Release v0.9.1

.github/workflows/release.yaml

@@ -16,7 +16,7 @@ jobs:
     name: Generate a clean release name from the branch/tag
     runs-on: ubuntu-latest
     outputs:
-      name: ${{ steps.release_number.outputs.substring != "" && steps.release_number.outputs.substring || github.ref_name }}
+      name: "${{ steps.release_number.outputs.substring != '' && steps.release_number.outputs.substring || github.ref_name }}"
     steps:
       - uses: bhowell2/github-substring-action@1.0.2
         id: release_number
@@ -152,19 +152,29 @@ jobs:
       - name: Setup Helm
         uses: azure/setup-helm@v4
 
-      - name: Login to Quay.io
-        if: startsWith(github.ref, 'refs/tags/')
-        run: echo "${{ secrets.QUAY_ROBOT_TOKEN }}" | helm registry login quay.io -u ${{ secrets.QUAY_USERNAME }} --password-stdin
+      # FIXME: We need a Repo Created in Quay ahead of time for this to work
+      # - name: Login to Quay.io for OCI Push
+      #   if: startsWith(github.ref, 'refs/tags/')
+      #   run: echo "${{ secrets.QUAY_ROBOT_TOKEN }}" | helm registry login quay.io -u ${{ secrets.QUAY_USERNAME }} --password-stdin
 
       - name: package helm chart
         run: |
           helm package version-checker/deploy/charts/version-checker -d jetstack-charts/charts/
 
       - name: Sign Helm Chart
         run: |
-          cosign sign-blob -y jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz \
+          cosign sign-blob -y \
+            jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz \
             --bundle jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz.cosign.bundle
 
+      # FIXME: We need a Repo Created in Quay ahead of time for this to work
+      # - name: Push to Quay
+      #   if: startsWith(github.ref, 'refs/tags/')
+      #   run: |-
+      #     helm push \
+      #       jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz \
+      #       oci://quay.io/jetstack/version-checker/chart
+
       - name: Creating Publishing Chart's PR
         uses: peter-evans/create-pull-request@v7
         if: ${{ startsWith(github.ref, 'refs/tags/') }}
@@ -181,11 +191,6 @@ jobs:
           signoff: true
           base: main
 
-      - name: Push to Quay
-        if: startsWith(github.ref, 'refs/tags/')
-        run: |-
-          helm push jetstack-charts/charts/version-checker-${{ needs.release-name.outputs.name }}.tgz oci://quay.io/quay.io/jetstack/version-checker/chart:${{needs.release-name.outputs.name}}
-
   docker-release:
     runs-on: ubuntu-latest
     permissions:
@@ -233,20 +238,14 @@ jobs:
             type=sbom
             type=provenance,mode=max
 
-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      - name: Sign the published Docker image
+      - name: Sign the published Docker image (if tag)
         if: ${{ startsWith(github.ref, 'refs/tags/') }}
         env:
           # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
-          TAGS: ${{ steps.meta.outputs.tags }}
+          TAGS: quay.io/jetstack/version-checker:${{github.ref_name}}
           DIGEST: ${{ steps.build-and-push.outputs.digest }}
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+        run: |-
+          cosign sign --yes "quay.io/jetstack/version-checker:${{github.ref_name}}@${DIGEST}"
 
   github-release:
     name: Create/Update GitHub Release

Makefile

@@ -22,7 +22,7 @@ verify: test build ## tests and builds version-checker
 
 image: ## build docker image
 	GOARCH=$(ARCH) GOOS=linux CGO_ENABLED=0 go build -o ./bin/version-checker-linux ./cmd/.
-	docker build -t quay.io/jetstack/version-checker:v0.9.1-rc1 .
+	docker build -t quay.io/jetstack/version-checker:v0.9.1 .
 
 clean: ## clean up created files
 	rm -rf \

deploy/charts/version-checker/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: "v0.9.1-rc1"
-version: "v0.9.1-rc1"
+appVersion: "v0.9.1"
+version: "v0.9.1"
 description: A Helm chart for version-checker
 home: https://github.com/jetstack/version-checker
 name: version-checker

deploy/charts/version-checker/README.md

@@ -1,6 +1,6 @@
 # version-checker
 
-![Version: v0.9.1-rc1](https://img.shields.io/badge/Version-v0.9.1--rc1-informational?style=flat-square) ![AppVersion: v0.9.1-rc1](https://img.shields.io/badge/AppVersion-v0.9.1--rc1-informational?style=flat-square)
+![Version: v0.9.1](https://img.shields.io/badge/Version-v0.9.1-informational?style=flat-square) ![AppVersion: v0.9.1](https://img.shields.io/badge/AppVersion-v0.9.1-informational?style=flat-square)
 
 A Helm chart for version-checker
 

deploy/yaml/deploy.yaml

@@ -50,7 +50,7 @@ spec:
     spec:
       serviceAccountName: version-checker
       containers:
-        - image: quay.io/jetstack/version-checker:v0.9.1-rc1
+        - image: quay.io/jetstack/version-checker:v0.9.1
           imagePullPolicy: Always
           ports:
             - containerPort: 8080