Skip to content

Bump actions/download-artifact from 3 to 4 #163

Bump actions/download-artifact from 3 to 4

Bump actions/download-artifact from 3 to 4 #163

Workflow file for this run

name: Build deb or rpm packages
on:
workflow_dispatch: # Allow manual triggers
push:
branches: [ main ]
# Publish `v1.2.3` tags as releases.
tags:
- v*
pull_request:
branches: [ main ]
env:
GO_VERSION: 1.21
GPG_OWNER_TRUST: "D35930F2533C516BD2863BD7F03CFCB8B3E73F87:6:"
jobs:
debian:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
platform: [amd64, arm64]
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Cache Go modules
uses: actions/cache@v4
with:
path: |
cache
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go
restore-keys: |
${{ runner.os }}-go
- uses: actions/setup-go@v3
name: Installing go
with:
go-version: ${{ env.GO_VERSION }}
- name: start ${{ matrix.platform }} environment in container
if: matrix.platform != 'amd64'
run: |
sudo apt update
sudo apt-get install -y binfmt-support qemu-user-static
sudo docker run --platform linux/${{ matrix.platform }} -v ${PWD}:/work -w /work -d --name debbuild golang:${{ env.GO_VERSION }}-bullseye sleep 21600
DOCKER_CMD="sudo docker exec debbuild"
${DOCKER_CMD} apt update
${DOCKER_CMD} apt install -y sudo gpg
echo "DOCKER_CMD=${DOCKER_CMD}" >> $GITHUB_ENV;
- name: Install Dependencies
run: |
${{ env.DOCKER_CMD }} sudo apt update
${{ env.DOCKER_CMD }} sudo apt install -y debhelper golang-golang-x-tools make
- name: Setup GPG
env:
GPG: ${{ secrets.GPG }}
if: env.GPG != null
run: |
echo "${{ env.GPG }}" >> secret.gpg
${{ env.DOCKER_CMD }} gpg --import secret.gpg
rm secret.gpg
${{ env.DOCKER_CMD }} gpg --import-ownertrust <<< "${{ env.GPG_OWNER_TRUST }}"
${{ env.DOCKER_CMD }} gpg --list-keys
shell: bash
- name: Build
run: |
make vendor path=deb
${{ env.DOCKER_CMD }} make deb-ready path=deb
mkdir upload
cp kubescape_*.dsc upload
cp kubescape_*.tar.xz upload
cp kubescape_*.deb upload
- name: Upload Debian Package Files to Artifact
uses: actions/upload-artifact@v4
with:
name: kubescape_debian_${{ matrix.platform }}
path: upload/*
rpm:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
platform: [amd64, arm64]
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Cache Go modules
uses: actions/cache@v4
with:
path: |
cache
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go
restore-keys: |
${{ runner.os }}-go
- uses: actions/setup-go@v3
name: Installing go
with:
go-version: ${{ env.GO_VERSION }}
- name: Start packaging environment in container
run: |
sudo apt update
sudo apt-get install -y binfmt-support qemu-user-static golang-golang-x-tools make
sudo docker run --platform linux/${{ matrix.platform }} -v ${PWD}:/work -w /work -d --name rpmbuild fedora sleep 21600
DOCKER_CMD="sudo docker exec rpmbuild"
${DOCKER_CMD} dnf update -y
${DOCKER_CMD} dnf install golang make rpmdevtools -y
echo "DOCKER_CMD=${DOCKER_CMD}" >> $GITHUB_ENV;
- name: Build
run: |
make pack PACK_GO=NO path=deb
make rpmdir
mv kubescape_*.tar.xz rpmbuild/SOURCES
${{ env.DOCKER_CMD }} make rpm PWD=/work RPM_SPEC=kubescape.spec
- name: Upload RPM Package File to Artifact
uses: actions/upload-artifact@v4
with:
name: kubescape_rpm_${{ matrix.platform }}
path: rpmbuild/RPMS/*
release-checker:
outputs:
latest: ${{ steps.CHECKER.outputs.latest }}
release: ${{ steps.CHECKER.outputs.release }}
needrelease: ${{ steps.CHECKER.outputs.needrelease }}
runs-on: ubuntu-latest
steps:
- id: CHECKER
run: |
git clone https://github.com/${{ github.repository }} pack; cd pack
CURRENT=$(git describe --tags --abbrev=0 || true)
LATEST=$(cat kubescape_full.spec | grep "Version:" | tr -s ' ' | cut -d' ' -f2)
RELEASE=$(cat kubescape_full.spec | grep "Release:" | tr -s ' ' | cut -d' ' -f2)
echo "latest=${LATEST}" >> $GITHUB_OUTPUT
echo "release=${RELEASE}" >> $GITHUB_OUTPUT
echo "${CURRENT}, ${LATEST}"
if [ "v$LATEST" != "$CURRENT" ]; then echo "needrelease=true" >> $GITHUB_OUTPUT; fi
release:
runs-on: ubuntu-latest
permissions:
contents: write
needs: [release-checker, debian, rpm]
if: needs.release-checker.outputs.needrelease == 'true' && github.repository_owner == 'kubescape'
steps:
- uses: actions/download-artifact@v4
id: download-artifact
with:
path: .
- name: Release
uses: softprops/action-gh-release@d99959edae48b5ffffd7b00da66dcdb0a33a52ee
env:
latest: ${{ needs.release-checker.outputs.latest }}
release: ${{ needs.release-checker.outputs.release }}
with:
tag_name: v${{ env.latest }}
body: "Bump version into v${{ env.latest }}"
fail_on_unmatched_files: true
files: |
./kubescape_debian_amd64/kubescape_${{ env.latest }}_amd64.deb
./kubescape_debian_amd64/kubescape_${{ env.latest }}.tar.xz
./kubescape_debian_amd64/kubescape_${{ env.latest }}.dsc
./kubescape_debian_arm64/kubescape_${{ env.latest }}_arm64.deb
./kubescape_rpm_amd64/noarch/kubescape-bash-completion-${{ env.latest }}-${{ env.release }}.noarch.rpm
./kubescape_rpm_amd64/noarch/kubescape-fish-completion-${{ env.latest }}-${{ env.release }}.noarch.rpm
./kubescape_rpm_amd64/noarch/kubescape-zsh-completion-${{ env.latest }}-${{ env.release }}.noarch.rpm
./kubescape_rpm_amd64/x86_64/kubescape-${{ env.latest }}-${{ env.release }}.x86_64.rpm
./kubescape_rpm_arm64/aarch64/kubescape-${{ env.latest }}-${{ env.release }}.aarch64.rpm