diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 95ebe58..3ba8afe 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -16,7 +16,7 @@ jobs: name: Generate a clean release name from the branch/tag runs-on: ubuntu-latest outputs: - name: ${{ steps.release_number.outputs.substring != "" && steps.release_number.outputs.substring || github.ref_name }} + name: "${{ steps.release_number.outputs.substring != '' && steps.release_number.outputs.substring || github.ref_name }}" steps: - uses: bhowell2/github-substring-action@1.0.2 id: release_number @@ -152,9 +152,10 @@ jobs: - name: Setup Helm uses: azure/setup-helm@v4 - - name: Login to Quay.io - if: startsWith(github.ref, 'refs/tags/') - run: echo "${{ secrets.QUAY_ROBOT_TOKEN }}" | helm registry login quay.io -u ${{ secrets.QUAY_USERNAME }} --password-stdin + # FIXME: We need a Repo Created in Quay ahead of time for this to work + # - name: Login to Quay.io for OCI Push + # if: startsWith(github.ref, 'refs/tags/') + # run: echo "${{ secrets.QUAY_ROBOT_TOKEN }}" | helm registry login quay.io -u ${{ secrets.QUAY_USERNAME }} --password-stdin - name: package helm chart run: | @@ -162,9 +163,18 @@ jobs: - name: Sign Helm Chart run: | - cosign sign-blob -y jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz \ + cosign sign-blob -y \ + jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz \ --bundle jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz.cosign.bundle + # FIXME: We need a Repo Created in Quay ahead of time for this to work + # - name: Push to Quay + # if: startsWith(github.ref, 'refs/tags/') + # run: |- + # helm push \ + # jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz \ + # oci://quay.io/jetstack/version-checker/chart + - name: Creating Publishing Chart's PR uses: peter-evans/create-pull-request@v7 if: ${{ startsWith(github.ref, 'refs/tags/') }} @@ -181,11 +191,6 @@ jobs: signoff: true base: main - - name: Push to Quay - if: startsWith(github.ref, 'refs/tags/') - run: |- - helm push jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz oci://quay.io/quay.io/jetstack/version-checker/chart:${{needs.release-name.outputs.name}} - docker-release: runs-on: ubuntu-latest permissions: @@ -233,20 +238,14 @@ jobs: type=sbom type=provenance,mode=max - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image + - name: Sign the published Docker image (if tag) if: ${{ startsWith(github.ref, 'refs/tags/') }} env: # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable - TAGS: ${{ steps.meta.outputs.tags }} + TAGS: quay.io/jetstack/version-checker:${{github.ref_name}} DIGEST: ${{ steps.build-and-push.outputs.digest }} - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} + run: |- + cosign sign --yes "quay.io/jetstack/version-checker:${{github.ref_name}}@${DIGEST}" github-release: name: Create/Update GitHub Release diff --git a/Makefile b/Makefile index 06e5ba8..004f859 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,7 @@ verify: test build ## tests and builds version-checker image: ## build docker image GOARCH=$(ARCH) GOOS=linux CGO_ENABLED=0 go build -o ./bin/version-checker-linux ./cmd/. - docker build -t quay.io/jetstack/version-checker:v0.9.1-rc1 . + docker build -t quay.io/jetstack/version-checker:v0.9.1 . clean: ## clean up created files rm -rf \ diff --git a/deploy/charts/version-checker/Chart.yaml b/deploy/charts/version-checker/Chart.yaml index 1f27d19..165a0cc 100644 --- a/deploy/charts/version-checker/Chart.yaml +++ b/deploy/charts/version-checker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: "v0.9.1-rc1" -version: "v0.9.1-rc1" +appVersion: "v0.9.1" +version: "v0.9.1" description: A Helm chart for version-checker home: https://github.com/jetstack/version-checker name: version-checker diff --git a/deploy/charts/version-checker/README.md b/deploy/charts/version-checker/README.md index 9f9ffb9..07f0304 100644 --- a/deploy/charts/version-checker/README.md +++ b/deploy/charts/version-checker/README.md @@ -1,6 +1,6 @@ # version-checker -![Version: v0.9.1-rc1](https://img.shields.io/badge/Version-v0.9.1--rc1-informational?style=flat-square) ![AppVersion: v0.9.1-rc1](https://img.shields.io/badge/AppVersion-v0.9.1--rc1-informational?style=flat-square) +![Version: v0.9.1](https://img.shields.io/badge/Version-v0.9.1-informational?style=flat-square) ![AppVersion: v0.9.1](https://img.shields.io/badge/AppVersion-v0.9.1-informational?style=flat-square) A Helm chart for version-checker diff --git a/deploy/yaml/deploy.yaml b/deploy/yaml/deploy.yaml index e6f1156..750ba4d 100644 --- a/deploy/yaml/deploy.yaml +++ b/deploy/yaml/deploy.yaml @@ -50,7 +50,7 @@ spec: spec: serviceAccountName: version-checker containers: - - image: quay.io/jetstack/version-checker:v0.9.1-rc1 + - image: quay.io/jetstack/version-checker:v0.9.1 imagePullPolicy: Always ports: - containerPort: 8080