forked from shipwright-io/build
-
Notifications
You must be signed in to change notification settings - Fork 0
75 lines (63 loc) · 2.47 KB
/
nightly.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
name: Nightly Release
on:
workflow_dispatch: # Manual trigger
schedule:
- cron: '0 5 * * *' # 5 AM UTC = Midnight EST
jobs:
nightly:
if: ${{ github.repository == 'shipwright-io/build' }}
runs-on: ubuntu-latest
permissions:
id-token: write # To be able to get OIDC ID token to sign images.
contents: write # To be able to update releases.
packages: write # To be able to push images and signatures.
env:
IMAGE_HOST: ghcr.io
IMAGE_NAMESPACE: ${{ github.repository }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: '1.20.x'
cache: true
check-latest: true
# Install tools
- uses: ko-build/setup-ko@v0.6
with:
version: v0.13.0
- uses: imjasonh/setup-crane@e82f1b9a8007d399333baba4d75915558e9fb6a4
- uses: sigstore/cosign-installer@v3
- name: Get current date
id: date
run: echo "date=$(date +'%Y-%m-%d-%s')" >> $GITHUB_OUTPUT
- name: Generate and upload release YAMLs
env:
REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
REGISTRY_USERNAME: ${{ github.repository_owner }}
TAG: "nightly-${{ steps.date.outputs.date }}"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
make release
mv release.yaml nightly-${{ steps.date.outputs.date }}.yaml
gh release upload nightly nightly-${{ steps.date.outputs.date }}.yaml
mv release-debug.yaml nightly-${{ steps.date.outputs.date }}-debug.yaml
gh release upload nightly nightly-${{ steps.date.outputs.date }}-debug.yaml
mv sample-strategies.yaml nightly-${{ steps.date.outputs.date }}-sample-strategies.yaml
gh release upload nightly nightly-${{ steps.date.outputs.date }}-sample-strategies.yaml
- name: Update latest tag of supporting images
working-directory: ./cmd
run: |
for command in *
do
crane copy "${IMAGE_HOST}/${IMAGE_NAMESPACE}/${command}:nightly-${{ steps.date.outputs.date }}" "${IMAGE_HOST}/${IMAGE_NAMESPACE}/${command}:latest"
done
- name: Sign released images
run: |
for f in \
nightly-${{ steps.date.outputs.date }}.yaml \
nightly-${{ steps.date.outputs.date }}-debug.yaml; do
grep -o "ghcr.io[^\"]*" $f | xargs cosign sign --yes \
-a sha=${{ github.sha }} \
-a run_id=${{ github.run_id }} \
-a run_attempt=${{ github.run_attempt }}
done