chore: bump genpolicy bump genpolicy version #22
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Kata release artifacts | |
| on: | |
| push: | |
| tags: | |
| - '[0-9]+.[0-9]+.[0-9]+*' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build-and-push-assets-amd64: | |
| uses: ./.github/workflows/release-amd64.yaml | |
| with: | |
| target-arch: amd64 | |
| secrets: inherit | |
| build-and-push-assets-arm64: | |
| uses: ./.github/workflows/release-arm64.yaml | |
| with: | |
| target-arch: arm64 | |
| secrets: inherit | |
| build-and-push-assets-s390x: | |
| uses: ./.github/workflows/release-s390x.yaml | |
| with: | |
| target-arch: s390x | |
| secrets: inherit | |
| build-and-push-assets-ppc64le: | |
| uses: ./.github/workflows/release-ppc64le.yaml | |
| with: | |
| target-arch: ppc64le | |
| secrets: inherit | |
| publish-multi-arch-images: | |
| runs-on: ubuntu-latest | |
| needs: [build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Login to Kata Containers docker.io | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Login to Kata Containers quay.io | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} | |
| password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} | |
| - name: Push multi-arch manifest | |
| run: | | |
| # tag the container image we created and push to DockerHub | |
| tag=$(echo $GITHUB_REF | cut -d/ -f3-) | |
| tags=($tag) | |
| tags+=($([[ "$tag" =~ "alpha"|"rc" ]] && echo "latest" || echo "stable")) | |
| # push to quay.io and docker.io | |
| for tag in ${tags[@]}; do | |
| docker manifest create quay.io/kata-containers/kata-deploy:${tag} \ | |
| --amend quay.io/kata-containers/kata-deploy:${tag}-amd64 \ | |
| --amend quay.io/kata-containers/kata-deploy:${tag}-arm64 \ | |
| --amend quay.io/kata-containers/kata-deploy:${tag}-s390x \ | |
| --amend quay.io/kata-containers/kata-deploy:${tag}-ppc64le | |
| docker manifest create docker.io/katadocker/kata-deploy:${tag} \ | |
| --amend docker.io/katadocker/kata-deploy:${tag}-amd64 \ | |
| --amend docker.io/katadocker/kata-deploy:${tag}-arm64 \ | |
| --amend docker.io/katadocker/kata-deploy:${tag}-s390x \ | |
| --amend docker.io/katadocker/kata-deploy:${tag}-ppc64le | |
| docker manifest push quay.io/kata-containers/kata-deploy:${tag} | |
| docker manifest push docker.io/katadocker/kata-deploy:${tag} | |
| done | |
| upload-multi-arch-static-tarball: | |
| needs: publish-multi-arch-images | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: download-artifacts-amd64 | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: kata-static-tarball-amd64 | |
| - name: push amd64 static tarball to github | |
| run: | | |
| tag=$(echo $GITHUB_REF | cut -d/ -f3-) | |
| tarball="kata-static-$tag-amd64.tar.xz" | |
| mv kata-static.tar.xz "$GITHUB_WORKSPACE/${tarball}" | |
| pushd $GITHUB_WORKSPACE | |
| echo "uploading asset '${tarball}' for tag: ${tag}" | |
| GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} gh release upload "${tag}" "${tarball}" | |
| popd | |
| - name: download-artifacts-arm64 | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: kata-static-tarball-arm64 | |
| - name: push arm64 static tarball to github | |
| run: | | |
| tag=$(echo $GITHUB_REF | cut -d/ -f3-) | |
| tarball="kata-static-$tag-arm64.tar.xz" | |
| mv kata-static.tar.xz "$GITHUB_WORKSPACE/${tarball}" | |
| pushd $GITHUB_WORKSPACE | |
| echo "uploading asset '${tarball}' for tag: ${tag}" | |
| GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} gh release upload "${tag}" "${tarball}" | |
| popd | |
| - name: download-artifacts-s390x | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: kata-static-tarball-s390x | |
| - name: push s390x static tarball to github | |
| run: | | |
| tag=$(echo $GITHUB_REF | cut -d/ -f3-) | |
| tarball="kata-static-$tag-s390x.tar.xz" | |
| mv kata-static.tar.xz "$GITHUB_WORKSPACE/${tarball}" | |
| pushd $GITHUB_WORKSPACE | |
| echo "uploading asset '${tarball}' for tag: ${tag}" | |
| GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} gh release upload "${tag}" "${tarball}" | |
| popd | |
| - name: download-artifacts-ppc64le | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: kata-static-tarball-ppc64le | |
| - name: push ppc64le static tarball to github | |
| run: | | |
| tag=$(echo $GITHUB_REF | cut -d/ -f3-) | |
| tarball="kata-static-$tag-ppc64le.tar.xz" | |
| mv kata-static.tar.xz "$GITHUB_WORKSPACE/${tarball}" | |
| pushd $GITHUB_WORKSPACE | |
| echo "uploading asset '${tarball}' for tag: ${tag}" | |
| GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" | |
| popd | |
| upload-versions-yaml: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: upload versions.yaml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GIT_UPLOAD_TOKEN }} | |
| run: | | |
| tag=$(echo $GITHUB_REF | cut -d/ -f3-) | |
| pushd $GITHUB_WORKSPACE | |
| versions_file="kata-containers-$tag-versions.yaml" | |
| cp versions.yaml ${versions_file} | |
| gh release upload "${tag}" "${versions_file}" | |
| popd | |
| upload-cargo-vendored-tarball: | |
| needs: upload-multi-arch-static-tarball | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: generate-and-upload-tarball | |
| run: | | |
| tag=$(echo $GITHUB_REF | cut -d/ -f3-) | |
| tarball="kata-containers-$tag-vendor.tar.gz" | |
| pushd $GITHUB_WORKSPACE | |
| bash -c "tools/packaging/release/generate_vendor.sh ${tarball}" | |
| GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} gh release upload "${tag}" "${tarball}" | |
| popd | |
| upload-libseccomp-tarball: | |
| needs: upload-cargo-vendored-tarball | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: download-and-upload-tarball | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GIT_UPLOAD_TOKEN }} | |
| GOPATH: ${HOME}/go | |
| run: | | |
| pushd $GITHUB_WORKSPACE | |
| ./ci/install_yq.sh | |
| tag=$(echo $GITHUB_REF | cut -d/ -f3-) | |
| versions_yaml="versions.yaml" | |
| version=$(${GOPATH}/bin/yq read ${versions_yaml} "externals.libseccomp.version") | |
| repo_url=$(${GOPATH}/bin/yq read ${versions_yaml} "externals.libseccomp.url") | |
| download_url="${repo_url}/releases/download/v${version}" | |
| tarball="libseccomp-${version}.tar.gz" | |
| asc="${tarball}.asc" | |
| curl -sSLO "${download_url}/${tarball}" | |
| curl -sSLO "${download_url}/${asc}" | |
| gh release upload "${tag}" "${tarball}" | |
| gh release upload "${tag}" "${asc}" | |
| popd |