Skip to content

Commit

Permalink
Build, test and release using reusable Github actions.
Browse files Browse the repository at this point in the history 
Updates the release.yml workflow file to use the reusable actions
available to build, test and release policies.
  • Loading branch information
@jvanz
jvanz committed Jan 27, 2022
1 parent a37fe26 commit 9d038aa
Showing 1 changed file with 17 additions and 98 deletions.
115 changes: 17 additions & 98 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,110 +2,29 @@ on:
push:
branches:
- main
- master
tags:
- 'v*'

name: Publish Wasm module
name: Release policy

jobs:

test:
name: Test Suite
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- uses: actions-rs/cargo@v1
with:
command: test
name: run tests and linters
uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-rust.yml@v1

build:
name: Build and publish policy
runs-on: ubuntu-latest
release:
needs: test
env:
WASM_BINARY_NAME: readonly_root_filesystem_psp_policy
OCI_TARGET: ghcr.io/kubewarden/policies/readonly-root-filesystem-psp
METADATA_FILE: metadata.yml
KWCTL_VERSION: v0.1.9
steps:
-
name: Checkout code
uses: actions/checkout@v2
-
name: Prepare Rust environment
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
target: wasm32-unknown-unknown
-
name: Download kwctl
run: |
curl -L https://github.com/kubewarden/kwctl/releases/download/${{env.KWCTL_VERSION}}/kwctl-linux-amd64.zip -o kwctl.zip
unzip kwctl.zip
chmod 755 kwctl
-
name: Build Wasm module
uses: actions-rs/cargo@v1
with:
command: build
args: --target=wasm32-unknown-unknown --release
-
name: Annotate Wasm module
run: |
./kwctl annotate -m ${{ env.METADATA_FILE }} -o policy-annotated.wasm target/wasm32-unknown-unknown/release/${WASM_BINARY_NAME}.wasm
permissions:
# Required to push to GHCR
contents: write
packages: write
# Required by cosign keyless signing
id-token: write

-
name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Publish Wasm policy artifact to OCI registry with the 'latest' tag
if: ${{ startsWith(github.ref, 'refs/heads/') }}
run: |
./kwctl push policy-annotated.wasm ${{ env.OCI_TARGET }}:latest
-
name: Publish Wasm policy artifact to OCI registry with the version tag and 'latest'
if: ${{ startsWith(github.ref, 'refs/tags/') }}
run: |
export OCI_TAG=$(echo $GITHUB_REF | sed -e "s|refs/tags/||")
./kwctl push policy-annotated.wasm ${{ env.OCI_TARGET }}:${OCI_TAG}
-
name: Create Release
if: ${{ startsWith(github.ref, 'refs/tags/') }}
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
draft: false
prerelease: false
-
name: Upload Release Asset
if: ${{ startsWith(github.ref, 'refs/tags/') }}
id: upload-release-asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: policy-annotated.wasm
asset_name: policy.wasm
asset_content_type: application/wasm
-
name: Notify policy-hub
if: ${{ startsWith(github.ref, 'refs/tags/') }}
uses: kubewarden/notify-policy-hub@main
with:
USERNAME: chimera-kube-bot
PAT: ${{ secrets.WORKFLOW_PAT }}
uses: kubewarden/github-actions/.github/workflows/reusable-release-policy-rust.yml@v1
with:
input-wasm: readonly_root_filesystem_psp_policy
oci-target: ghcr.io/${{ github.repository_owner }}/policies/readonly-root-filesystem-psp
secrets:
workflow-pat: ${{ secrets.WORKFLOW_PAT }}

0 comments on commit 9d038aa

Please sign in to comment.