9090 platforms : linux/amd64,linux/arm64
9191 push : true
9292 tags : ${{ steps.controller-meta.outputs.tags }}
93+ cache-from : type=local,src=/tmp/.buildx-cache
94+ cache-to : type=local,dest=/tmp/.buildx-cache
9395
9496 - name : Build and push (plugin-image)
9597 uses : docker/build-push-action@v3
@@ -99,7 +101,16 @@ jobs:
99101 platforms : linux/amd64,linux/arm64
100102 push : true
101103 tags : ${{ steps.plugin-meta.outputs.tags }}
104+ cache-from : type=local,src=/tmp/.buildx-cache
105+ cache-to : type=local,dest=/tmp/.buildx-cache-new
102106
107+ # Temp fix
108+ # https://github.com/docker/build-push-action/issues/252
109+ # https://github.com/moby/buildkit/issues/1896
110+ - name : Move cache
111+ run : |
112+ rm -rf /tmp/.buildx-cache
113+ mv /tmp/.buildx-cache-new /tmp/.buildx-cache
103114
104115release-artifacts :
105116 permissions :
@@ -121,7 +132,6 @@ jobs:
121132 - name : Generate release artifacts
122133 run : |
123134 make release-plugins
124- make checksums
125135 make manifests IMAGE_TAG=${{ github.event.inputs.tag }}
126136
127137name : Generate SBOM (spdx)
@@ -155,55 +165,6 @@ jobs:
155165
156166 cd /tmp && tar -zcf sbom.tar.gz *.spdx
157167
158- name : Login to Quay.io
159- if : github.event_name != 'pull_request'
160- uses : docker/login-action@v2
161- with :
162- registry : quay.io
163- username : ${{ secrets.QUAY_USERNAME }}
164- password : ${{ secrets.QUAY_ROBOT_TOKEN }}
165-
166- - name : Install cosign
167- uses : sigstore/cosign-installer@main
168- with :
169- cosign-release : ' v1.13.1'
170-
171- - name : Install crane to get digest of image
172- 173-
174- - name : Get digest of controller-image
175- run : |
176- echo "CONTROLLER_DIGEST=$(crane digest quay.io/argoproj/argo-rollouts:${{ github.event.inputs.tag }})" >> $GITHUB_ENV
177-
178- name : Get digest of plugin-image
179- run : |
180- echo "PLUGIN_DIGEST=$(crane digest quay.io/argoproj/kubectl-argo-rollouts:${{ github.event.inputs.tag }})" >> $GITHUB_ENV
181-
182- name : Sign Argo Rollouts Images
183- run : |
184- cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/argo-rollouts@${{ env.CONTROLLER_DIGEST }}
185- cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/kubectl-argo-rollouts@${{ env.PLUGIN_DIGEST }}
186- env :
187- COSIGN_PRIVATE_KEY : ${{secrets.COSIGN_PRIVATE_KEY}}
188- COSIGN_PASSWORD : ${{secrets.COSIGN_PASSWORD}}
189-
190- - name : Sign checksums and create public key for release assets
191- run : |
192- cosign sign-blob --key env://COSIGN_PRIVATE_KEY ./dist/argo-rollouts-checksums.txt > ./dist/argo-rollouts-checksums.sig
193- cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argo-rollouts-cosign.pub
194- cosign sign-blob --key env://COSIGN_PRIVATE_KEY /tmp/sbom.tar.gz > /tmp/sbom.tar.gz.sig
195- # Displays the public key to share.
196- cosign public-key --key env://COSIGN_PRIVATE_KEY
197- env :
198- COSIGN_PRIVATE_KEY : ${{secrets.COSIGN_PRIVATE_KEY}}
199- COSIGN_PASSWORD : ${{secrets.COSIGN_PASSWORD}}
200-
201- - name : update stable tag for docs
202- run : |
203- git tag -f stable ${{ github.event.inputs.tag }}
204- git push -f origin stable
205- if : ${{ inputs.update_stable_tag }}
206-
207168name : Draft release
208169 uses : softprops/action-gh-release@v1
209170 with :
@@ -213,17 +174,12 @@ jobs:
213174 dist/kubectl-argo-rollouts-linux-amd64
214175 dist/kubectl-argo-rollouts-linux-arm64
215176 dist/kubectl-argo-rollouts-darwin-amd64
216- dist/kubectl-argo-rollouts-darwin-arm64
217177 dist/kubectl-argo-rollouts-windows-amd64
218- dist/argo-rollouts-checksums.txt
219- dist/argo-rollouts-checksums.sig
220- dist/argo-rollouts-cosign.pub
221178 manifests/dashboard-install.yaml
222179 manifests/install.yaml
223180 manifests/namespace-install.yaml
224181 manifests/notifications-install.yaml
225182 docs/features/kustomize/rollout_cr_schema.json
226183 /tmp/sbom.tar.gz
227- /tmp/sbom.tar.gz.sig
228184env :
229185 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
0 commit comments