docs: add instruction for using OFO and GitOps (#497) #283
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Run Release Please | |
on: | |
push: | |
branches: | |
- main | |
env: | |
# Default minimum version of Go to support. | |
DEFAULT_GO_VERSION: 1.19 | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
GITHUB_PAGES_BRANCH: gh-pages | |
permissions: | |
contents: read | |
jobs: | |
release-please: | |
permissions: | |
contents: write # for google-github-actions/release-please-action to create release commit | |
pull-requests: write # for google-github-actions/release-please-action to create release PR | |
runs-on: ubuntu-latest | |
# Release-please creates a PR that tracks all changes | |
steps: | |
- uses: google-github-actions/release-please-action@v3 | |
id: release | |
with: | |
command: manifest | |
token: ${{secrets.GITHUB_TOKEN}} | |
default-branch: main | |
outputs: | |
release_created: ${{ steps.release.outputs.release_created }} | |
release_tag_name: ${{ steps.release.outputs.tag_name }} | |
build-oci: | |
permissions: | |
packages: write # to push the container image | |
needs: release-please | |
runs-on: ubuntu-latest | |
if: ${{ needs.release-please.outputs.release_created }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ needs.release-please.outputs.release_tag_name }} | |
- name: Log in to the Container registry | |
uses: docker/login-action@40891eba8c2bcd1309b07ba8b11232f313e86779 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@c4ee3adeed93b1fa6a762f209fb01608c1a22f1e | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@master | |
with: | |
platforms: all | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@master | |
- name: Build | |
uses: docker/build-push-action@v4 | |
with: | |
builder: ${{ steps.buildx.outputs.name }} | |
context: . | |
file: ./Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: | | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:main | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release-please.outputs.release_tag_name }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=gha,scope=${{ github.ref_name }}-ofo | |
cache-to: type=gha,scope=${{ github.ref_name }}-ofo | |
- name: Install cosign | |
uses: sigstore/cosign-installer@main | |
with: | |
cosign-release: 'v1.13.0' | |
- name: Sign release image | |
run: | | |
cosign sign --key env://COSIGN_PRIVATE_KEY ghcr.io/open-feature/open-feature-operator:${{ needs.release-please.outputs.release_tag_name }} | |
# Displays the public key to share. | |
cosign public-key --key env://COSIGN_PRIVATE_KEY > ./cosign.pub | |
env: | |
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}} | |
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} | |
if: ${{ env.DRY_RUN != 'true' }} | |
release-assets: | |
permissions: | |
contents: write # for softprops/action-gh-release to create GitHub release | |
needs: release-please | |
runs-on: ubuntu-latest | |
if: ${{ needs.release-please.outputs.release_created }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ needs.release-please.outputs.release_tag_name }} | |
- name: Setup go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.DEFAULT_GO_VERSION }} | |
- run: | | |
go mod tidy | |
make controller-gen | |
IMG=ghcr.io/open-feature/open-feature-operator:${{ needs.release-please.outputs.release_tag_name }} make helm-package | |
IMG=ghcr.io/open-feature/open-feature-operator:${{ needs.release-please.outputs.release_tag_name }} make release-manifests | |
- uses: anchore/sbom-action@v0 | |
with: | |
output-file: ./open-feature-operator-sbom.spdx.json | |
- name: Release | |
uses: softprops/action-gh-release@v1 | |
with: | |
tag_name: ${{ needs.release-please.outputs.release_tag_name }} | |
files: | | |
config/rendered/release.yaml | |
config/samples/end-to-end.yaml | |
open-feature-operator-sbom.spdx.json | |
release-charts: | |
needs: release-please | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
if: ${{ needs.release-please.outputs.release_created }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
ref: ${{ env.GITHUB_PAGES_BRANCH }} | |
- name: Setup go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.DEFAULT_GO_VERSION }} | |
- name: Configure Git | |
run: | | |
git config user.name "$GITHUB_ACTOR" | |
git config user.email "[email protected]" | |
- name: Merge release to gh-pages | |
run: git merge ${{ needs.release-please.outputs.release_tag_name }} | |
- name: Generate helm charts | |
run: IMG=ghcr.io/open-feature/open-feature-operator:${{ needs.release-please.outputs.release_tag_name }} make helm-package | |
- name: Commit files | |
run: | | |
git add charts/ | |
git add index.yaml | |
git commit -s -m "chore: released charts ${{ needs.release-please.outputs.release_tag_name }}" | |
- name: Push changes | |
uses: ad-m/github-push-action@master | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
branch: ${{ env.GITHUB_PAGES_BRANCH }} |