "${{ env.GPG_OWNER_TRUST }}"
	${{ env.DOCKER_CMD }} gpg --list-keys
	shell: bash
	- name: Build
	run: \|
	make vendor path=deb
	${{ env.DOCKER_CMD }} make deb-ready path=deb
	mkdir upload
	cp kubescape_*.dsc upload
	cp kubescape_*.tar.xz upload
	cp kubescape_*.deb upload
	- name: Upload Debian Package Files to Artifact
	uses: actions/upload-artifact@v4
	with:
	name: kubescape_debian_${{ matrix.platform }}
	path: upload/*
	rpm:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	platform: [amd64, arm64]
	steps:
	- uses: actions/checkout@v4
	with:
	submodules: 'recursive'
	- name: Cache Go modules
	uses: actions/cache@v4
	with:
	path: \|
	cache
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go
	restore-keys: \|
	${{ runner.os }}-go
	- uses: actions/setup-go@v3
	name: Installing go
	with:
	go-version: ${{ env.GO_VERSION }}
	- name: Start packaging environment in container
	run: \|
	sudo apt update
	sudo apt-get install -y binfmt-support qemu-user-static golang-golang-x-tools make
	sudo docker run --platform linux/${{ matrix.platform }} -v ${PWD}:/work -w /work -d --name rpmbuild fedora sleep 21600
	DOCKER_CMD="sudo docker exec rpmbuild"
	${DOCKER_CMD} dnf update -y
	${DOCKER_CMD} dnf install golang make rpmdevtools -y
	echo "DOCKER_CMD=${DOCKER_CMD}" >> $GITHUB_ENV;
	- name: Build
	run: \|
	make pack PACK_GO=NO path=deb
	make rpmdir
	mv kubescape_*.tar.xz rpmbuild/SOURCES
	${{ env.DOCKER_CMD }} make rpm PWD=/work RPM_SPEC=kubescape.spec
	- name: Upload RPM Package File to Artifact
	uses: actions/upload-artifact@v4
	with:
	name: kubescape_rpm_${{ matrix.platform }}
	path: rpmbuild/RPMS/*
	release-checker:
	outputs:
	latest: ${{ steps.CHECKER.outputs.latest }}
	release: ${{ steps.CHECKER.outputs.release }}
	needrelease: ${{ steps.CHECKER.outputs.needrelease }}
	runs-on: ubuntu-latest
	steps:
	- id: CHECKER
	run: \|
	git clone https://github.com/${{ github.repository }} pack; cd pack
	CURRENT=$(git describe --tags --abbrev=0 \|\| true)
	LATEST=$(cat kubescape_full.spec \| grep "Version:" \| tr -s ' ' \| cut -d' ' -f2)
	RELEASE=$(cat kubescape_full.spec \| grep "Release:" \| tr -s ' ' \| cut -d' ' -f2)
	echo "latest=${LATEST}" >> $GITHUB_OUTPUT
	echo "release=${RELEASE}" >> $GITHUB_OUTPUT
	echo "${CURRENT}, ${LATEST}"
	if [ "v$LATEST" != "$CURRENT" ]; then echo "needrelease=true" >> $GITHUB_OUTPUT; fi
	release:
	runs-on: ubuntu-latest
	permissions:
	contents: write
	needs: [release-checker, debian, rpm]
	if: needs.release-checker.outputs.needrelease == 'true' && github.repository_owner == 'kubescape'
	steps:
	- uses: actions/download-artifact@v3
	id: download-artifact
	with:
	path: .
	- name: Release
	uses: softprops/action-gh-release@d99959edae48b5ffffd7b00da66dcdb0a33a52ee
	env:
	latest: ${{ needs.release-checker.outputs.latest }}
	release: ${{ needs.release-checker.outputs.release }}
	with:
	tag_name: v${{ env.latest }}
	body: "Bump version into v${{ env.latest }}"
	fail_on_unmatched_files: true
	files: \|
	./kubescape_debian_amd64/kubescape_${{ env.latest }}_amd64.deb
	./kubescape_debian_amd64/kubescape_${{ env.latest }}.tar.xz
	./kubescape_debian_amd64/kubescape_${{ env.latest }}.dsc
	./kubescape_debian_arm64/kubescape_${{ env.latest }}_arm64.deb
	./kubescape_rpm_amd64/noarch/kubescape-bash-completion-${{ env.latest }}-${{ env.release }}.noarch.rpm
	./kubescape_rpm_amd64/noarch/kubescape-fish-completion-${{ env.latest }}-${{ env.release }}.noarch.rpm
	./kubescape_rpm_amd64/noarch/kubescape-zsh-completion-${{ env.latest }}-${{ env.release }}.noarch.rpm
	./kubescape_rpm_amd64/x86_64/kubescape-${{ env.latest }}-${{ env.release }}.x86_64.rpm
	./kubescape_rpm_arm64/aarch64/kubescape-${{ env.latest }}-${{ env.release }}.aarch64.rpm

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build deb or rpm packages #162

Workflow file

Build deb or rpm packages #162

Jobs

Run details

Workflow file for this run