90
90
platforms : linux/amd64,linux/arm64
91
91
push : true
92
92
tags : ${{ steps.controller-meta.outputs.tags }}
93
+ cache-from : type=local,src=/tmp/.buildx-cache
94
+ cache-to : type=local,dest=/tmp/.buildx-cache
93
95
94
96
- name : Build and push (plugin-image)
95
97
uses : docker/build-push-action@v3
@@ -99,7 +101,16 @@ jobs:
99
101
platforms : linux/amd64,linux/arm64
100
102
push : true
101
103
tags : ${{ steps.plugin-meta.outputs.tags }}
104
+ cache-from : type=local,src=/tmp/.buildx-cache
105
+ cache-to : type=local,dest=/tmp/.buildx-cache-new
102
106
107
+ # Temp fix
108
+ # https://github.com/docker/build-push-action/issues/252
109
+ # https://github.com/moby/buildkit/issues/1896
110
+ - name : Move cache
111
+ run : |
112
+ rm -rf /tmp/.buildx-cache
113
+ mv /tmp/.buildx-cache-new /tmp/.buildx-cache
103
114
104
115
release-artifacts :
105
116
permissions :
@@ -121,7 +132,6 @@ jobs:
121
132
- name : Generate release artifacts
122
133
run : |
123
134
make release-plugins
124
- make checksums
125
135
make manifests IMAGE_TAG=${{ github.event.inputs.tag }}
126
136
127
137
- name : Generate SBOM (spdx)
@@ -155,55 +165,6 @@ jobs:
155
165
156
166
cd /tmp && tar -zcf sbom.tar.gz *.spdx
157
167
158
- - name : Login to Quay.io
159
- if : github.event_name != 'pull_request'
160
- uses : docker/login-action@v2
161
- with :
162
- registry : quay.io
163
- username : ${{ secrets.QUAY_USERNAME }}
164
- password : ${{ secrets.QUAY_ROBOT_TOKEN }}
165
-
166
- - name : Install cosign
167
- uses : sigstore/cosign-installer@main
168
- with :
169
- cosign-release : ' v1.13.1'
170
-
171
- - name : Install crane to get digest of image
172
-
173
-
174
- - name : Get digest of controller-image
175
- run : |
176
- echo "CONTROLLER_DIGEST=$(crane digest quay.io/argoproj/argo-rollouts:${{ github.event.inputs.tag }})" >> $GITHUB_ENV
177
-
178
- - name : Get digest of plugin-image
179
- run : |
180
- echo "PLUGIN_DIGEST=$(crane digest quay.io/argoproj/kubectl-argo-rollouts:${{ github.event.inputs.tag }})" >> $GITHUB_ENV
181
-
182
- - name : Sign Argo Rollouts Images
183
- run : |
184
- cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/argo-rollouts@${{ env.CONTROLLER_DIGEST }}
185
- cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/kubectl-argo-rollouts@${{ env.PLUGIN_DIGEST }}
186
- env :
187
- COSIGN_PRIVATE_KEY : ${{secrets.COSIGN_PRIVATE_KEY}}
188
- COSIGN_PASSWORD : ${{secrets.COSIGN_PASSWORD}}
189
-
190
- - name : Sign checksums and create public key for release assets
191
- run : |
192
- cosign sign-blob --key env://COSIGN_PRIVATE_KEY ./dist/argo-rollouts-checksums.txt > ./dist/argo-rollouts-checksums.sig
193
- cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argo-rollouts-cosign.pub
194
- cosign sign-blob --key env://COSIGN_PRIVATE_KEY /tmp/sbom.tar.gz > /tmp/sbom.tar.gz.sig
195
- # Displays the public key to share.
196
- cosign public-key --key env://COSIGN_PRIVATE_KEY
197
- env :
198
- COSIGN_PRIVATE_KEY : ${{secrets.COSIGN_PRIVATE_KEY}}
199
- COSIGN_PASSWORD : ${{secrets.COSIGN_PASSWORD}}
200
-
201
- - name : update stable tag for docs
202
- run : |
203
- git tag -f stable ${{ github.event.inputs.tag }}
204
- git push -f origin stable
205
- if : ${{ inputs.update_stable_tag }}
206
-
207
168
- name : Draft release
208
169
uses : softprops/action-gh-release@v1
209
170
with :
@@ -213,17 +174,12 @@ jobs:
213
174
dist/kubectl-argo-rollouts-linux-amd64
214
175
dist/kubectl-argo-rollouts-linux-arm64
215
176
dist/kubectl-argo-rollouts-darwin-amd64
216
- dist/kubectl-argo-rollouts-darwin-arm64
217
177
dist/kubectl-argo-rollouts-windows-amd64
218
- dist/argo-rollouts-checksums.txt
219
- dist/argo-rollouts-checksums.sig
220
- dist/argo-rollouts-cosign.pub
221
178
manifests/dashboard-install.yaml
222
179
manifests/install.yaml
223
180
manifests/namespace-install.yaml
224
181
manifests/notifications-install.yaml
225
182
docs/features/kustomize/rollout_cr_schema.json
226
183
/tmp/sbom.tar.gz
227
- /tmp/sbom.tar.gz.sig
228
184
env :
229
185
GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
0 commit comments