-
Notifications
You must be signed in to change notification settings - Fork 2
170 lines (167 loc) · 6.29 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
name: Build deb or rpm packages
on:
workflow_dispatch: # Allow manual triggers
push:
branches: [ main ]
# Publish `v1.2.3` tags as releases.
tags:
- v*
pull_request:
branches: [ main ]
env:
GO_VERSION: 1.21
GPG_OWNER_TRUST: "D35930F2533C516BD2863BD7F03CFCB8B3E73F87:6:"
jobs:
debian:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
platform: [amd64, arm64]
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Cache Go modules
uses: actions/cache@v4
with:
path: |
cache
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go
restore-keys: |
${{ runner.os }}-go
- uses: actions/setup-go@v3
name: Installing go
with:
go-version: ${{ env.GO_VERSION }}
- name: start ${{ matrix.platform }} environment in container
if: matrix.platform != 'amd64'
run: |
sudo apt update
sudo apt-get install -y binfmt-support qemu-user-static
sudo docker run --platform linux/${{ matrix.platform }} -v ${PWD}:/work -w /work -d --name debbuild golang:${{ env.GO_VERSION }}-bullseye sleep 21600
DOCKER_CMD="sudo docker exec debbuild"
${DOCKER_CMD} apt update
${DOCKER_CMD} apt install -y sudo gpg
echo "DOCKER_CMD=${DOCKER_CMD}" >> $GITHUB_ENV;
- name: Install Dependencies
run: |
${{ env.DOCKER_CMD }} sudo apt update
${{ env.DOCKER_CMD }} sudo apt install -y debhelper golang-golang-x-tools make
- name: Setup GPG
env:
GPG: ${{ secrets.GPG }}
if: env.GPG != null
run: |
echo "${{ env.GPG }}" >> secret.gpg
${{ env.DOCKER_CMD }} gpg --import secret.gpg
rm secret.gpg
${{ env.DOCKER_CMD }} gpg --import-ownertrust <<< "${{ env.GPG_OWNER_TRUST }}"
${{ env.DOCKER_CMD }} gpg --list-keys
shell: bash
- name: Build
run: |
make vendor path=deb
${{ env.DOCKER_CMD }} make deb-ready path=deb
mkdir upload
cp kubescape_*.dsc upload
cp kubescape_*.tar.xz upload
cp kubescape_*.deb upload
- name: Upload Debian Package Files to Artifact
uses: actions/upload-artifact@v4
with:
name: kubescape_debian_${{ matrix.platform }}
path: upload/*
rpm:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
platform: [amd64, arm64]
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Cache Go modules
uses: actions/cache@v4
with:
path: |
cache
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go
restore-keys: |
${{ runner.os }}-go
- uses: actions/setup-go@v3
name: Installing go
with:
go-version: ${{ env.GO_VERSION }}
- name: Start packaging environment in container
run: |
sudo apt update
sudo apt-get install -y binfmt-support qemu-user-static golang-golang-x-tools make
sudo docker run --platform linux/${{ matrix.platform }} -v ${PWD}:/work -w /work -d --name rpmbuild fedora sleep 21600
DOCKER_CMD="sudo docker exec rpmbuild"
${DOCKER_CMD} dnf update -y
${DOCKER_CMD} dnf install golang make rpmdevtools -y
echo "DOCKER_CMD=${DOCKER_CMD}" >> $GITHUB_ENV;
- name: Build
run: |
make pack PACK_GO=NO path=deb
make rpmdir
mv kubescape_*.tar.xz rpmbuild/SOURCES
${{ env.DOCKER_CMD }} make rpm PWD=/work RPM_SPEC=kubescape.spec
- name: Upload RPM Package File to Artifact
uses: actions/upload-artifact@v4
with:
name: kubescape_rpm_${{ matrix.platform }}
path: rpmbuild/RPMS/*
release-checker:
outputs:
latest: ${{ steps.CHECKER.outputs.latest }}
release: ${{ steps.CHECKER.outputs.release }}
needrelease: ${{ steps.CHECKER.outputs.needrelease }}
runs-on: ubuntu-latest
steps:
- id: CHECKER
run: |
git clone https://github.com/${{ github.repository }} pack; cd pack
CURRENT=$(git describe --tags --abbrev=0 || true)
LATEST=$(cat kubescape_full.spec | grep "Version:" | tr -s ' ' | cut -d' ' -f2)
RELEASE=$(cat kubescape_full.spec | grep "Release:" | tr -s ' ' | cut -d' ' -f2)
echo "latest=${LATEST}" >> $GITHUB_OUTPUT
echo "release=${RELEASE}" >> $GITHUB_OUTPUT
echo "${CURRENT}, ${LATEST}"
if [ "v$LATEST" != "$CURRENT" ]; then echo "needrelease=true" >> $GITHUB_OUTPUT; fi
release:
runs-on: ubuntu-latest
permissions:
contents: write
needs: [release-checker, debian, rpm]
if: needs.release-checker.outputs.needrelease == 'true' && github.repository_owner == 'kubescape'
steps:
- uses: actions/download-artifact@v3
id: download-artifact
with:
path: .
- name: Release
uses: softprops/action-gh-release@d99959edae48b5ffffd7b00da66dcdb0a33a52ee
env:
latest: ${{ needs.release-checker.outputs.latest }}
release: ${{ needs.release-checker.outputs.release }}
with:
tag_name: v${{ env.latest }}
body: "Bump version into v${{ env.latest }}"
fail_on_unmatched_files: true
files: |
./kubescape_debian_amd64/kubescape_${{ env.latest }}_amd64.deb
./kubescape_debian_amd64/kubescape_${{ env.latest }}.tar.xz
./kubescape_debian_amd64/kubescape_${{ env.latest }}.dsc
./kubescape_debian_arm64/kubescape_${{ env.latest }}_arm64.deb
./kubescape_rpm_amd64/noarch/kubescape-bash-completion-${{ env.latest }}-${{ env.release }}.noarch.rpm
./kubescape_rpm_amd64/noarch/kubescape-fish-completion-${{ env.latest }}-${{ env.release }}.noarch.rpm
./kubescape_rpm_amd64/noarch/kubescape-zsh-completion-${{ env.latest }}-${{ env.release }}.noarch.rpm
./kubescape_rpm_amd64/x86_64/kubescape-${{ env.latest }}-${{ env.release }}.x86_64.rpm
./kubescape_rpm_arm64/aarch64/kubescape-${{ env.latest }}-${{ env.release }}.aarch64.rpm